On 15.05.2014 12:15 UTC+0200, Michael Tautschnig wrote: > Package: libphone-ui > Version: 1:0.0.1+git20110825-3 > Usertags: goto-cc > > During an analysis of all packages using our research compiler tool-chain > (using > tools from the cbmc package) the following error was found: > > The declaration of _fso_pim_dates in dbus.h > > http://sources.debian.net/src/libphone-ui/1:0.0.1+git20110825-3/src/dbus.h?hl=35#L35 > > shadows the fact that _fso_pim_dates actually requires an argument: > > http://sources.debian.net/src/libphone-ui/1:0.0.1+git20110825-3/src/dbus.c?hl=70#L70 > > Consequently the call here: > > http://sources.debian.net/src/libphone-ui/1:0.0.1+git20110825-3/src/phoneui-utils.c?hl=399#L399 > > will cause a stack underflow and thus results in undefined behaviour (here > this > might cause reading of an arbitrary g-object-path, which may result in memory > errors or even inappropriately accessing data).
Thanks for reporting this issue. We have applied a patch upstream, which fixes it: http://git.shr-project.org/git/?p=libphone-ui.git;a=commit;h=d752cdf6a3918cd0737f09e8f592cfda46f976f2 This commit also depends on the corresponding commit/fix in libfsoframework: http://git.freesmartphone.org/?p=cornucopia.git;a=commit;h=fac64d3accdc0d2cea92adb02ccc4c77a33249e6 BR, Lukas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ pkg-fso-maint mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-fso-maint
