On Tue, May 20, 2014 at 08:05:50PM +0200, Lukas Maerdian wrote: > On 15.05.2014 12:15 UTC+0200, Michael Tautschnig wrote: > > Package: libphone-ui > > Version: 1:0.0.1+git20110825-3 > > Usertags: goto-cc > > > > During an analysis of all packages using our research compiler tool-chain > > (using > > tools from the cbmc package) the following error was found: > > > > The declaration of _fso_pim_dates in dbus.h > > > > http://sources.debian.net/src/libphone-ui/1:0.0.1+git20110825-3/src/dbus.h?hl=35#L35 > > > > shadows the fact that _fso_pim_dates actually requires an argument: > > > > http://sources.debian.net/src/libphone-ui/1:0.0.1+git20110825-3/src/dbus.c?hl=70#L70 > > > > Consequently the call here: > > > > http://sources.debian.net/src/libphone-ui/1:0.0.1+git20110825-3/src/phoneui-utils.c?hl=399#L399 > > > > will cause a stack underflow and thus results in undefined behaviour (here > > this > > might cause reading of an arbitrary g-object-path, which may result in > > memory > > errors or even inappropriately accessing data). > > Thanks for reporting this issue.
Thanks for taking care of forwarding this upstream. > We have applied a patch upstream, which fixes it: > http://git.shr-project.org/git/?p=libphone-ui.git;a=commit;h=d752cdf6a3918cd0737f09e8f592cfda46f976f2 > > This commit also depends on the corresponding commit/fix in libfsoframework: > http://git.freesmartphone.org/?p=cornucopia.git;a=commit;h=fac64d3accdc0d2cea92adb02ccc4c77a33249e6 There was a rumor on the FSO mailing list, that a new release will appear soon, so I will wait for that (currently I invest most of my free time to get N900 support into the mainline kernel). -- Sebastian
signature.asc
Description: Digital signature
_______________________________________________ pkg-fso-maint mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-fso-maint
