gaf: export_config has a buffer overrun
Bug #1088041 reported by
Gareth Edwards
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gEDA |
Fix Released
|
High
|
Gareth Edwards |
Bug Description
In the gaf tool file export.c, function export_config() there is this piece of code at line 850 in master branch:
if (n >= 4) { /* In the config file all four sides must be specified */
memcpy (settings.size, lst, 4*sizeof(gdouble));
}
However, settings only declares gdouble size[2].
Coverity-ID: 746989
Coverity-ID: 746986
Changed in geda: | |
status: | New → Confirmed |
importance: | Undecided → High |
assignee: | nobody → Gareth Edwards (gareth-uk) |
milestone: | none → 1.9.1 |
tags: | added: coverity gaf |
tags: |
added: gaf-export removed: gaf |
Changed in geda: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Bug was fixed by a commit 44ad9bfeab881f1 20f68f4837 git.geda- project. org/geda- gaf/commit/ ?id=d1777b845a5 42ea44ad9bfeab8 81f120f68f4837
git master commit d1777b845a542ea
http://
commit d1777b845a542ea 44ad9bfeab881f1 20f68f4837
Author: Gareth Edwards <email address hidden>
Commit: Gareth Edwards <email address hidden>
gaf: parse margins from config into correct settings field
Margins in the configuration were being copied into the size field of
the settings variable. Put it into the right place.
Coverity-ID: 746986
Coverity-ID: 746989
Closes-bug: lp-1088041