gaf: export_config has a buffer overrun
Bug #1088041 reported by
Gareth Edwards
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gEDA |
Fix Released
|
High
|
Gareth Edwards | ||
Bug Description
In the gaf tool file export.c, function export_config() there is this piece of code at line 850 in master branch:
if (n >= 4) { /* In the config file all four sides must be specified */
memcpy (settings.size, lst, 4*sizeof(gdouble));
}
However, settings only declares gdouble size[2].
Coverity-ID: 746989
Coverity-ID: 746986
| Changed in geda: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| assignee: | nobody → Gareth Edwards (gareth-uk) |
| milestone: | none → 1.9.1 |
Revision history for this message
| gpleda.org commit robot (gpleda-launchpad-robot) wrote | #1 |
| Changed in geda: | |
| status: | Confirmed → Fix Committed |
| tags: | added: coverity gaf |
| tags: |
added: gaf-export removed: gaf |
| Changed in geda: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Bug was fixed by a commit
git master commit d1777b845a542ea
http://
commit d1777b845a542ea
Author: Gareth Edwards <email address hidden>
Commit: Gareth Edwards <email address hidden>
gaf: parse margins from config into correct settings field
Margins in the configuration were being copied into the size field of
the settings variable. Put it into the right place.
Coverity-ID: 746986
Coverity-ID: 746989
Closes-bug: lp-1088041