non-blocking items from MIR of iniparser: tests, 1 byte stack overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iniparser (Ubuntu) |
Fix Released
|
Low
|
Dan Bungert |
Bug Description
The following changes were requested as part of the MIR of libiniparser:
1) build does not run tests in test/ directory Edit
The top level makefile contains a target 'check' which runs the tests under the test/ directory, but the 'check' target is not run during the build (and make is not run for the test/ directory manually either).
Probably dh_auto_test should be overridden to also run 'make check' in the debian/rules file.
2) cherry-pick patch for 1-byte stack buffer overflow
- During build gcc outputs the following warning:
src/
src/
- This happens at the following code:
sprintf(tmp, "%s:%s", section, key);
In this case, where tmp, section and key are declared as:
char section [ASCIILINESZ+1] ;
char key [ASCIILINESZ+1] ;
char tmp [(ASCIILINESZ * 2) + 1] ;
As such, at most section and key are both ASCIILINESZ plus 1 colon
separator fills then entire tmp buffer and leaves no space for a
terminating NUL - so this looks like a real bug which could result in
a 1-byte stack buffer overflow. This has already been fixed upstream
in
https:/
so this patch should be integrated into our package.
Changed in iniparser (Ubuntu): | |
assignee: | nobody → Dan Bungert (dbungert) |
tags: | added: fr-1142 |
Changed in iniparser (Ubuntu): | |
importance: | Undecided → Low |
On analysis of this issue, I found that the upstream tests are being run - it's just that failures go unnoticed due to the test runner unconditionally returning exit code 0, pass or fail. By enhancing this runner to return exit code 1 upon test failure, we see the test failure log without having to do anything special.
Also improve the cleanup target while I'm here.