[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Libcdio-devel] [PATCH] buffer overflow and fixes from static analysis
From: |
Honza Horak |
Subject: |
[Libcdio-devel] [PATCH] buffer overflow and fixes from static analysis |
Date: |
Thu, 19 May 2011 15:38:34 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc15 Lightning/1.0b3pre Thunderbird/3.1.10 |
Hi all,
let me introduce myself - I'm a package maintainer of libcdio and some
other packages in Fedora and have prepared two attached patches.
The first one (libcdio-0.82-sprintf.patch) includes several fixes of
insecure sprintf calls. At least one call has led to buffer overflow
error (see https://bugzilla.redhat.com/show_bug.cgi?id=705673 for more
info and a reproducer).
The second patch (libcdio-0.82-staticanal.patch) was prepared on the
basis of a static analysis by Coverity tool. I've then checked the
mistakes and proposed fixes for them. There are mostly resource leaks,
return value checking, missing breaks etc.
If you won't found any issue concerning the fixes, please, apply the
patches to make libcdio a bit better.
Thanks a lot, cheers!
Honza
libcdio-0.82-sprintf.patch
Description: Text document
libcdio-0.82-staticanal.patch
Description: Text document
- [Libcdio-devel] [PATCH] buffer overflow and fixes from static analysis,
Honza Horak <=