The format string passed to alloc_rootdir_entry results in sprintf
overflowing de->name, writing the trailing null byte to de->ext
(check.c:177). This might have been the author's intention, but
_FORTIFY_SOURCE=2 does not allow such behaviour, terminating the
program.

A patch for this issue is available on the Red Hat bugtracker [1],
where Jaroslav mentions having sent the patch upstream on 2011-02-01.
Regardless, the patch doesn't seem to have made its way into a
dosfstools release.

(The Debian maintainer appears to be the dosfstools author - please
have a look at aforementioned Red Hat bug report)

Joerie

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=674095


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to