Bug#703076: Missing argument in calls to amitk_color_table_menu_new

Mon, 18 Mar 2013 23:24:15 -0700 

Hi Andreas,

Thanks for the note, this will be corrected in 1.0.5.
The error doesn't actually trigger any problems because the variable "color_table" is never used, so it won't be a problem even if it's not fixed. 

Thanks,
Andy


On 03/15/2013 02:50 AM, Andreas Tille wrote:

Hi Andy,

due to some QA checks in Debian the Amide package received a bug report
which I would like to inform you about.  I admit we are lagging behind
your latest upstream version (because of Debian freeze for the next
release we hesitate to introduce other versions than currently beeing in
freeze) and the problem might be fixed or not but I would like to make
you aware of it in any case.

It would be great if you could issue some statement like

  - Is fixed in 1.0.4  or
  - Will be fixed in 1.0.5 or
  - Please be more verbose / provide a patch or
  - Something else

Kind regards and thanks for providing Amide as Free Software

      Andreas.

On Thu, Mar 14, 2013 at 11:33:16PM +0000, Michael Tautschnig wrote:

Package: amide
Version: 1.0.1-1
Usertags: goto-cc

Building and type-checking the linked results using our research compiler
infrastructure showed the following wrong uses of amitk_color_table_menu_new:

./src/amitk_threshold.c:    threshold->color_table_menu[i_view_mode] = 
amitk_color_table_menu_new();
./src/ui_preferences_dialog.c:    menu = amitk_color_table_menu_new();
./src/ui_render_dialog.c:    menu = amitk_color_table_menu_new();

This conflicts with the actual definition of amitk_color_table_menu_new:

./src/amitk_color_table_menu.c:GtkWidget * 
amitk_color_table_menu_new(AmitkColorTable color_table) {

The result will necessarily cause a stack underflow, with entirely undefined
consequences (for any application with elevated privileges this is a possibly
security issue).

Best,
Michael

PS.: It may be wise to also adjust the declaration of
amitk_color_table_menu_new:

./src/amitk_color_table_menu.h:GtkWidget*    amitk_color_table_menu_new         
      ();

(but this is actually entirely covered by the C standard and not necessarily a
bug - it just stops the compiler from producing proper diagnostics).






_______________________________________________
Debian-med-packaging mailing list
debian-med-packag...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging






--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to