Package: slocate
Version: 3.0.beta.r1-1
An array is allocated on the stack with zero length and then written to
which corrupts the stack. Shows up as a segfault on i386 and an Ubuntu
setup:
http://bugzilla.ubuntu.com/show_bug.cgi?id=21525
Maybe related to #345171 seen on PowerPC.
Thanks to Chris Moore <[EMAIL PROTECTED]> for tracking it down. Patch
attached that corrects the length.
-Paul
--
This country is covered in white fluffy snow. Helsinki, FI
--- slocate-3.0.beta.r1.orig/debian/changelog
+++ slocate-3.0.beta.r1/debian/changelog
@@ -1,3 +1,9 @@
+slocate (3.0.beta.r1-1ubuntu1) dapper; urgency=low
+
+ * Closes: Ubuntu#21525 . Population of zero-length array.
+
+ -- Paul Sladen <[EMAIL PROTECTED]> Thu, 5 Jan 2006 02:35:43 +0000
+
slocate (3.0.beta.r1-1) unstable; urgency=low
* New release. 3.0 beta r1. This is a complete redesign/rewrite.
--- slocate-3.0.beta.r1.orig/src/slocate.c
+++ slocate-3.0.beta.r1/src/slocate.c
@@ -483,7 +483,7 @@
int search_db(struct g_data_s *g_data, char *database, char *search_str)
{
int fd = -1;
- char ch[0];
+ char ch[1];
int buf_len;
char buffer[BLOCK_SIZE];
int ret = 0;
