Package: plan Version: 1.9-6.2 Severity: important Tags: patch *** Please type your report below this line ***
the function read_language_file() copy the content of file in memory without
adding a null character at the end. However the following loop expects a null
character to stop (cf. patch in attachment)
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (900, 'testing'), (50, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.3
Locale: LANG=C, LC_CTYPE=fr_FR.iso8859-1 (charmap=ISO-8859-1)
Versions of packages plan depends on:
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii lesstif2 1:0.94.4-2 OSF/Motif 2.1 implementation relea
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library
ii libsm6 1:1.0.1-3 X11 Session Management library
ii libx11-6 2:1.0.3-6 X11 client-side library
ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar
ii libxpm4 1:3.5.5-2 X11 pixmap library
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
plan recommends no packages.
-- debconf information excluded
Sincerly,
--
Julien
<< Vous n'avez rien a dire... Parlons-en! >>
--- /tmp/plan-1.9/src/language.c 2005-01-09 11:01:36.000000000 +0100
+++ plan-1.9/src/language.c 2007-03-27 14:50:48.000000000 +0200
@@ -138,9 +138,10 @@
if (!nstrings)
nstrings = nline;
/* create list */
- if (!(list = (char **)malloc(nline * sizeof(char *) + fsize)))
+ if (!(list = (char **)malloc(nline * sizeof(char *) + fsize+1)))
fatal("no memory for language file");
memcpy(list[0] = p = (char *)&list[nline], file, fsize);
+ p[fsize]='\0';
/* eval "\n", eoln=0 */
for (q=p; *p; p++, q++)
if (*p == '\n') *q = 0;
signature.asc
Description: Digital signature
