Package: template-new
Version: 1.3.8-1.1
Severity: normal
Tags: patch
Hello,
template-new failed to build in Ubuntu as gcc caught the following
buffer overflow:
,----
| In function 'strcpy',
| inlined from 'write_file' at new_proj.c:196:
| /usr/include/bits/string3.h:106: error: call to __builtin___strcpy_chk will
always overflow destination buffer
`----
This is caused by Debian's renaming of the binary name from "new" to
"template-new" without making the destination buffer larger while
contructing the new command line.
Attached is a patch to fix it.
Michael
diff -u template-new-1.3.8/src/new_proj.c template-new-1.3.8/src/new_proj.c
--- template-new-1.3.8/src/new_proj.c
+++ template-new-1.3.8/src/new_proj.c
@@ -192,7 +192,7 @@
fmt_ptrn_init(&x);
fmt_ptrn_update_kv(&x, strdup("PROJ_NAME"),
strdup(settings.proj_name));
- argv[argc] = (char *) malloc (4);
+ argv[argc] = (char *) malloc (13);
strcpy (argv[argc++], "template-new");
argv[argc] = (char *) malloc (3);
strcpy (argv[argc++], "-s");
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
