Package: cuetools Version: 1.3.1-4 Severity: important Tags: patch Hi,
I thought I had submitted this bug to Debian too, but I might have forgotten. When converting .toc files to .cue files, I get a "buffer overflow detected" warning and a core dump. The following patch fixes the buffer overflow by sizing a buffer used in a sprintf call correctly to also include room for the null character at the end of the string. Please apply. Here is the Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/cuetools/+bug/392372 And here is the upstream bug (but no answer): http://developer.berlios.de/bugs/?func=detailbug&bug_id=16607&group_id=2130 Thank you, Christian --- src/lib/time.c~ 2009-12-29 13:51:16.000000000 -0500 +++ src/lib/time.c 2009-12-29 13:51:19.000000000 -0500 @@ -34,7 +34,7 @@ /* print frame in mm:ss:ff format */ char *time_frame_to_mmssff(long f) { - static char msf[9]; + static char msf[10]; int minutes, seconds, frames; msf_frame_to_msf(f, &minutes, &seconds, &frames); -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
