Package: pouetchess
Version: 0.2.0-4
Severity: normal
C3DGraphicChessboard::load() call to sprintf has size 50 and causes can buffer
overflows on ubuntu. attached is a patch taken from pouetchess svn that solves
this. I was just seeing whether you wanted to apply it in debian before I look
at applying it in ubuntu?
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pouetchess depends on:
ii libc6 2.11.2-5 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.4-13 GCC support library
ii libgl1-mesa-glx [libgl1] 7.7.1-4 A free implementation of the OpenG
ii libglu1-mesa [libglu1] 7.7.1-4 The OpenGL utility library (GLU)
ii libsdl-image1.2 1.2.10-2+b2 image loading library for Simple D
ii libsdl1.2debian 1.2.14-6 Simple DirectMedia Layer
ii libstdc++6 4.4.4-13 The GNU Standard C++ Library v3
ii pouetchess-data 0.2.0-4 Data files for the game pouetChess
pouetchess recommends no packages.
pouetchess suggests no packages.
-- no debconf information
diff -Nur -x '*.orig' -x '*~' pouetchess-0.2.0//src/graphic_chessboard.cpp pouetchess-0.2.0.new//src/graphic_chessboard.cpp
--- pouetchess-0.2.0//src/graphic_chessboard.cpp 2010-09-08 15:52:17.200776273 +0100
+++ pouetchess-0.2.0.new//src/graphic_chessboard.cpp 2010-09-08 15:54:35.225306934 +0100
@@ -27,6 +27,7 @@
#include "globalInfos.h"
#include <string>
#include <math.h>
+#include <sys/param.h> /* for MAXPATHLEN */
#ifndef PI
@@ -122,7 +123,7 @@
for(int i=0;i<6;i++)
{
- char texture_filename[50];
+ char texture_filename[MAXPATHLEN]; /* @FB 01/08/06 MAXPATHLEN replace '50' */
sprintf(texture_filename,PC_DATA_TEXTURE_SKYBOX,i),
texture_skybox[i] = new CBasicTexture;
if (false==texture_skybox[i]->load(texture_filename,false))
