Package: gpsd Version: 2.28-2 Severity: important
while investigating Problems that seem related to bugs #321421 and #321423 i found that gpsd will segfault under certain circumstances. Steps I did to reproduce the problem: 1. Attach usb2serial cable with NMEA-gps (hotplug gets called and starts gpsd) 2. telnet localhost gpsd 3. "B" - response "GPSD,B=9600 8 N 1" 4. but i want 4800... "B=4800" - response "GPSD,B=9600 8 N 1" 5. maybe more options are needed? "B=4800 8 N 1" - "Connection closed by foreign host." gpsd segfaulted Looks like not very robust input checking. Maybe a buffer overflow? Can't assess how the bug is triggered internally. Don't have time and knowledge to look at the source. PS: This bug is not always reproducible. If I start gpsd manually by: "gpsd -S 2947 -D2 -N -F /var/run/gpsd.sock /dev/ttyUSB0" It will only segfault if I type "B=4800 8 N" (the " 1" is apparently not needed) as the first command. If I execute any other command before it will work ok AFAICT. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gpsd depends on: ii dbus-1 0.23.4-1 simple interprocess messaging syst ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libgcc1 1:4.0.1-2 GCC support library ii libncurses5 5.4-9 Shared libraries for terminal hand ii libstdc++6 4.0.1-2 The GNU Standard C++ Library v3 ii netbase 4.21 Basic TCP/IP networking system Versions of packages gpsd recommends: ii gpsd-clients 2.28-2 clients for the GPS service daemon ii python 2.3.5-3 An interactive high-level object-o -- debconf information: * gpsd/start_daemon: false * gpsd/device: /dev/ttyS0 gpsd/daemon_options: gpsd/device_needed: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
