Bug#969293: marked as forwarded (uci2wb: Long option strings are handled incorrectly due to insufficient buffer size)

Sun, 30 Aug 2020 16:51:37 -0700 

Your message dated Mon, 31 Aug 2020 01:46:12 +0200 (CEST)
with message-id <1130155104.1420334203.1598831172143.JavaMail.root@zimbra39-e7>
has caused the   report #969293,
regarding uci2wb: Long option strings are handled incorrectly due to 
insufficient buffer size
to be marked as having been forwarded to the upstream software
author(s) h g muller <h.g.mul...@hccnet.nl>

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
969293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969293
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Hi H.G,

Here is a bugreport from the Debian BTS.

Best regards,
-- 
Yann
--- Begin Message --- 
Package: uci2wb
Version: 4.1+git200714-1
Severity: normal
X-Debbugs-Cc: Asher Gordon <asd...@posteo.net>

Dear Maintainer,

When a very long UCI option string is encountered by uci2wb, such as the
UCI_Variant option for engines with many variants like Multi-Variant
Stockfish or Fairy-Stockfish, it overflows the 'val' buffer, causing the
option to be handled incorrectly (at least when compiled with
optimization). The easy fix is to simply increase the buffer size as
below:

diff -ur a/UCI2WB.c b/UCI2WB.c
--- a/UCI2WB.c	2020-07-14 08:03:26.000000000 -0400
+++ b/UCI2WB.c	2020-08-30 16:17:06.311188760 -0400
@@ -331,7 +331,7 @@
 	    }
 	}
 	else if(!strcmp(command, "option")) { // USI option: extract data fields
-	    char name[80], type[80], buf[1024], val[256], *q;
+	    char name[80], type[80], buf[1024], val[1024], *q;
 	    int min=0, max=1e9; *val = 0;
 	    if(p = strstr(line+6, " type ")) sscanf(p+1, "type %s", type), *p = '\n';
 	    if(p = strstr(line+6, " min "))  sscanf(p+1, "min %d", &min), *p = '\n';

Of course, this is hardly perfect, but a better solution would require a
lot more work.

Incidentally, I think the following quote may be relevant for uci2wb:

    On the subject of C program indentation:
            "In My Egotistical Opinion, most people's C programs should
            be indented six feet downward and covered with dirt."
                    -- Blair P. Houghton

Thanks,
Asher

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-2-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages uci2wb depends on:
ii  libc6  2.31-3

Versions of packages uci2wb recommends:
ii  eboard             1.1.3-0.3
pn  gpsshogi | eleeye  <none>
ii  xboard             4.9.1-2

uci2wb suggests no packages.

-- no debconf information

-- 
One picture is worth 128K words.
                               --------
I prefer to send and receive mail encrypted. Please send me your
public key, and if you do not have my public key, please let me
know. Thanks.

GPG fingerprint: 38F3 975C D173 4037 B397  8095 D4C9 C4FC 5460 8E68

Attachment: signature.asc
Description: PGP signature


--- End Message ---

--- End Message ---

Reply via email to