Package: p2c
Severity: grave
Tags: security
Justification: user security hole
I'm not really sure if this can be exploited, but I'm getting
segfaults while trying to convert specific program... It is small
enough to inline:
{
Copyright 2005 Zdenek Hrdina, distribute under GPLv2
}
program prepocet;
var lat,lon,alt,x1,y1,z1,x2,y2,z2:double;
procedure transformace(xs,ys,zs:double; var xn,yn,zn:double);
{transformace pravouhlych souradnic}
const
{koeficienty transformace ze systemu WGS-84 do systemu S-JTSK}
dx=-574.4; dy=-119.4; dz=-421.6;
wz=2.5e-5;wy=3.825e-6;wx=3.162e-5;
m=-7.39e-6;
begin
xn:=dx+(1+m)*(xs+wz*ys-wy*zs);
yn:=dy+(1+m)*(-wz*xs+ys+wx*zs);
zn:=dz+(1+m)*(wy*xs-wx*ys+zs);
end;
procedure BLH_xyz(B,L,H:double; var x,y,z:double);
{vypocet pravouhlych souradnic z geodetickych souradnic}
const
{parametry elipsoidu WGS-84}
a=6378137.0;f_1=298.257223563;
var
ro,e2:double;
begin
e2:=1-sqr(1-1/f_1); ro:=a/sqrt(1-e2*sqr(sin(B)));
x:=(ro+H)*cos(B)*cos(L);
y:=(ro+H)*cos(B)*sin(L);
z:=((1-e2)*ro+H)*sin(B);
end;
procedure xyz_BLH(x,y,z:double; var B,L,H:double);
{vypocet geodetickych souradnic z pravouhlych souradnic}
const
{parametry Besselova elipsoidu}
a=6377397.15508; f_1=299.152812853;
var
a_b,e2,theta,st,ct,p,t:double;
begin
a_b:=f_1/(f_1-1); p:=sqrt(sqr(x)+sqr(y)); e2:=1-sqr(1-1/f_1);
theta:=arctan(z*a_b/p);st:=sin(theta);ct:=cos(theta);
t:=(z+e2*a_b*a*sqr(st)*st)/(p-e2*a*sqr(ct)*ct);
B:=arctan(t);
H:=sqrt(1+sqr(t))*(p-a/sqrt(1+(1-e2)*sqr(t)));
L:=2*arctan(y/(p+x));
end;
begin
lat:=(50+6/60+11.8/3600)*pi/180;
lon:=(14+23/60+33.7/3600)*pi/180;
alt:=297.1;
BLH_xyz(lat,lon,alt,x1,y1,z1);
writeln(x1:10:2);writeln(y1:10:2);writeln(z1:10:2);
transformace(x1,y1,z1,x2,y2,z2);
writeln(x2:10:2);writeln(y2:10:2);writeln(z2:10:2);
xyz_BLH(x2,y2,z2,lat,lon,alt);
writeln(lat*180/pi:10:7);
writeln(lon*180/pi:10:7);
writeln(alt:7:3);
end.
When p2c is run on program above, it ends with
#undef wz
#undef wy
#undef wx
#undef m
/*parametry elipsoidu WGS-84*/
#define a 6378137.0
Segmentation fault (core dumped)
[EMAIL PROTECTED]:~/sf/timetab/cz/geo$ gdb `which p2c` core
GNU gdb 6.3-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-linux"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(no debugging symbols found)
Core was generated by `p2c'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.5...(no debugging symbols
found)...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /lib/ld-linux.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.1
#0 0xb7f06787 in malloc () from /lib/libc.so.5
(gdb) [EMAIL PROTECTED]:~/sf/timetab/cz/geo$
Pavel
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.12-rc2
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
