Your message dated Wed, 11 Feb 2009 11:47:05 +0000 with message-id <e1lxdyx-00020t...@ries.debian.org> and subject line Bug#514217: fixed in tangogps 0.9.3-2lenny1 has caused the Debian Bug report #514217, regarding Buffer overflow in update_poi to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 514217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tangogps Version: 0.9.3-2 Severity: serious Hello, thanks for maintaining tangogps. I have noticed that it has a tendency to segfault when I type long POI descriptions. The backtrace is rather useless, except it points at the update_poi function. A quick glance at the function shows the issue: char sql[512]; [...] g_snprintf(sql, 2048, "UPDATE " "poi " "SET " "lat=%f," "lon=%f," "keywords='%s'," "desc='%s'" "WHERE " "idmd5='%s'" , lat_deg, lon_deg, keyword, desc, idmd5); Doh. The buffer is 512 bytes, but the limit given to snprintf is 2048: boom. Fixing the buffer to be 2048 bytes is a quick fix, but in the long term the function need considerable smartening up: if a long (>1900 or so bytes) is pasted in the field (say, the menu of a restaurant pasted form a web page, or extensive road directions), it will still lead to a truncated, and therefore invalid, SQL query. Ciao, Enrico -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages tangogps depends on: ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit ii libc6 2.7-18 GNU C Library: Shared libraries ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra ii libcurl3-gnutls 7.18.2-8 Multi-protocol file transfer libra ii libgconf2-4 2.22.0-1 GNOME configuration database syste ii libglib2.0-0 2.16.6-1 The GLib library of C routines ii libgtk2.0-0 2.12.11-4 The GTK+ graphical user interface ii libpango1.0-0 1.20.5-3 Layout and rendering of internatio ii libsqlite3-0 3.5.9-5 SQLite 3 shared library Versions of packages tangogps recommends: ii gpsd 2.37-7 GPS (Global Positioning System) da tangogps suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: tangogps Source-Version: 0.9.3-2lenny1 We believe that the bug you reported is fixed in the latest version of tangogps, which is due to be installed in the Debian FTP archive: tangogps_0.9.3-2lenny1.diff.gz to pool/main/t/tangogps/tangogps_0.9.3-2lenny1.diff.gz tangogps_0.9.3-2lenny1.dsc to pool/main/t/tangogps/tangogps_0.9.3-2lenny1.dsc tangogps_0.9.3-2lenny1_i386.deb to pool/main/t/tangogps/tangogps_0.9.3-2lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 514...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Baumann <dan...@debian.org> (supplier of updated tangogps package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 11 Feb 2009 12:37:00 +0100 Source: tangogps Binary: tangogps Architecture: source i386 Version: 0.9.3-2lenny1 Distribution: testing Urgency: medium Maintainer: Daniel Baumann <dan...@debian.org> Changed-By: Daniel Baumann <dan...@debian.org> Description: tangogps - GTK+ mapping and GPS application Closes: 514217 Changes: tangogps (0.9.3-2lenny1) testing; urgency=medium . * Adding backport patch from upstream to fix buffer overflow in update_poi (Closes: #514217). * Adding backport patch from upstream to fix bug that the lat and lon don't get shown correctly in the trip tab for W and S positions. The position of the pointer on the map is correct but in the trip info, the fractional part is wrongly calculated as "1-fractional", i.e. - 43.6 -> -43.4. Checksums-Sha1: b59d3aa4acef443e60d84b0c81946a6cb9180d2e 1214 tangogps_0.9.3-2lenny1.dsc 910e6758628a864b5e8b17e46c3ef3bc4b7c042c 10596 tangogps_0.9.3-2lenny1.diff.gz 600b586f8183237b1f63a37b71247972ce584324 107188 tangogps_0.9.3-2lenny1_i386.deb Checksums-Sha256: ea99ef0b4ac1f848b0d852d698612fc66853674ba2b8d651e8b07de4018724af 1214 tangogps_0.9.3-2lenny1.dsc afdfcf1ed32aa93ee50ba000ab444fe83225a9648cbf8fd5c5217732d6ea6f2f 10596 tangogps_0.9.3-2lenny1.diff.gz ec06618c1bc4e3ece66b54c577d71eef2f1833a75bdd08af8014b5ede41ef370 107188 tangogps_0.9.3-2lenny1_i386.deb Files: c73668189714243411c75f03ed08a89b 1214 comm optional tangogps_0.9.3-2lenny1.dsc 9144c1cb570b61e69ad6540e790f1e8f 10596 comm optional tangogps_0.9.3-2lenny1.diff.gz 36e33a10035c6a45a440a510a04b4ab4 107188 comm optional tangogps_0.9.3-2lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmSuUcACgkQ+C5cwEsrK57rqgCcDoaYkbQ0Skqy9+X8YvmCT7NZ OQsAmgNwbasS3mK3geDt18Cm5mQFJa/A =KPAG -----END PGP SIGNATURE-----
--- End Message ---
