rpms / gnome-boxes

Clone
Source Code
GIT

Files

f17 f18 f19 f20 f20-gnome-3-12 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f19
  2.   get_decoded_udev_property-Fix-sscanf-use.patch
Blob Blame History Raw 
From 6dd1d6e679bc03523637a8c7a3948ac3dcb4c3cf Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Wed, 12 Mar 2014 15:55:17 +0100
Subject: [PATCH] get_decoded_udev_property: Fix sscanf use

sscanf man page says about %x:
'x      Matches an unsigned hexadecimal integer; the next pointer must be a
pointer to unsigned int'
get_decoded_udev_property() is using %02x, but this is not documented as
reducing the size of the expected pointer, it's only documented as causing
sscanf to read at most 2 digits of the parsed number.

Boxes was passing an uint8 to scanf instead of an uint, causing memory
corruption (plus a 'fortify: stack smashing detected' message if this is
enabled when building), and eventually a crash in get_decoded_udev_property().
---
 src/installer-media.vala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/installer-media.vala b/src/installer-media.vala
index 7b567ab..8fc18da 100644
--- a/src/installer-media.vala
+++ b/src/installer-media.vala
@@ -195,7 +195,7 @@ private void get_decoded_udev_properties_for_media (GUdev.Device device,
 
         var decoded = "";
         for (var i = 0; i < encoded.length; ) {
-           uint8 x;
+           uint x;
 
            if (encoded[i:encoded.length].scanf ("\\x%02x", out x) > 0) {
                decoded += ((char) x).to_string ();
-- 
1.8.5.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.