From unknown Tue May 19 20:21:15 2026 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#777 closed by Mike Gabriel (Re: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf) Message-ID: References: <20150515131121.Horde.M5jvfVznJ8S6SzNuv5znHw2@mail.das-netzwerkteam.de> X-X2go-PR-Message: they-closed 777 X-X2go-PR-Package: nx-libs Date: Fri, 15 May 2015 13:13:12 +0000 Content-Type: multipart/mixed; boundary="----------=_1431695592-17104-0" This is a multi-part message in MIME format... ------------=_1431695592-17104-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the nx-libs package: #777: nx-libs: incorrect usage of scanf It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 777: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=3D777 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1431695592-17104-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 777) by bugs.x2go.org; 15 May 2015 13:11:24 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DE1EE5DA82 for <777@bugs.x2go.org>; Fri, 15 May 2015 15:11:22 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 9FA66A76; Fri, 15 May 2015 15:11:22 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 5A6FE3B980; Fri, 15 May 2015 15:11:22 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id To550VmfPOHS; Fri, 15 May 2015 15:11:22 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id D84823B961; Fri, 15 May 2015 15:11:21 +0200 (CEST) Received: from m-097.informatik.uni-kiel.de (m-097.informatik.uni-kiel.de [134.245.254.97]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 15 May 2015 13:11:21 +0000 Date: Fri, 15 May 2015 13:11:21 +0000 Message-ID: <20150515131121.Horde.M5jvfVznJ8S6SzNuv5znHw2@mail.das-netzwerkteam.de> From: Mike Gabriel To: Heinrich Schuchardt Cc: 777@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf References: <20150131150421.Horde.WB6ssWsHGA2VI15ElwEPlg1@mail.das-netzwerkteam.de> <54CFE096.4010501@gmx.de> In-Reply-To: <54CFE096.4010501@gmx.de> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.97 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_wVJkWqNjHFKJO-ivNqWB4g9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_wVJkWqNjHFKJO-ivNqWB4g9 Content-Type: text/plain; charset=ISO-8859-1; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: close -1 Closing (and agreeing on this) by use request. Mike On Mo 02 Feb 2015 21:39:50 CET, Heinrich Schuchardt wrote: > Squeeze reached end of life. > Package libc6 in wheezy is patched against the bug. > Package libc6 in jessie is not vulnerable as it uses a newer libc6 > release. > > So I think we should close this bug and concentrate on updating our > mesa code to the newest version instead of patching some old version. > > Best regards > > Heinrich > > On 31.01.2015 16:04, Mike Gabriel wrote: >> Hi Heinrich, >> >> On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote: >> >>> package: nx-libs version: head >>> >>> In different parts of the nx-libs library you can find usages of >>> scanf like >>> >>> /* check for MESA_GAMMA environment variable */ gamma =3D >>> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma =3D >>> v->GreenGamma =3D v->BlueGamma =3D 0.0; sscanf( gamma, "%f %f %f", >>> &v->RedGamma, &v->GreenGamma, &v->BlueGamma ); >>> >>> According to cppcheck: >>> >>> scanf without field width limits can crash with huge input data >>> on libc versions older than 2.13-25. Add a field width specifier >>> to fix this problem: %i =3D> %3i >> >> Any chance you could also provide a patch for this? >> >> Mike >> --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_wVJkWqNjHFKJO-ivNqWB4g9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJVVfB5AAoJEJr0azAldxsxfdgP/RXpNuxl/d6dHno4yAJk2ZjH gkEr36YOWEVPoRvzmiNyqHbp8isbyaiUa85Xg+h3c3c8vY7YWdNj1YNyLfqCteK7 aHhDnChQbkC1X4MYce9WDwY0p8d0nx5RSvnVo4Oj9Tc2lwGhqrLWf7atpTa1lh2E CUiKH6RZWTQ8X5epKNnZ4d8PEYUeDIB5c00bBR+gh6Qq0l1Q3QzTJcUomGBh1bAu +vDAmfIkPFRtcmdjrt0xEWiHC8qlMbVNSvaxIt09EtAYxsR+pkAeK/WqqFN5zzvp 7tX+Pyc5QMXi5nyuCkUTRhCcm73fnocclUlCAwNQrFYIyXwAvjNkfwkH07Dpl5wx D289BPDXqo+8ioYF61O9Jm70yAen6HbA8p2raa15F6/P+G85CSr/W4iU0e02z26n f2zDd1W//m4cSUVJ2jMATOOHVWGE+jwmCK5/ZP67ikpeGaqjWhvvAF9QgvC47ULn ihfrqumZ4BKJCrgLYH0FvEhgk60QHGYeSoxjuAtMP6U836grvzqvkJJMc41c/FpW jNRLGzcTqsKrCGKiNg7LS/aooCsweUMBPS21tuQZVrVHlW6PT85uBPVuUcIUe0hO 4hB471H3AG6gv9XyD3waIqYr43o7qbjEQoz8uEH95SDWG7WkBeVhdhJJCbwCV2HD anobr0EbtFEQnfcMpnw8 =Oua9 -----END PGP SIGNATURE----- --=_wVJkWqNjHFKJO-ivNqWB4g9-- ------------=_1431695592-17104-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 30 Jan 2015 19:35:56 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM autolearn=ham version=3.3.2 Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 5DD0C3BC8A for ; Fri, 30 Jan 2015 20:35:55 +0100 (CET) Received: from [192.168.123.39] ([178.201.93.16]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MaE4a-1XxP3T0IOm-00JoiI for ; Fri, 30 Jan 2015 20:35:55 +0100 Message-ID: <54CBDD19.8090103@gmx.de> Date: Fri, 30 Jan 2015 20:35:53 +0100 From: Heinrich Schuchardt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: nx-libs: incorrect usage of scanf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:LBguQCVpS36vYsS5CVcFmYe4tyBsvIMCWaV5SEWlwYE+LjeXeCv LdSldVgTH1vsqCs+XSLmHSibjRgIaGNNmwdbHTSvylsRNj6de3SJTRcXlceOKRBlJgG5mS4 q5rMtN/paHUhgb/RBh7+R72MvbwNpiRzJbM4Ujr8CKHllXED7SYgNdDCeGUCo6lzcrwGvc+ 8Y81VE/IYRZRgFJQTCsZA== X-UI-Out-Filterresults: notjunk:1; package: nx-libs version: head In different parts of the nx-libs library you can find usages of scanf like /* check for MESA_GAMMA environment variable */ gamma = _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma = v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f", &v->RedGamma, &v->GreenGamma, &v->BlueGamma ); According to cppcheck: scanf without field width limits can crash with huge input data on libc versions older than 2.13-25. Add a field width specifier to fix this problem: %i => %3i Best regards Heinrich Schuchardt ------------=_1431695592-17104-0--