From unknown Thu Mar 28 17:56:57 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#777: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf Reply-To: Heinrich Schuchardt , 777@bugs.x2go.org Resent-From: Heinrich Schuchardt Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Mon, 02 Feb 2015 20:45:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 777 X-X2Go-PR-Package: nx-libs X-X2Go-PR-Keywords: Received: via spool by 777-submit@bugs.x2go.org id=B777.142290989328249 (code B ref 777); Mon, 02 Feb 2015 20:45:02 +0000 Received: (at 777) by bugs.x2go.org; 2 Feb 2015 20:44:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM autolearn=ham version=3.3.2 X-Greylist: delayed 301 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 02 Feb 2015 21:44:52 CET Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 0BBA13BC93 for <777@bugs.x2go.org>; Mon, 2 Feb 2015 21:44:52 +0100 (CET) Received: from [192.168.123.39] ([178.201.93.16]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MGWR2-1YVZ4Q3RFw-00DJbi; Mon, 02 Feb 2015 21:39:50 +0100 Message-ID: <54CFE096.4010501@gmx.de> Date: Mon, 02 Feb 2015 21:39:50 +0100 From: Heinrich Schuchardt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0 MIME-Version: 1.0 To: Mike Gabriel , 777@bugs.x2go.org References: <20150131150421.Horde.WB6ssWsHGA2VI15ElwEPlg1@mail.das-netzwerkteam.de> In-Reply-To: <20150131150421.Horde.WB6ssWsHGA2VI15ElwEPlg1@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:zfqq1wWUIFQdA5tcWG0zHk7ijRaEYgNpDpdzkIH5HiL8jOifQDx ZrzbG36z5Uasg5rgjECpIiUsSelbMzPAoPwD7uXZjaDNzrSNFEZNeLdYRJ4cfmOL/ESfdAW XFgUyTkkcx5Fzod3edPLIb/pM4Aq2+24f+9BjW0KbfHiX7meHfgsw3M3MlFAAWu6uHWIIyY r9/7tsR7ApdmtZEB3Aa2w== X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Squeeze reached end of life. Package libc6 in wheezy is patched against the bug. Package libc6 in jessie is not vulnerable as it uses a newer libc6 release. So I think we should close this bug and concentrate on updating our mesa code to the newest version instead of patching some old version. Best regards Heinrich On 31.01.2015 16:04, Mike Gabriel wrote: > Hi Heinrich, > > On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote: > >> package: nx-libs version: head >> >> In different parts of the nx-libs library you can find usages of >> scanf like >> >> /* check for MESA_GAMMA environment variable */ gamma = >> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma = >> v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f", >> &v->RedGamma, &v->GreenGamma, &v->BlueGamma ); >> >> According to cppcheck: >> >> scanf without field width limits can crash with huge input data >> on libc versions older than 2.13-25. Add a field width specifier >> to fix this problem: %i => %3i > > Any chance you could also provide a patch for this? > > Mike > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUz+CVAAoJEMSB27wsBRrE4mUP/j3JjSvGQ6chMdlCaQd94Ar6 LIBJvEeS9ZiR/rgFFaXdqUMzZVzYs2bm4Vvp0LlY9iUVFbhCgKQimRhLVq26A1iT 5EtJOFRu51Fzrd1y6Nk00PBKCqbsWSJwI81TUKnckjaCo3QyobWyMqqI75eXjMSf RSWIGWgtLznPMqvByoKEnndDQjrCBBeMPBF7sinBw5ZM994Ff9VobHv7vXUYwvrY mXlIgiuVf/6ztFTnwCsDD1hRreOk4BBTgp4tPsVqwB/06l8OvnaeBfD35BOSJ8Ns AKwbxeRSNFOS4UP01zAgAsTMblzabyKnzS57lGomYQp3RB8c3K9DyUnk6CVSlBlN AI7fjnaQEW9qL4d8UBRsQlZ7b9vryavNtUY7UyPtVMuXXA0WaewZIGUUpI5odtvd WAoe0DEY2i+dW3ByIuGC1mH7ujgSLZGuke1gGdODlaLiExDsmm5P6hmIv+xE9gNQ RBk5pYSx3H75Hckm2yTxhNx/9NcwJbjHa1pwa8Lz6r63/Ssa6TQhxuGsFH2l49iZ YYbLHEP1s0FKQWxtE1B3NOYLeOwiCP4l7+qJ/KUZnmGCep2L4xC88OP1WMPn4+t6 vfoGkAHr9x0Ii7eP7fFaBEpImlx6dWI9mtZcSRfKfq/OhjAQPMspv7rl149i+1Iu 8OfiW4rp02zs54r92ejJ =2gk9 -----END PGP SIGNATURE-----