From unknown Thu Mar 28 21:28:15 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#777: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf Reply-To: Mike Gabriel , 777@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 31 Jan 2015 15:05:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 777 X-X2Go-PR-Package: nx-libs X-X2Go-PR-Keywords: Received: via spool by 777-submit@bugs.x2go.org id=B777.142271666330563 (code B ref 777); Sat, 31 Jan 2015 15:05:02 +0000 Received: (at 777) by bugs.x2go.org; 31 Jan 2015 15:04:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 03E103BC90 for <777@bugs.x2go.org>; Sat, 31 Jan 2015 16:04:22 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 728CAC8B; Sat, 31 Jan 2015 16:04:21 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 65A843BA82; Sat, 31 Jan 2015 16:04:21 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOmLeurzp8oU; Sat, 31 Jan 2015 16:04:21 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 3AB923B9F8; Sat, 31 Jan 2015 16:04:21 +0100 (CET) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 31 Jan 2015 15:04:21 +0000 Date: Sat, 31 Jan 2015 15:04:21 +0000 Message-ID: <20150131150421.Horde.WB6ssWsHGA2VI15ElwEPlg1@mail.das-netzwerkteam.de> From: Mike Gabriel To: Heinrich Schuchardt , 777@bugs.x2go.org In-Reply-To: <54CBDD19.8090103@gmx.de> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_RmNR-BiofksTWcXyuSgpsA9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_RmNR-BiofksTWcXyuSgpsA9 Content-Type: text/plain; charset=us-ascii; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Heinrich, On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote: > package: nx-libs > version: head > > In different parts of the nx-libs library you can find usages of scanf li= ke > > /* check for MESA_GAMMA environment variable */ > gamma =3D _mesa_getenv("MESA_GAMMA"); > if (gamma) { > v->RedGamma =3D v->GreenGamma =3D v->BlueGamma =3D 0.0; > sscanf( gamma, "%f %f %f", &v->RedGamma, &v->GreenGamma, > &v->BlueGamma ); > > According to cppcheck: > > scanf without field width limits can crash with huge input data on libc > versions older than 2.13-25. Add a field width specifier to fix this > problem: > %i =3D> %3i Any chance you could also provide a patch for this? Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_RmNR-BiofksTWcXyuSgpsA9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUzO71AAoJEJr0azAldxsx1oIQAIMhh67OKfzFHrVbYbxz4v87 Fnjh6sALM4dfaF+l1DhW8544PEumbzFSqawSuYEgV+Nq1+O7dJh9Od4BuC/dyAs6 eWVQt5U6ibKi/CofjA66Nmbf1lnqW9RGJ3EvOPmJTAO76nwblRmxdf6F27XEf/2O 2EwMTeb5YPSgXbECdfke5HV/0474ROggiCdOrMVBosl6hmepKYEHsUoeoi2SLN0e ymUVQYeb5h2Fa4Kh+NPpVDBjxiM7XfVImhGFeqKanveZFK84vnB2JnSc5iiRbxr9 2YMTq56Yw5tHQjXyyU80hpLoUmevUvqwBOCqSRRRNbYxr8PBVgHwz5w6BujItCip ZHLmyF4t7yEnK2cOq3fjId25jhPi9keaAU3q53V+xKYEW8Dc8gmy/rtpgXaVwiKi BJBspRjqI6LtgXsMLDP2xfLt4A92XpIjbV+tpeI1PLpZxNBCAJmNgOqw8tQZCPVA D6HQZ1wJ/BFJwGdzoMX3OPgC1AKLp+0mCglPgSFFGd1cAsKyqTvg+/xAKdEyDF1k KCirq6EfWYXPrZ10TeQbQz3OQJVMwRPp1sed6wMFRLWvkgnH4jAacqLFMBtDQQjH AZUkQBF/hxlWdgvLdKdJwGENpSkBKAlMsAGhSlYgLoyYPY22ZP03BrnQDCVgh0nL avRIui6Y/GGMrIMcXcH5 =vkyv -----END PGP SIGNATURE----- --=_RmNR-BiofksTWcXyuSgpsA9--