Opened 15 years ago
Closed 15 years ago
#20393 closed defect (fixed)
pstoedit 3.45 cmd line option -pagesize xx fails due to strcpy_s overflow
| Reported by: | jwb@… | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | High | Milestone: | |
| Component: | ports | Version: | 1.7.1 |
| Keywords: | Cc: | ||
| Port: | pstoedit |
Description
When invoking pstoedit with the -pagesize xx (e.g. a0) cmd line option, strcpy_s (in cppcomp.h around line 244) fails with buffer overflow in strcpy_s error. appears that test at line 238 (tobecopied < de_size) fails as tobecopied == de_size (=2 in -pagesize a1 for example). Option works if changed to <= , but not sure this is best way as line 242 then pokes a terminator just past this, which to me seems beyond the end of allocated space.
i.e. it looks as though IF line 242 is required, then de_size on invocation should be 1 greater than string length .. this probably has implications else where in the code.
Could someone please comment.. I'll fix it if there are no better offers - What is best to do please?
Attachments (1)
Change History (5)
comment:1 Changed 15 years ago by jwb@…
Changed 15 years ago by jwb@…
| Attachment: | pstoedit-rrdtool.diff added |
|---|
comment:4 Changed 15 years ago by tobypeterson
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Not exactly what he meant... anyway, cleaned up, modified Portfile, committed r54204
further investigation suggests this mod is correct, as in the code, where this is invoked for a specific string, the mallocs have all got a +1 at the end ..