[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: review eject 2.1.5+deb1+cvs20081104-13.1 2014-02-14 21:29

On Mon, Feb 24, 2014 at 12:58:33PM +0000, Gianfranco Costamagna wrote:
> Il Domenica 23 Febbraio 2014 10:39, Bart Martens <bartm@debian.org> ha scritto:
> >1. The patch makes the program use one additional position of the memory
> >pointed to by buf.  Are you sure that there will be no buffer overflow for any
> >value of name without replacing 14 by 15 in the allocation ?

> I don't see any particular issues there.

I couldn't follow your reasoning, so I took a closer look at the source code
myself.  I agree now that there is no added risk for a buffer overflow because
/dev/ + 1 character is still smaller than /dev/cdroms/ .

> >2. The package has a high popcon.  Have you thoroughly tested the resulting
> >package ? I would feel more comfortable if you would confirm that on bug
> >719110.
> >
> 
> This is something I cannot really deeply test

That answers my question.  I'll test this myself before uploading.  I see now
that it's possible to test this on Debian by renaming /dev/cdrom to /dev/cdrom3
or so.

Regards,

Bart Martens
Reply to: