Re: review eject 2.1.5+deb1+cvs20081104-13.1 2014-02-14 21:29
On Mon, Feb 24, 2014 at 12:58:33PM +0000, Gianfranco Costamagna wrote:
> Il Domenica 23 Febbraio 2014 10:39, Bart Martens <bartm@debian.org> ha scritto:
> >1. The patch makes the program use one additional position of the memory
> >pointed to by buf. Are you sure that there will be no buffer overflow for any
> >value of name without replacing 14 by 15 in the allocation ?
> I don't see any particular issues there.
I couldn't follow your reasoning, so I took a closer look at the source code
myself. I agree now that there is no added risk for a buffer overflow because
/dev/ + 1 character is still smaller than /dev/cdroms/ .
> >2. The package has a high popcon. Have you thoroughly tested the resulting
> >package ? I would feel more comfortable if you would confirm that on bug
> >719110.
> >
>
> This is something I cannot really deeply test
That answers my question. I'll test this myself before uploading. I see now
that it's possible to test this on Debian by renaming /dev/cdrom to /dev/cdrom3
or so.
Regards,
Bart Martens
Reply to: