Bug#228379: Debian bug #228379: dpkg corrupts filenames during remove

To: 228379@bugs.debian.org
Cc: doogie@debian.org, wakkerma@debian.org
Subject: Bug#228379: Debian bug #228379: dpkg corrupts filenames during remove
From: Flavio Stanchina <flavio.stanchina@tin.it>
Date: Sat, 07 Feb 2004 17:27:46 +0100
Message-id: <[🔎] 40251202.3080304@tin.it>
Reply-to: Flavio Stanchina <flavio.stanchina@tin.it>, 228379@bugs.debian.org

Sorry to mail you directly in addition to bugs.d.o, but I want to getfeedback from humans and there was no answer to my previous email.

I'm doing a spring cleanup on my machines and this bug is annoying me,so I looked at the dpkg 1.10.18 sources and I came up with this.


Looking at main/remove.c (lines 339-343):
    varbufreset(&fnvb);
    varbufaddstr(&fnvb,instdir);
    varbufaddstr(&fnvb,namenodetouse(namenode,pkg)->name);

    if (!stat(fnvb.buf,&stab) && S_ISDIR(stab.st_mode)) {

varbufaddstr() is #defined in include/dpkg-db.h:
  #define varbufaddstr(v, s)      varbufaddbuf(v, s, strlen(s))

varbufaddbuf() is in lib/varbuf.c:
  void varbufaddbuf(struct varbuf *v, const void *s, const int l) {
    int ou;
    ou= v->used;
    v->used += l;
    if (v->used >= v->size) varbufextend(v);
    memcpy(v->buf + ou, s, l);
  }

We're definitely missing the code to terminate the string here (unlessvarbufextend() zeroed newly allocated space, but it doesn't).

Note that the C++ version of struct varbuf has a terminate() method thatdoes just what I think should be done.


--
Ciao,
    Flavio Stanchina
    Trento - Italy

Reply to:

Prev by Date: Bug#231565: dselect: gives weird erro while starting to unpack and install pkg's
Next by Date: Bug#55364: Save money and skip a payment on your Home Loan
Previous by thread: Bug#231565: dselect: gives weird erro while starting to unpack and install pkg's
Next by thread: Bug#55364: Save money and skip a payment on your Home Loan
Index(es):
- Date
- Thread