Bug#814239: gcc-4.9: debian/patches/ada-symbolic-tracebacks.diff use snprintf return value without check
Package: gcc-4.9
Version: 4.9.2-10
Severity: normal
Tags: security
During code search, I found potentially problematic code in
debian/patches/ada-symbolic-tracebacks.diff: it uses snprintf() results
without checking its range, like this:
+ else {
+ *len += snprintf(s, (max_len - (*len)), "%p at
%s",addrs[i], line);
+ }
+ s = buf + (*len);
When formatted string would overflow supplied buffer or other error
happens, snprintf returns value larger than buffer size or -1. In both
cases, if you directly add it to the pointer, like in the above code,
bad things will happen.
(Same patch seems used with other versions of gcc-* packages.)
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gcc-4.9 depends on:
ii binutils 2.25-5
ii cpp-4.9 4.9.2-10
ii gcc-4.9-base 4.9.2-10
ii libc6 2.19-18
ii libcloog-isl4 0.18.2-1+b2
ii libgcc-4.9-dev 4.9.2-10
ii libgmp10 2:6.0.0+dfsg-6
ii libisl10 0.12.2-2
ii libmpc3 1.0.2-1
ii libmpfr4 3.1.2-2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages gcc-4.9 recommends:
ii libc6-dev 2.19-18
Versions of packages gcc-4.9 suggests:
ii gcc-4.9-doc 4.9.1-3
pn gcc-4.9-locales <none>
ii gcc-4.9-multilib 4.9.2-10
pn libasan1-dbg <none>
pn libatomic1-dbg <none>
pn libcilkrts5-dbg <none>
pn libgcc1-dbg <none>
pn libgomp1-dbg <none>
pn libitm1-dbg <none>
pn liblsan0-dbg <none>
pn libquadmath0-dbg <none>
pn libtsan0-dbg <none>
pn libubsan0-dbg <none>
-- no debconf information
Reply to: