[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#452401: marked as done (Calendar widget segfaults)

Your message dated Fri, 11 Feb 2011 01:18:00 +0000
with message-id <E1Pnhe4-0002CK-8c@franck.debian.org>
and subject line Bug#452401: fixed in libcdk5 5.0.20060507-3
has caused the Debian Bug report #452401,
regarding Calendar widget segfaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

452401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452401
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: libcdk5
Version: 5.0.20060507-1
Severity: normal
Tags: patch

Hash: SHA1

The calendar widget segfaults when you call activateCDKCalendar().

Found the problem to be caused by a classic buffer overflow: in line
462 of calendar.c, the temp[] buffer is initialised at temp[10]. Into
this buffer is written the month name, a comma and space, and the day
of the month. This is clearly too small: while the biggest month name
(September) will fit (just), the rest of the string will not. Changing
the buffer size to a somewhat arbitrary value of 20 fixed the problem:

 ------------- Cut here -------------
diff -uNr libcdk5-5.0.20060507.orig/calendar.c libcdk5-5.0.20060507/calendar.c
- --- libcdk5-5.0.20060507.orig/calendar.c	2006-05-04 20:27:45.000000000 -0400
+++ libcdk5-5.0.20060507/calendar.c	2007-11-22 10:35:21.572076953 -0500
@@ -459,7 +459,7 @@
    int day		= 1;
    int x, y;
    int save_y = -1, save_x = -1;
- -   char temp[10];
+   char temp[20];
    for (x = 1; x <= 6; x++)
 ------------- Cut here -------------

Presumably the addition of the date was an afterthought, and the
author tested it in May.

Note that this bug affects any CDK programs that use the calendar widget,
including those using libcdk-perl.


- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libcdk5 depends on:
ii  libc6                         2.6.1-1+b1 GNU C Library: Shared libraries

libcdk5 recommends no packages.

- -- no debconf information

Version: GnuPG v1.4.6 (GNU/Linux)


--- End Message ---
--- Begin Message ---
Source: libcdk5
Source-Version: 5.0.20060507-3

We believe that the bug you reported is fixed in the latest version of
libcdk5, which is due to be installed in the Debian FTP archive:

  to main/libc/libcdk5/libcdk5-dev_5.0.20060507-3_amd64.deb
  to main/libc/libcdk5/libcdk5_5.0.20060507-3.debian.tar.gz
  to main/libc/libcdk5/libcdk5_5.0.20060507-3.dsc
  to main/libc/libcdk5/libcdk5_5.0.20060507-3_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 452401@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Scott Howard <showard@debian.org> (supplier of updated libcdk5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Thu, 10 Feb 2011 19:50:32 -0500
Source: libcdk5
Binary: libcdk5 libcdk5-dev
Architecture: source amd64
Version: 5.0.20060507-3
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Scott Howard <showard@debian.org>
 libcdk5    - C-based curses widget library
 libcdk5-dev - C-based curses widget library (development files)
Closes: 452401 500161 593283
 libcdk5 (5.0.20060507-3) unstable; urgency=low
   * QA Upload.
   * Policy 3.9.1 (see Lintian cleaning below) and debian/compat 8
   * Lintian cleaning
     - ${misc:Depends} added to libcdk5 and libcdk5-dev
     - fixed make clean call: [ ! -f Makefile ] || $(MAKE) distclean
     - debian/compat 7
     - replaced ${Source-Version} with ${binary:Version} in debian/control
     - dh_prep used in rules instead of dh_clean -k
   * Removed static patching of config.guess config.sub, removed those files,
     they will be copied from autotools-dev package in debian/rules
   * removed the following lines from debian/libcdk5-dev.install
     (dh_install throws error if you try to install files from an empty dir,
     and these files were not present in the previous Debian build)
     - usr/lib/pkgconfig/*
     - usr/lib/*.la
     - usr/share/pkgconfig/*
   * Added missing headers and example files (Closes: #500161, LP: #565526)
     - debian/patches/missing_header_examples.patch
     - debian/libcdk5-dev.examples added: include/cdk_test.h, examples/.,
   * Fixed segfault in calendar.c (Closes: #452401, LP: #290624)
     - debian/patches/cal_segfault.patch
   * debian/patches/libcdk5_man_cdk_display_examples_fix.diff
     - The examples in the cdk_display(3) man page are incorrect
       (wrong colors, segfault) (Closes: #593283)
 de6081e390ec44172091e7c865a47dd9c463dbb1 1069 libcdk5_5.0.20060507-3.dsc
 bda23411da7af37922862ba3a694533b42cb9a64 7423 libcdk5_5.0.20060507-3.debian.tar.gz
 c229dd722caffe1cfb242403a20408bc7e29b1e0 133578 libcdk5_5.0.20060507-3_amd64.deb
 9cbdc67e021b0c52de22a45a871c9ccb428f5165 406420 libcdk5-dev_5.0.20060507-3_amd64.deb
 59ebdc3445559b4723a38b394bd4a9401dc13d74acc5090d6437a69b9e20b87b 1069 libcdk5_5.0.20060507-3.dsc
 d52e133551f294d450ea0a4358a2ef935f46d4caedc5288dd56809c8070219af 7423 libcdk5_5.0.20060507-3.debian.tar.gz
 c1a012f8e59041e3d1864b48fbba2905a871bba0bce63ec4ba4d8ec1608bc325 133578 libcdk5_5.0.20060507-3_amd64.deb
 eb02257fe95d0fb0841e2180526f9e0d7c92c0e685d9e863adede72a2a485c32 406420 libcdk5-dev_5.0.20060507-3_amd64.deb
 2d3cd8eaf8c1c15f51da9f39644f79d1 1069 libs optional libcdk5_5.0.20060507-3.dsc
 98b7ea6316a2bf4f7121aa97f898e93e 7423 libs optional libcdk5_5.0.20060507-3.debian.tar.gz
 30126dad5236f6b5b7100401c10b9459 133578 libs optional libcdk5_5.0.20060507-3_amd64.deb
 220eb19696877469f6f543a030e35a7d 406420 libdevel optional libcdk5-dev_5.0.20060507-3_amd64.deb

Version: GnuPG v1.4.10 (GNU/Linux)


--- End Message ---

Reply to: