Bug#639114: texinfo: Increase stack buffer size for sprintf of numeric values
Package: texinfo
Version: 4.13a.dfsg.1-6
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmpthmH7S
In Ubuntu, the attached patch was applied to achieve the following:
Fix a bug filed on Launchpad that makeinfo fails on sparc with buffer
overflow detected, causing other packages FTBFS:
https://bugs.launchpad.net/ubuntu/+source/texinfo/+bug/569802
* debian/patches/minor-buffer-size-fix: increase stack buffer size
for sprintf of numeric values (LP: #569802).
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty'), (100, 'natty-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-11-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u texinfo-4.13a.dfsg.1/debian/changelog texinfo-4.13a.dfsg.1/debian/changelog
diff -u texinfo-4.13a.dfsg.1/debian/patches/series texinfo-4.13a.dfsg.1/debian/patches/series
--- texinfo-4.13a.dfsg.1/debian/patches/series
+++ texinfo-4.13a.dfsg.1/debian/patches/series
@@ -7,0 +8 @@
+minor-buffer-size-fix
only in patch2:
unchanged:
--- texinfo-4.13a.dfsg.1.orig/debian/patches/minor-buffer-size-fix
+++ texinfo-4.13a.dfsg.1/debian/patches/minor-buffer-size-fix
@@ -0,0 +1,26 @@
+Author: Kees Cook <kees@ubuntu.com>
+Description: extend stack buffers to be large enough for the type values
+ they are expected to hold.
+Bug: https://savannah.gnu.org/bugs/?32122
+Bug-Ubuntu: https://launchpad.net/bugs/569802
+
+Index: texinfo-4.13a.dfsg.1/makeinfo/sectioning.c
+===================================================================
+--- texinfo-4.13a.dfsg.1.orig/makeinfo/sectioning.c 2011-01-13 14:12:35.382016526 -0800
++++ texinfo-4.13a.dfsg.1/makeinfo/sectioning.c 2011-01-13 14:14:41.285127427 -0800
+@@ -256,13 +256,13 @@
+ return xstrdup ("");
+ else if (enum_marker == APPENDIX_MAGIC)
+ {
+- char s[1];
++ char s[2];
+ sprintf (s, "%c", numbers[0] + 64);
+ return xstrdup (s);
+ }
+ else
+ {
+- char s[5];
++ char s[32];
+ sprintf (s, "%d", numbers[0]);
+ return xstrdup (s);
+ }
Reply to: