On Sun, Jan 26, 2014 at 01:20:58PM +0100, Julian Andres Klode wrote:
> On Sat, Jan 25, 2014 at 03:27:45AM +0100, Jann Horn wrote:
> > ---
> > apt-pkg/deb/deblistparser.cc | 12 ++++++++++--
> > 1 file changed, 10 insertions(+), 2 deletions(-)
> >
> > diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
> > index 68d544e..878cdd1 100644
> > --- a/apt-pkg/deb/deblistparser.cc
> > +++ b/apt-pkg/deb/deblistparser.cc
> > @@ -199,11 +199,19 @@ string debListParser::DescriptionLanguage()
> > if (Section.FindS("Description").empty() == false)
> > return "";
> >
> > + const char *start;
> > + const char *end;
> > std::vector<string> const lang = APT::Configuration::getLanguages(true);
> > for (std::vector<string>::const_iterator l = lang.begin();
> > l != lang.end(); ++l)
> > - if (Section.FindS(string("Description-").append(*l).c_str()).empty() == false)
> > - return *l;
> > + {
> > + string element = *l;
> > + char search_string[12+element.size()+1];
>
> Variably-sized stack-allocated arrays are bad, especially because the
> language is user-created. It could exhaust the stack without you
> knowing, and the memcpy() could then be writing somewhere unexpected.
Oh. Wow, ouch. And I thought I knew how to write safe C code. :(
Attachment:
signature.asc
Description: Digital signature