On Sun, Jan 26, 2014 at 01:20:58PM +0100, Julian Andres Klode wrote: > On Sat, Jan 25, 2014 at 03:27:45AM +0100, Jann Horn wrote: > > --- > > apt-pkg/deb/deblistparser.cc | 12 ++++++++++-- > > 1 file changed, 10 insertions(+), 2 deletions(-) > > > > diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc > > index 68d544e..878cdd1 100644 > > --- a/apt-pkg/deb/deblistparser.cc > > +++ b/apt-pkg/deb/deblistparser.cc > > @@ -199,11 +199,19 @@ string debListParser::DescriptionLanguage() > > if (Section.FindS("Description").empty() == false) > > return ""; > > > > + const char *start; > > + const char *end; > > std::vector<string> const lang = APT::Configuration::getLanguages(true); > > for (std::vector<string>::const_iterator l = lang.begin(); > > l != lang.end(); ++l) > > - if (Section.FindS(string("Description-").append(*l).c_str()).empty() == false) > > - return *l; > > + { > > + string element = *l; > > + char search_string[12+element.size()+1]; > > Variably-sized stack-allocated arrays are bad, especially because the > language is user-created. It could exhaust the stack without you > knowing, and the memcpy() could then be writing somewhere unexpected. Oh. Wow, ouch. And I thought I knew how to write safe C code. :(
Attachment:
signature.asc
Description: Digital signature