Debian Bug report logs - #452401
Calendar widget segfaults

version graph

Package: libcdk5; Maintainer for libcdk5 is Debian QA Group <packages@qa.debian.org>; Source for libcdk5 is src:libcdk5.

Reported by: Ron Murray <rjmx@rjmx.net>

Date: Thu, 22 Nov 2007 15:51:02 UTC

Severity: normal

Tags: fixed-upstream, patch

Found in version libcdk5/5.0.20060507-1

Fixed in version libcdk5/5.0.20060507-3

Done: Scott Howard <showard@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, John Goerzen <jgoerzen@complete.org>:
Bug#452401; Package libcdk5. Full text and rfc822 format available.

Acknowledgement sent to Ron Murray <rjmx@rjmx.net>:
New Bug report received and forwarded. Copy sent to John Goerzen <jgoerzen@complete.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ron Murray <rjmx@rjmx.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Calendar widget segfaults
Date: Thu, 22 Nov 2007 10:50:10 -0500
Package: libcdk5
Version: 5.0.20060507-1
Severity: normal
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The calendar widget segfaults when you call activateCDKCalendar().

Found the problem to be caused by a classic buffer overflow: in line
462 of calendar.c, the temp[] buffer is initialised at temp[10]. Into
this buffer is written the month name, a comma and space, and the day
of the month. This is clearly too small: while the biggest month name
(September) will fit (just), the rest of the string will not. Changing
the buffer size to a somewhat arbitrary value of 20 fixed the problem:

 ------------- Cut here -------------
diff -uNr libcdk5-5.0.20060507.orig/calendar.c libcdk5-5.0.20060507/calendar.c
- --- libcdk5-5.0.20060507.orig/calendar.c	2006-05-04 20:27:45.000000000 -0400
+++ libcdk5-5.0.20060507/calendar.c	2007-11-22 10:35:21.572076953 -0500
@@ -459,7 +459,7 @@
    int day		= 1;
    int x, y;
    int save_y = -1, save_x = -1;
- -   char temp[10];
+   char temp[20];
 
    for (x = 1; x <= 6; x++)
    {
 ------------- Cut here -------------

Presumably the addition of the date was an afterthought, and the
author tested it in May.

Note that this bug affects any CDK programs that use the calendar widget,
including those using libcdk-perl.

 .....Ron

- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.23.8-khufu-1 (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libcdk5 depends on:
ii  libc6                         2.6.1-1+b1 GNU C Library: Shared libraries

libcdk5 recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHRaUyitqjxNhsdN4RAhidAJ4qtil33+ubAPWhSWmrj8pTI0/h4QCfZhf+
canAePl8/d1xpHZYqGvZ+xk=
=KChe
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, John Goerzen <jgoerzen@complete.org>:
Bug#452401; Package libcdk5. (Thu, 04 Feb 2010 21:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to John Goerzen <jgoerzen@complete.org>. (Thu, 04 Feb 2010 21:57:04 GMT) Full text and rfc822 format available.

Message #10 received at 452401@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 452401@bugs.debian.org
Cc: 452401-submitter@bugs.debian.org
Subject: re: #452401 Calendar widget segfaults
Date: Thu, 04 Feb 2010 16:55:19 -0500
[Message part 1 (text/plain, inline)]
This was fixed in

2008/11/05
        + increase a buffer size in calendar.c (Debian #452401).

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Ron Murray <rjmx@rjmx.net>:
Bug#452401. (Thu, 04 Feb 2010 21:57:07 GMT) Full text and rfc822 format available.

Added tag(s) fixed-upstream. Request was from Thomas Dickey <dickey@his.com> to control@bugs.debian.org. (Thu, 04 Feb 2010 22:00:04 GMT) Full text and rfc822 format available.

Reply sent to Scott Howard <showard@debian.org>:
You have taken responsibility. (Fri, 11 Feb 2011 01:21:03 GMT) Full text and rfc822 format available.

Notification sent to Ron Murray <rjmx@rjmx.net>:
Bug acknowledged by developer. (Fri, 11 Feb 2011 01:21:03 GMT) Full text and rfc822 format available.

Message #20 received at 452401-close@bugs.debian.org (full text, mbox):

From: Scott Howard <showard@debian.org>
To: 452401-close@bugs.debian.org
Subject: Bug#452401: fixed in libcdk5 5.0.20060507-3
Date: Fri, 11 Feb 2011 01:18:00 +0000
Source: libcdk5
Source-Version: 5.0.20060507-3

We believe that the bug you reported is fixed in the latest version of
libcdk5, which is due to be installed in the Debian FTP archive:

libcdk5-dev_5.0.20060507-3_amd64.deb
  to main/libc/libcdk5/libcdk5-dev_5.0.20060507-3_amd64.deb
libcdk5_5.0.20060507-3.debian.tar.gz
  to main/libc/libcdk5/libcdk5_5.0.20060507-3.debian.tar.gz
libcdk5_5.0.20060507-3.dsc
  to main/libc/libcdk5/libcdk5_5.0.20060507-3.dsc
libcdk5_5.0.20060507-3_amd64.deb
  to main/libc/libcdk5/libcdk5_5.0.20060507-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 452401@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Howard <showard@debian.org> (supplier of updated libcdk5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Feb 2011 19:50:32 -0500
Source: libcdk5
Binary: libcdk5 libcdk5-dev
Architecture: source amd64
Version: 5.0.20060507-3
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Scott Howard <showard@debian.org>
Description: 
 libcdk5    - C-based curses widget library
 libcdk5-dev - C-based curses widget library (development files)
Closes: 452401 500161 593283
Changes: 
 libcdk5 (5.0.20060507-3) unstable; urgency=low
 .
   * QA Upload.
   * Policy 3.9.1 (see Lintian cleaning below) and debian/compat 8
   * Lintian cleaning
     - ${misc:Depends} added to libcdk5 and libcdk5-dev
     - fixed make clean call: [ ! -f Makefile ] || $(MAKE) distclean
     - debian/compat 7
     - replaced ${Source-Version} with ${binary:Version} in debian/control
     - dh_prep used in rules instead of dh_clean -k
   * Removed static patching of config.guess config.sub, removed those files,
     they will be copied from autotools-dev package in debian/rules
   * removed the following lines from debian/libcdk5-dev.install
     (dh_install throws error if you try to install files from an empty dir,
     and these files were not present in the previous Debian build)
     - usr/lib/pkgconfig/*
     - usr/lib/*.la
     - usr/share/pkgconfig/*
   * Added missing headers and example files (Closes: #500161, LP: #565526)
     - debian/patches/missing_header_examples.patch
     - debian/libcdk5-dev.examples added: include/cdk_test.h, examples/.,
       demos/
   * Fixed segfault in calendar.c (Closes: #452401, LP: #290624)
     - debian/patches/cal_segfault.patch
   * debian/patches/libcdk5_man_cdk_display_examples_fix.diff
     - The examples in the cdk_display(3) man page are incorrect
       (wrong colors, segfault) (Closes: #593283)
Checksums-Sha1: 
 de6081e390ec44172091e7c865a47dd9c463dbb1 1069 libcdk5_5.0.20060507-3.dsc
 bda23411da7af37922862ba3a694533b42cb9a64 7423 libcdk5_5.0.20060507-3.debian.tar.gz
 c229dd722caffe1cfb242403a20408bc7e29b1e0 133578 libcdk5_5.0.20060507-3_amd64.deb
 9cbdc67e021b0c52de22a45a871c9ccb428f5165 406420 libcdk5-dev_5.0.20060507-3_amd64.deb
Checksums-Sha256: 
 59ebdc3445559b4723a38b394bd4a9401dc13d74acc5090d6437a69b9e20b87b 1069 libcdk5_5.0.20060507-3.dsc
 d52e133551f294d450ea0a4358a2ef935f46d4caedc5288dd56809c8070219af 7423 libcdk5_5.0.20060507-3.debian.tar.gz
 c1a012f8e59041e3d1864b48fbba2905a871bba0bce63ec4ba4d8ec1608bc325 133578 libcdk5_5.0.20060507-3_amd64.deb
 eb02257fe95d0fb0841e2180526f9e0d7c92c0e685d9e863adede72a2a485c32 406420 libcdk5-dev_5.0.20060507-3_amd64.deb
Files: 
 2d3cd8eaf8c1c15f51da9f39644f79d1 1069 libs optional libcdk5_5.0.20060507-3.dsc
 98b7ea6316a2bf4f7121aa97f898e93e 7423 libs optional libcdk5_5.0.20060507-3.debian.tar.gz
 30126dad5236f6b5b7100401c10b9459 133578 libs optional libcdk5_5.0.20060507-3_amd64.deb
 220eb19696877469f6f543a030e35a7d 406420 libdevel optional libcdk5-dev_5.0.20060507-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1UisQACgkQuqVp0MvxKmoQygCeKJf9ONSYsUql827NnhiktSYd
md0An2LIcbrhL+VMRpUWmRiH9jokRSkD
=HqkE
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 16 Mar 2011 07:30:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:36:14 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.