Subject: pkg/34738: devel/SDL: patch-aa adds bugs
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Christian Biere <christianbiere@gmx.de>
List: pkgsrc-bugs
Date: 10/07/2006 00:20:00
>Number: 34738
>Category: pkg
>Synopsis: devel/SDL: patch-aa adds bugs
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Oct 07 00:20:00 +0000 2006
>Originator: Christian Biere
>Release: NetBSD 4.99.3
>Environment:
System: NetBSD cyclonus 4.99.3 NetBSD 4.99.3 (STARSCREAM) #0: Mon Oct 2 23:04:22 CEST 2006 src@cyclonus:/o/NetBSD/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
patch-aa uses strncat() incorrectly which could cause a buffer overflow. Further,
the patch mixes code and declaration of variables. I don't know whether SDL
aims to be compilable by C89 compilers but the patch would definitely break this.
I've also removed the NUL-termination after strncat(). strncat() always terminates
strings unlike strncpy().
>How-To-Repeat:
>Fix:
$NetBSD$
--- src/loadso/dlopen/SDL_sysloadso.c.orig 2006-05-01 10:02:37.000000000 +0200
+++ src/loadso/dlopen/SDL_sysloadso.c 2006-10-07 01:27:33.000000000 +0200
@@ -31,9 +31,32 @@
#include "SDL_loadso.h"
+static void *get_dlopen_handle(const char *sofile)
+{
+ static const char * const libdirs[] = {
+ PREFIX "/lib/",
+ X11BASE "/lib/",
+ };
+ unsigned i;
+ void *handle;
+
+ for (i = 0; i < sizeof libdirs / sizeof libdirs[0]; i++) {
+ char buf[1024];
+
+ strncpy(buf, libdirs[i], sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = '\0';
+ strncat(buf, sofile, sizeof(buf) - strlen(buf) - 1);
+
+ handle = dlopen(buf, RTLD_NOW);
+ if (handle)
+ break;
+ }
+ return handle;
+}
+
void *SDL_LoadObject(const char *sofile)
{
- void *handle = dlopen(sofile, RTLD_NOW);
+ void *handle = get_dlopen_handle(sofile);
const char *loaderror = (char *)dlerror();
if ( handle == NULL ) {
SDL_SetError("Failed loading %s: %s", sofile, loaderror);