pkg/35451: devel/cscope is broken (Includes fix)

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/35451: devel/cscope is broken (Includes fix)
From: martijnb%atlas.ipv6.stack.nl@localhost
Date: Sat, 20 Jan 2007 21:35:00 +0000 (UTC)

>Number:         35451
>Category:       pkg
>Synopsis:       devel/cscope is broken (Includes fix)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 20 21:35:00 +0000 2007
>Originator:     martijnb%atlas.ipv6.stack.nl@localhost
>Release:        NetBSD 4.99.5
>Organization:
        
>Environment:
        
        
System: NetBSD atlas.ipv6.stack.nl 4.99.5 NetBSD 4.99.5 (ATLAS) #0: Sat Dec 2 
22:16:36 CET 2006 
root%atlas.ipv6.stack.nl@localhost:/usr/obj/sys/arch/i386/compile/ATLAS i386
Architecture: i386
Machine: i386
>Description:
  
  cscope-15.6 is broken, to the point of being completely useless. A simple
  helloworld.c brings it to its knees, causing it to dump core unless cscope
  is called with the -k argument (causing it to skip /usr/include in its
  search path for headerfiles).

  The cause is a security fix backfiring: someone replaced instances of
  sprintf with snprintf, but goofed up in this case: The *arguments* match
  snprintf, but the call still reads sprintf. See Fix.

  I wonder how this managed to slip through. As it's trivially easy to trigger
  this bug, I can't imagine that this has been getting a lot of testing - if
  any at all.

>How-To-Repeat:
  
  cd /tmp
  echo '#include <stdio.h>' > helloworld.c
  echo 'int main(void) { printf ("Hello world!\n"); return 0; }' >> helloworld.c
  cscope -b

>Fix:
  
  apply the following patch in /usr/pkgsrc/devel/cscope:

Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/devel/cscope/distinfo,v
retrieving revision 1.16
diff -r1.16 distinfo
12c12
< SHA1 (patch-ah) = 90c3caf336edde19b56b751bac528cf48e0b2e60
---
> SHA1 (patch-ah) = a79523d1a7d685eab31f06085547f91a2fbb01ff
Index: patches/patch-ah
===================================================================
RCS file: /cvsroot/pkgsrc/devel/cscope/patches/patch-ah,v
retrieving revision 1.6
diff -r1.6 patch-ah
54c54
< +         sprintf(path, sizeof(path), "%.*s/%s",
---
> +         snprintf(path, sizeof(path), "%.*s/%s",

>Unformatted:

Prev by Date: PR/34651 CVS commit: pkgsrc/inputmethod/anthy
Next by Date: PR/35451 CVS commit: pkgsrc/devel/cscope
Previous by Thread: PR/34651 CVS commit: pkgsrc/inputmethod/anthy
Next by Thread: PR/35451 CVS commit: pkgsrc/devel/cscope
Indexes:

Home | Main Index | Thread Index | Old Index