[Bug 166626] Review Request: xscorch - A Scorched Earth clone
bugzilla at redhat.com
bugzilla at redhat.com
Thu Aug 25 15:16:31 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: xscorch - A Scorched Earth clone
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166626
------- Additional Comments From j.w.r.degoede at hhs.nl 2005-08-25 11:16 EST -------
In reply to comment 7:
I tried using LIBS=-ltemrcap, does this make configure detect readline, but
causes the make to fail because -ltermcap doesn't get added when linking.
About the stack overflow, here is a (x86_64) backtrace:
#0 0x00002aaaac17cb60 in raise () from /lib64/libc.so.6
#1 0x00002aaaac17e030 in abort () from /lib64/libc.so.6
#2 0x00002aaaac1b22a8 in __libc_message () from /lib64/libc.so.6
#3 0x00002aaaac22b8ef in __stack_chk_fail () from /lib64/libc.so.6
#4 0x0000000000415683 in _sc_scoring_read_item (ec=0x5ac4a0, reader=0x5ab760,
item=0x5acda0) at saddconf.c:253
#5 0x0000000000415c71 in sc_addconf_append_file (type=Variable "type" is not
available.
) at saddconf.c:461
#6 0x00000000004063ad in sc_economy_config_create (c=0x599010)
at seconomy.c:66
#7 0x0000000000405bf4 in sc_config_new (argc=0x7fffff83757c,
argv=0x7fffff837570) at sconfig.c:193
#8 0x00000000004058bf in main (argc=1, argv=0x7fffff837798) at xscorch.c:86
If I change:
char desc[SC_INVENTORY_MAX_DESC_LEN];
char name[SC_INVENTORY_MAX_NAME_LEN];
to:
char desc[SC_INVENTORY_MAX_DESC_LEN+256];
char name[SC_INVENTORY_MAX_NAME_LEN+256];
Things work fine, I can't find an obvious bufferoverflow in this functions or in
functions to which desc/name get passed.
sc_scoring_lookup_by_name does do ugly things (casting a ptr to a long int), but
with that commented out the stacks still gets overflowed.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list