Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 80760 - array one byte too short
Summary: array one byte too short
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mc
Version: 8.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Jay Turner
URL:
Whiteboard: triage|leonardjo|closed|currentrelease
Depends On:
Blocks: 79579 CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2002-12-30 23:43 UTC by d.binderman
Modified: 2015-01-08 00:02 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-03-31 16:20:44 UTC


Attachments (Terms of Use)

Description d.binderman 2002-12-30 23:43:41 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.6 [en-gb]C-CCK-MCD NetscapeOnline.co.uk  (Win98; I)

Description of problem:

Hello there,

I have just tried to compile mc-4.5.55-12 from Redhat 8.0

Here are some of the messages the compiler produces

cc: Info: cpio.c, line 303: In this statement, an array is being accessed outside the bounds specified for the array type. (subscrbounds)
cc: Info: cpio.c, line 351: In this statement, an array is being accessed outside the bounds specified for the array type. (subscrbounds)

Here is an untested patch to shut up the compiler.

./vfs/cpio.c.old ./vfs/cpio.c
*** ./vfs/cpio.c.old	Thu Dec 19 20:19:28 2002
--- ./vfs/cpio.c	Thu Dec 19 20:33:32 2002
***************
*** 293,299 ****
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char *buf[HEAD_LENGTH + 1];
      int len;
      char *name;
  
--- 293,299 ----
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char *buf[HEAD_LENGTH + 2];
      int len;
      char *name;
  
***************
*** 341,347 ****
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char buf[HEAD_LENGTH + 1];
      int len;
      char *name;
  
--- 341,347 ----
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char buf[HEAD_LENGTH + 2];
      int len;
      char *name;
  


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. compile with any  C compiler that checks array indices, for example Compaq C.
2.
3.
    

Additional info:

Comment 1 Andrew V. Samoilov 2004-02-18 07:57:04 UTC
Fixed in 4.6.0 as far as many others possible buffer overflows.

Comment 2 Leonard den Ottolander 2004-03-31 16:20:44 UTC
The problem is not the buffer length but the incorrect indexing used
in the assignments. Also in the first example a handle instead of a
pointer is used.

Verified that this is fixed in 4.6.0. Closing CURRENTRELEASE.



Note You need to log in before you can comment on or make changes to this bug.