Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#39490 - [libxdg-basedir] Buffer overflow
Attached to Project:
Community Packages
Opened by Timmy Weerwag (tweerwag) - Sunday, 16 March 2014, 20:06 GMT
Last edited by Ronald van Haren (pressh) - Friday, 14 November 2014, 09:44 GMT
Opened by Timmy Weerwag (tweerwag) - Sunday, 16 March 2014, 20:06 GMT
Last edited by Ronald van Haren (pressh) - Friday, 14 November 2014, 09:44 GMT
|
DetailsDescription:
A malloc of a string in the xdgGetRelativeHome is too small by not counting the '\0' at the end. Can cause a segmentation fault. Steps to reproduce: I got consistent segfaults in a home-compiled OpenTTD. Look at libxdg-test.c for a minimal example. Compile for example with clang -o libxdg-test -fsanitize=address -lxdg-basedir libxdg-test.c Reported upstream: https://github.com/devnev/libxdg-basedir/pull/3 I've attached the fix and an updated PKGBUILD. |
xdgGetRelativeHome-overflow.p...
This task depends upon
Closed by Ronald van Haren (pressh)
Friday, 14 November 2014, 09:44 GMT
Reason for closing: Implemented
Additional comments about closing: libxdg-basedir 1.2.0-3
Friday, 14 November 2014, 09:44 GMT
Reason for closing: Implemented
Additional comments about closing: libxdg-basedir 1.2.0-3
Comment by Daniel Micay (thestinger) -
Thursday, 10 April 2014, 03:29 GMT
This library seems to have a dead upstream...
Comment by mattia (nTia89) -
Thursday, 13 November 2014, 20:56 GMT
I confirm the bug, but I think it's an upstream problem