[X2Go-Dev] Bug#777: Bug#777: nx-libs: incorrect usage of scanf
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Fri May 15 15:11:21 CEST 2015
Control: close -1
Closing (and agreeing on this) by use request.
Mike
On Mo 02 Feb 2015 21:39:50 CET, Heinrich Schuchardt wrote:
> Squeeze reached end of life.
> Package libc6 in wheezy is patched against the bug.
> Package libc6 in jessie is not vulnerable as it uses a newer libc6
> release.
>
> So I think we should close this bug and concentrate on updating our
> mesa code to the newest version instead of patching some old version.
>
> Best regards
>
> Heinrich
>
> On 31.01.2015 16:04, Mike Gabriel wrote:
>> Hi Heinrich,
>>
>> On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
>>
>>> package: nx-libs version: head
>>>
>>> In different parts of the nx-libs library you can find usages of
>>> scanf like
>>>
>>> /* check for MESA_GAMMA environment variable */ gamma =
>>> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma =
>>> v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f",
>>> &v->RedGamma, &v->GreenGamma, &v->BlueGamma );
>>>
>>> According to cppcheck:
>>>
>>> scanf without field width limits can crash with huge input data
>>> on libc versions older than 2.13-25. Add a field width specifier
>>> to fix this problem: %i => %3i
>>
>> Any chance you could also provide a patch for this?
>>
>> Mike
>>
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150515/165aa3ef/attachment.pgp>
More information about the x2go-dev
mailing list