File: buffer-overflow.patch

package info (click to toggle)
gdpc 2.2.5-17
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 9,900 kB
  • sloc: ansic: 10,473; makefile: 164; sh: 57
file content (90 lines) | stat: -rw-r--r-- 2,278 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
Description: Fix global buffer overflow.
 Also uninitialized variables and potential overflow.
Debian-Bug: https://bugs.debian.org/982103
Author: Yavor Doganov <yavor@gnu.org>
Forwarded: no
Last-Update: 2026-01-28
---

--- gdpc.orig/colors.c
+++ gdpc/colors.c
@@ -155,21 +155,21 @@
     }
 
     if (colorset==1) {
-	for(i=0;i<ncolors;i++) {
+	for(i=0;i<19;i++) {
 	    (*colors)[i].red = xcolorinv[i][0];
 	    (*colors)[i].green = xcolorinv[i][1];
 	    (*colors)[i].blue = xcolorinv[i][2];
 	}
     }
     else if (colorset==2) {
-	for(i=0;i<ncolors;i++) {
+	for(i=0;i<19;i++) {
 	    (*colors)[i].red = xcoldcolor[i][0];
 	    (*colors)[i].green = xcoldcolor[i][1];
 	    (*colors)[i].blue = xcoldcolor[i][2];
 	}
     }
     else if (colorset==3) {
-	for(i=0;i<ncolors;i++) {
+	for(i=0;i<19;i++) {
 	    (*colors)[i].red = xcoldcolor2[i][0];
 	    (*colors)[i].green = xcoldcolor2[i][1];
 	    (*colors)[i].blue = xcoldcolor2[i][2];
@@ -193,7 +193,7 @@
 	}
     }
     else {
-	for(i=0;i<ncolors;i++) {
+	for(i=0;i<19;i++) {
 	    (*colors)[i].red = xcolor[i][0];
 	    (*colors)[i].green = xcolor[i][1];
 	    (*colors)[i].blue = xcolor[i][2];
--- gdpc.orig/readinput.c
+++ gdpc/readinput.c
@@ -51,9 +51,9 @@
 gboolean timecheck, endframe, framecheck, typescheck;
 
 struct xyzstruc *coords;
-struct xyzstruc lastframe;
+struct xyzstruc lastframe = {0};
 
-FILE *fpRI;
+FILE *fpRI = NULL;
 
 #if Debug
 printf("Starting reading thread.\n"); 
@@ -82,7 +82,8 @@
 	    g_mutex_lock(&params->filewait);
 	    params->fp = NewFP;
 	    NewFP = NULL;
-	    fclose(fpRI);
+	    if (fpRI)
+	      fclose(fpRI);
 	}
 	fpRI = params->fp;
 
--- gdpc.orig/main.c
+++ gdpc/main.c
@@ -620,7 +620,7 @@
 GtkWidget	*xminus_button, *yminus_button, *zminus_button,*xplus10_button;
 GtkWidget	*yplus10_button, *zplus10_button, *xminus10_button;
 GtkWidget	*yminus10_button, *zminus10_button, *xlabel, *ylabel, *zlabel;
-char		buf[128];
+char		buf[256];
 gint 		i;
 
     params->StartedAlready = TRUE;
--- gdpc.orig/init.c
+++ gdpc/init.c
@@ -108,7 +108,7 @@
     setfile = FALSE;
 
     while (args-1>argl) {
-	strncpy(c,argv[argl+1],strlen(argv[argl+1]));
+	strcpy(c,argv[argl+1]);
 	c[strlen(argv[argl+1])] = '\0';
 
 	if (!strcmp(c,"s") && !setxcol && !setycol && !setzcol && !settcol) {