pkg/43586: memory corruption caused by inputmethod/ja-freewnn-lib

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/43586: memory corruption caused by inputmethod/ja-freewnn-lib
From: soda%NetBSD.org@localhost
Date: Fri, 9 Jul 2010 01:40:01 +0000 (UTC)

>Number:         43586
>Category:       pkg
>Synopsis:       memory corruption caused by inputmethod/ja-freewnn-lib
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 09 01:40:00 +0000 2010
>Originator:     SODA Noriyuki
>Release:        NetBSD 4.0_STABLE
>Organization:
>Environment:
System: NetBSD boggy-ben 4.0_STABLE NetBSD 4.0_STABLE (GENERIC_LAPTOP) #0: Thu 
Sep 25 05:35:51 PDT 2008 
builds@wb32:/home/builds/ab/netbsd-4/i386/200809240002Z-obj/home/builds/ab/netbsd-4/src/sys/arch/i386/compile/GENERIC_LAPTOP
 i386
Architecture: i386
Machine: i386
>Description:
strange memory corruption is observed in an executable linked with libwnn.a.
>How-To-Repeat:
not sure.
>Fix:
This problem is caused by the following declaration at line 2554
of Xsi/Wnn/jlib/js.c:
    static char s[6][EXPAND_PATH_LENGTH];

Since this array is used as follows at few lines later:
        num = sscanf(data, "%s %s %s %s %s %s %s",
                     s[0],s[1],s[2],s[3],s[4],s[5],s[6]);
this array has to be declared as:
    static char s[7][EXPAND_PATH_LENGTH];
                 ~~~
Note: both the problem and the fix were found by Akira Kato @ Wide project.
-- 
soda

Prev by Date: pkg/43585: Recent print/cups pkg doesn't work with net/mDNSResponder-108
Next by Date: Re: pkg/43585 (Recent print/cups pkg doesn't work with net/mDNSResponder-108)
Previous by Thread: pkg/43585: Recent print/cups pkg doesn't work with net/mDNSResponder-108
Next by Thread: Re: pkg/43585 (Recent print/cups pkg doesn't work with net/mDNSResponder-108)
Indexes:

Home | Main Index | Thread Index | Old Index