--- Begin Message ---
Subject: |
Bug#377557: tar: bufferover flow in tests/genfile.c |
Date: |
Mon, 10 Jul 2006 01:47:02 +0200 |
User-agent: |
Mutt/1.4.2.1i |
Package: tar
Version: 1.15.91-2
Tags: patch
Hi,
When searching for problems why the testsuite failed, I came
acrross an error where there is a buffer overflow in genfile.c
Here is the patch:
--- tests/genfile.c.old 2006-07-10 01:37:52.000000000 +0200
+++ tests/genfile.c 2006-07-10 01:38:04.000000000 +0200
@@ -708,7 +708,7 @@
(without dash) */
exec_argc++;
exec_argv = xrealloc (exec_argv, exec_argc * sizeof (*exec_argv));
- memmove (exec_argv+2, exec_argv+1, (exec_argc-1)*sizeof (*exec_argv));
+ memmove (exec_argv+2, exec_argv+1, (exec_argc-2)*sizeof (*exec_argv));
exec_argv[1] = "--checkpoint";
#ifdef SIGCHLD
Starting from exec_argv+2, you only have exec_argc-2
pointers free left. The first 2 elements aren't touched.
Since this is only used in the testsuite, this probably
isn't a big problem.
Kurt
--- End Message ---