aboutsummaryrefslogtreecommitdiffstats
path: root/audio/tosha
diff options
context:
space:
mode:
authorken <ken@FreeBSD.org>2001-02-08 04:19:53 +0800
committerken <ken@FreeBSD.org>2001-02-08 04:19:53 +0800
commit1fc2fe2c6391adc64d2a7bbaf54627585fa1f305 (patch)
treedb64b0904565f9bbab742aa0f8535bd82552e2ac /audio/tosha
parent7de75952d49146c8b546b5b955d1a8e06eeed490 (diff)
downloadfreebsd-ports-gnome-1fc2fe2c6391adc64d2a7bbaf54627585fa1f305.tar.gz
freebsd-ports-gnome-1fc2fe2c6391adc64d2a7bbaf54627585fa1f305.tar.zst
freebsd-ports-gnome-1fc2fe2c6391adc64d2a7bbaf54627585fa1f305.zip
Fix a core dump when doing 'tosha -i'. (Maintainer timeout after about two
months.) The problem is in resolve_extension(). strncpy() will only null-terminate the destination string if it has enough room, according to the given length. In this implementation, there will never be enough room to null-terminate the string, from what I can tell. So if the memory in 'tmpstr' contains non-nulls, you'll get a core-dump in the subsequent strcat().
Diffstat (limited to 'audio/tosha')
-rw-r--r--audio/tosha/files/patch-aa23
1 files changed, 23 insertions, 0 deletions
diff --git a/audio/tosha/files/patch-aa b/audio/tosha/files/patch-aa
new file mode 100644
index 000000000000..6b13be7d9e5d
--- /dev/null
+++ b/audio/tosha/files/patch-aa
@@ -0,0 +1,23 @@
+*** tosha.c.orig Fri Jan 1 16:57:49 1999
+--- tosha.c Sun Dec 10 01:04:54 2000
+***************
+*** 240,247 ****
+ return template;
+ if (!(tmpstr = malloc(strlen(template) + strlen(formatspec->ext) - 1)))
+ out_of_memory();
+! if ((prefix = cptr - template))
+ strncpy (tmpstr, template, prefix);
+ strcat (tmpstr + prefix, formatspec->ext);
+ prefix += strlen(formatspec->ext);
+ strcat (tmpstr + prefix, cptr + 2);
+--- 240,249 ----
+ return template;
+ if (!(tmpstr = malloc(strlen(template) + strlen(formatspec->ext) - 1)))
+ out_of_memory();
+! if ((prefix = cptr - template)) {
+ strncpy (tmpstr, template, prefix);
++ tmpstr[prefix] = '\0';
++ }
+ strcat (tmpstr + prefix, formatspec->ext);
+ prefix += strlen(formatspec->ext);
+ strcat (tmpstr + prefix, cptr + 2);