[Bug 283658] Re: grip buffer overflow in intrepid
Hajime Fujita
crisp.fujita at nifty.com
Sat Jan 31 16:12:01 UTC 2009
Hi,
The attached patch worked for me.
This patch fixes a buffer overflow bug in id3.c.
I found that sometimes the genre argument to ID3v2TagFile() exceeds 100
(in my test case it was 145).
In this case, sprintf() call in id3.c:L281 overruns the buffer.
The maximum length of the formatted string is 5 (3-digits and two parentheses),
so 6 bytes (five characters + one NULL character) is enough for the buffer.
** Attachment added: "patch to fix buffer overflow bug in id3.c"
http://launchpadlibrarian.net/21854843/genre_patch
--
grip buffer overflow in intrepid
https://bugs.launchpad.net/bugs/283658
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list