Bug 559863
Summary: | Buffer overflow detected in wcstools | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Pablo Pérez González <pgperez> | |
Component: | wcstools | Assignee: | Sergio Pascual <sergio.pasra> | |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | medium | Docs Contact: | ||
Priority: | low | |||
Version: | 12 | CC: | mmahut, sergio.pasra | |
Target Milestone: | --- | Keywords: | Triaged | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | wcstools-3.8.1-1.fc12 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 561788 (view as bug list) | Environment: | ||
Last Closed: | 2010-02-23 05:24:40 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 561788 |
Description
Pablo Pérez González
2010-01-29 08:31:35 UTC
Pablo, thanks for the bug report. Could you put somewhere a sample FITS that makes the application crash? Here it is: http://guaix.fis.ucm.es/~pgperez/temp/thdfn_all_ch1_m.fits And the code I was running: struct WorldCoor *rwcs; string rname="thdfn_all_ch1_m.fits"; char *header; int lhead,nbhead; rfile=new char [rname.length()+1]; strcpy(rfile,rname.c_str()); header=fitsrhead(rfile,&lhead,&nbhead); rwcs=wcsinit(header); //Abort is produced in the previous line!!!! wcs2pix(rwcs,esa1,esa2,&wx,&wy,&off); ... I'm testing wcstools 3.8.1 The size of field c1type in struct WorldCoor is 9, but the value copied into it is 'RA---TAN-SIP', whose length is 12. There are other fields with numeric values, such as radecsys[32] or ctype[9][9]. I don't feel I can fix the bug without the danger of creating new problems I will report the bug upstream, If the maintainer creates a fix, I can patch the fedora package wcstools-3.8.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/wcstools-3.8.1-1.fc12 wcstools-3.8.1-1.fc11.1 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/wcstools-3.8.1-1.fc11.1 wcstools-3.8.1-1.fc12 seems to have solved the issue. And it has also solved a related problem in ds9, which aborted when loading the same type of image. Thanks. wcstools-3.8.1-1.fc11.1 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update wcstools'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1495 wcstools-3.8.1-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update wcstools'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1504 wcstools-3.8.1-1.fc11.1 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. wcstools-3.8.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |