From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; rv:1.7.3) Gecko/20041013 Firefox/0.10.1 Description of problem: Bug found by code inspection. In cdrecord/silo.c (created by cdrtools-2.0-silo.patch), the statement sequence strncpy (silo_info.conf_file, silo_conf_file, 256); silo_info.conf_file[259] = '\0'; writes outside the silo_info structure, which is declared static at file level, thus: static struct { char id; char conf_part; char part; char pad; char conf_file[256]; } silo_info; This is the only static data in the file, so the actual data overwritten depends on what is linked next during build. Regards, Enrique Version-Release number of selected component (if applicable): cdrecord-2.01-1.5 How reproducible: Didn't try Steps to Reproduce: 1. Not applicable 2. 3. Actual Results: Not applicable Expected Results: Not applicable Additional info:
nice catch! thx!
Seems like that fell in the padding area :)
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!