951533 – btparser: btp_strbuf_grow should guard against integer overflow

Bug 951533 - btparser: btp_strbuf_grow should guard against integer overflow

Summary: btparser: btp_strbuf_grow should guard against integer overflow

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	satyr
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Martin Milata
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	951431
TreeView+	depends on / blocked

Reported:	2013-04-12 11:53 UTC by Florian Weimer
Modified:	2013-11-26 21:34 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-26 21:34:46 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Florian Weimer 2013-04-12 11:53:01 UTC

lib/strbuf.c:btp_strbuf_grow() does not guard against integer overflow.  As a result, the comment is not necessarily correct.

See <http://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/chap-Defensive_Coding-C.html> for some advice in this area.

Comment 1 Fedora End Of Life 2013-09-17 07:44:37 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 2 Martin Milata 2013-11-26 21:34:46 UTC

Package btparser has been retired from Fedora. The issue for satyr, its replacement, is tracked in bug #1034869.

Note You need to log in before you can comment on or make changes to this bug.