ports/142711: ciso port incorrectly assumes a 32-bit architecture
Jonathan Jacobs
jonathan+freebsd at jsphere.com
Mon Jan 11 09:20:06 UTC 2010
>Number: 142711
>Category: ports
>Synopsis: ciso port incorrectly assumes a 32-bit architecture
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 11 09:20:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Jonathan Jacobs
>Release: 8.0
>Organization:
>Environment:
FreeBSD atlas 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan 5 21:11:58 UTC 2010 root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
When attempting to decompress a compressed ISO file the sysutils/ciso port attempts to read a file header directly into a structure that assumes "unsigned long" to mean "unsigned 32-bit integer", specifically into fields that are later used to allocate memory. On a 64-bit system this results in attempts to allocate incorrectly huge amounts of memory.
>How-To-Repeat:
Attempt to decompress a compressed ISO file on a 64-bit platform such as amd64.
>Fix:
Explicitly declare structure members as 32-bit integers.
Patch attached with submission follows:
--- ciso.h.orig 2010-01-11 10:59:27.658243564 +0200
+++ ciso.h 2010-01-11 10:50:32.882342532 +0200
@@ -19,6 +19,8 @@
Copyright 2005 BOOSTER
*/
+#include <stdint.h>
+
#ifndef __CISO_H__
#define __CISO_H__
@@ -28,9 +30,9 @@
typedef struct ciso_header
{
unsigned char magic[4]; /* +00 : 'C','I','S','O' */
- unsigned long header_size; /* +04 : header size (==0x18) */
+ uint32_t header_size; /* +04 : header size (==0x18) */
unsigned long long total_bytes; /* +08 : number of original data size */
- unsigned long block_size; /* +10 : number of compressed block size */
+ uint32_t block_size; /* +10 : number of compressed block size */
unsigned char ver; /* +14 : version 01 */
unsigned char align; /* +15 : align of index value */
unsigned char rsv_06[2]; /* +16 : reserved */
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list