| Summary: | overflow in update-mime-database, break some detections | ||
|---|---|---|---|
| Product: | shared-mime-info | Reporter: | Sebastien Bacher <seb128> |
| Component: | general | Assignee: | Jonathan Blandford <jrb> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | high | CC: | teuf |
| Version: | unspecified | ||
| Hardware: | x86 (IA32) | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: |
use strtoul instead of strtol in various places to fix potential overflows
patch I'm about to commit |
||
Created attachment 988 [details] [review] use strtoul instead of strtol in various places to fix potential overflows I also changed offset from being a long to a guint64, I don't know if it makes sense? Anyway, I'll need to update that patch since I didn't modify write_magic_children to properly write a guint64, so let me know what you prefer ;) Created attachment 1404 [details] [review] patch I'm about to commit Fixed in CVS. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
update-mime-database seens to have a problem on 32 bit architectures. update-mime-database.c, l839 "mask = strtol(in_mask, &end, 0)" can make an overflow to expose the overflow: #include <stdio.h> int main(int argc, char *argv[]) { printf("%lx\n", strtol("0x8080ffff",NULL,0)); return 0; } displays 7fffffff instead of 8080ffff changing strtol by strtoul fixes the overflow problems. This break some mime detections, see this bug report about iso detection on amd64 : http://bugzilla.gnome.org/show_bug.cgi?id=145956 https://bugzilla.ubuntu.com/show_bug.cgi?id=1221 This is because arc type use this mask: <match value="0x0000081a" type="little32" offset="0" mask="0x8080ffff"/> Apparently the mime magic value has been adapted to give the right result after the overflow, so fixing this bug breaks the mime detection for iso on 32bits archs (the database need to be fixed too so). The other mimes using a mask should probably be checked too.