[Bug 454980] Review Request: axel - Download accelerator, wget replacement

bugzilla at redhat.com bugzilla at redhat.com
Mon Sep 1 10:55:53 UTC 2008


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=454980





--- Comment #16 from Michael Schwendt <bugs.michael at gmx.net>  2008-09-01 06:55:52 EDT ---
It's a warning about a potential buffer overflow, that ought
to be examined by the package maintainer. The warning alone
is reason enough to say "Ooops, we don't want to release this".

I've reported above bug to upstream via email.

Insecure C string operations like that lead to vulnerabilities.
There are more in the code. No matter how likely it is to trigger
them, they ought to be fixed.

Initializing download: http://fedoraproject.org
*** buffer overflow detected ***: axel terminated
(gdb) bt
#0  0x00110416 in __kernel_vsyscall ()
#1  0x00482690 in raise () from /lib/libc.so.6
#2  0x00483f91 in abort () from /lib/libc.so.6
#3  0x004ba9eb in __libc_message () from /lib/libc.so.6
#4  0x00542b58 in __fortify_fail () from /lib/libc.so.6
#5  0x00541200 in __chk_fail () from /lib/libc.so.6
#6  0x00540918 in _IO_str_chk_overflow () from /lib/libc.so.6
#7  0x004bee8d in _IO_default_xsputn_internal () from /lib/libc.so.6
#8  0x00495fcf in vfprintf () from /lib/libc.so.6
#9  0x005409cd in __vsprintf_chk () from /lib/libc.so.6
#10 0x00540900 in __sprintf_chk () from /lib/libc.so.6
#11 0x0804eac4 in main (argc=Cannot access memory at address 0xb19
) at /usr/include/bits/stdio2.h:34
#12 0x0046f390 in __libc_start_main () from /lib/libc.so.6
#13 0x080491d1 in _start ()

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.




More information about the Fedora-package-review mailing list