Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 80760

Summary: array one byte too short
Product: [Retired] Red Hat Linux Reporter: d.binderman
Component: mcAssignee: Jakub Jelinek <jakub>
Status: CLOSED CURRENTRELEASE QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: leonard-rh-bugzilla, srevivo
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: triage|leonardjo|closed|currentrelease
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-03-31 16:20:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 79579, 100644    

Description d.binderman 2002-12-30 23:43:41 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.6 [en-gb]C-CCK-MCD NetscapeOnline.co.uk  (Win98; I)

Description of problem:

Hello there,

I have just tried to compile mc-4.5.55-12 from Redhat 8.0

Here are some of the messages the compiler produces

cc: Info: cpio.c, line 303: In this statement, an array is being accessed outside the bounds specified for the array type. (subscrbounds)
cc: Info: cpio.c, line 351: In this statement, an array is being accessed outside the bounds specified for the array type. (subscrbounds)

Here is an untested patch to shut up the compiler.

./vfs/cpio.c.old ./vfs/cpio.c
*** ./vfs/cpio.c.old	Thu Dec 19 20:19:28 2002
--- ./vfs/cpio.c	Thu Dec 19 20:33:32 2002
***************
*** 293,299 ****
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char *buf[HEAD_LENGTH + 1];
      int len;
      char *name;
  
--- 293,299 ----
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char *buf[HEAD_LENGTH + 2];
      int len;
      char *name;
  
***************
*** 341,347 ****
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char buf[HEAD_LENGTH + 1];
      int len;
      char *name;
  
--- 341,347 ----
  {
      struct new_cpio_header hd;
      struct stat stat;
!     char buf[HEAD_LENGTH + 2];
      int len;
      char *name;
  


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. compile with any  C compiler that checks array indices, for example Compaq C.
2.
3.
    

Additional info:
Comment 1 Andrew V. Samoilov 2004-02-18 07:57:04 UTC 
Fixed in 4.6.0 as far as many others possible buffer overflows.
Comment 2 Leonard den Ottolander 2004-03-31 16:20:44 UTC 
The problem is not the buffer length but the incorrect indexing used
in the assignments. Also in the first example a handle instead of a
pointer is used.

Verified that this is fixed in 4.6.0. Closing CURRENTRELEASE.