[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[developers] Fwd: Buffer overflow in prayertime package of libitl_0.7.0.



---------- Forwarded message ----------
From: Djalel Chefrour <cdjalel at gmail dot com>
Date: Fri, Feb 20, 2015 at 4:30 PM
Subject: Buffer overflow in prayertime package of libitl_0.7.0.
To: thamer at newkuwait dot org, bugs at arabeyes dot org


Salam

In libitl-0.7.0/prayertime/src/astro.c +812

    R4sum = R4[i][0] * cos(R4[i][1] + R4[i][2] * JM);

The R4[] array (declared in in 525) has only one element therefore R[i]
where i is always =2 (from previous loop) is an invalid access.
The C compile cannot pick this kind of errors. Other languages do.
By chance memory after R4 is filled with another array declared just after
R4 in line 529. So no memory violation happens during runtime.

I don't know how to fix it though. May be replacing i with 0, but then why
use a 2D array!

Is this bug linked with the FIXIT comment at line 768?

Anyway this bug doesn't seem to crash the program or alter the good results
of prayer times (at least in my simple tests).

Best regards

-- 
Dr Djalel Chefrour,
Associate professor at Souk Ahras University