[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[developers] Fwd: Buffer overflow in prayertime package of libitl_0.7.0.
- To: Development Discussions <developer at arabeyes dot org>
- Subject: [developers] Fwd: Buffer overflow in prayertime package of libitl_0.7.0.
- From: Youssef Chahibi <chahibi at gmail dot com>
- Date: Sat, 21 Feb 2015 21:17:05 -0000
- Cc: Djalel Chefrour <cdjalel at gmail dot com>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YNMuCrLo5cm9ew/KcCeo7KPxjEx9SZ4Am+yqMEAgHnM=; b=t2pB7yGP49heEe1NOWZi+Si3EJaBPf766PP54rsx6bT+FnkWGuaHmMi/iY8ovzzQqu fD+SpNvfHIUbA6A9TjRlI9NSmmfXcSJrRqDEVPRy/FnVGkXNMKZ/3WMwvk3MJmdkb437 QmLbpH03cqVoeNyi8os6bB4MHR6JzfteMSj+FFcM6ygsWuwemsyEf0h5aYqxqCUKyivP Zjexg0vzO6d1sqVYF0jIyHDKoLayPPmhOVU8/1DFtCIzH7S4nI2YWe+wp0rgk/9TidbN u/oofplNFgnWtxmtHL1wT+DXaID3thHNBXDhJ5UrotWMZGqkPGntM31wc9MYWehKJWZt 7cTw==
---------- Forwarded message ----------
From: Djalel Chefrour <cdjalel at gmail dot com>
Date: Fri, Feb 20, 2015 at 4:30 PM
Subject: Buffer overflow in prayertime package of libitl_0.7.0.
To: thamer at newkuwait dot org, bugs at arabeyes dot org
Salam
In libitl-0.7.0/prayertime/src/astro.c +812
R4sum = R4[i][0] * cos(R4[i][1] + R4[i][2] * JM);
The R4[] array (declared in in 525) has only one element therefore R[i]
where i is always =2 (from previous loop) is an invalid access.
The C compile cannot pick this kind of errors. Other languages do.
By chance memory after R4 is filled with another array declared just after
R4 in line 529. So no memory violation happens during runtime.
I don't know how to fix it though. May be replacing i with 0, but then why
use a 2D array!
Is this bug linked with the FIXIT comment at line 768?
Anyway this bug doesn't seem to crash the program or alter the good results
of prayer times (at least in my simple tests).
Best regards
--
Dr Djalel Chefrour,
Associate professor at Souk Ahras University