Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Possible memory corruption: ioctl overflowed 3rd argument https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176154 jvdias@xxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG ------- Additional Comments From jvdias@xxxxxxxxxx 2005-12-19 14:24 EST ------- This is probably due to the fix for bugzilla bug 171111, rt.perl.org bug #37535, upstream patch #25852 . Perl was incorrectly defaulting the ioctl 'length' parameter to 256, and making the length of the ioctl third argument at least that number of bytes long (this caused perl to dump core if the data returned was > 256 bytes). CDDB_get.pm sets its ioctl third arg to "", and passes NO length argument in the IOCTL number. In perl versions before bug 171111 was fixed, this third argument would have been defaulted to 256 bytes long - this would be OK as long as the string returned is less than 256 bytes - otherwise, a perl core would result. perl has no way of knowing how long the data returned by ioctl will be - it only knows the length of the ioctl third argument variable, and the length encoded in the ioctl number. So, after it makes the ioctl, it checks that a marker placed at the end of the ioctl third argument variable has not been overwritten - now, in the case of CDDB_get, it has been, since the variable has no longer been initialized to 256 bytes in length . FIX: initialize the variable in CDDB_get.pm to a reasonable length : --- --- CDDB_get-2.25/CDDB_get.pm~ 2005-06-15 10:55:23.000000000 -0400 +++ CDDB_get-2.25/CDDB_get.pm 2005-12-19 14:22:49.000000000 -0500 @@ -129,7 +129,7 @@ sub read_toc { my $device=shift; - my $tochdr=""; + my $tochdr=chr(0) x 8192; sysopen (CD,$device, O_RDONLY | O_NONBLOCK) or die "cannot open cdrom [$!] [$device]"; ioctl(CD, $CDROMREADTOCHDR, $tochdr) or die "cannot read toc [$!] [$device]"; --- CDDB_get is not provided in Fedora Core or Fedora Extras - I suggest you raise this issue with the CDDB_get developer . -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
