2009/3/4 Tim Jenness <[log in to unmask]>:
> Actually, I'm wondering whether this particular problem has been fixed. The
> patch I referred to was possibly from another problem (I do use
> -fstack-protector in our test versions at Hilo and that found the problem
> that I was referring to).
The fix you gave the reference for was indeed for another problem. But
there was a fix (can't find the reference at the moment) to increase
the length of the "keyname" buffer as Charles suggested in his
original message.
> What I am confused about is how "DATE-OBSA" is even a valid fits keyword.
> Isn't that 9 characters long?? I can see the code here:
>
> 24419 if( s != ' ' ) {
> 24420 sprintf( keyname, "DATE-OBS%c", s );
> 24421 } else {
> 24422 strcpy( keyname, "DATE-OBS" );
> 24423 }
>
> and that confuses me a lot.
Yes, that does look like a mistake. I'll change it to:
if( s == ' ' ) {
strcpy( keyname, "DATE-OBS" );
if( GetValue2( ret, this, keyname, AST__STRING, (void *)
&cval, 0, method$
class, status ) ){
}
}
I also see incorrect references to ""MJD-OBS%c". IIRC there was a time
when MJD-OBS was allowed to be qualifed by aaxis description
character, but the published version of FITS-WCS paper 2 does not
allow it. I'll change that too.
David
> Tim
>
> On Wed, Mar 4, 2009 at 5:56 AM, Charles Padgett <[log in to unmask]>
> wrote:
>>
>> Hi,
>>
>> I am currently the maintainer/developer for the HEASoft tool Ximage, which
>> makes use of the AST WCS library. Recently we have had reports of users
>> running into buffer overruns in the AST library. Some of the more recent
>> Linux distributions turn on gcc's stack smashing protection by default,
>> which, when a buffer overrun is detected aborts execution (Ubuntu 8.10, in
>> particular). I don't believe that this problem has adversely affected data
>> (otherwise I would hope someone would have noticed by now), but it is
>> causing Ximage to fail under certain conditions.
>>
>> I tracked the problem to fitschan.c, in the method SpecTrans. There is a
>> static array "keyname" which is given a size of FITSNAMLEN + 1 (= 9).
>> However, if there is more than one axis set, then keywords like:
>>
>> DATE-OBSA
>>
>> are sprintf'd to this "keyname" buffer, overflowing it. A simple
>> work-around
>> is to increase this array size to FITSNAMLEN + 2. Once this is done, the
>> buffer overrun goes away, and the resulting WCS's seem to still be valid.
>>
>> The version I am currently using is (old) 4.2-1, but I have confirmed this
>> behavior with 4.6-2 also.
>>
>> I just thought I would pass this along.
>>
>> Thanks,
>> Alex (a.k.a. Charles)
>
>
|