Hello community, here is the log from the commit of package coreutils for openSUSE:Factory checked in at 2012-11-02 07:30:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/coreutils (Old) and /work/SRC/openSUSE:Factory/.coreutils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "coreutils", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/coreutils/coreutils.changes 2012-09-23 08:32:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.coreutils.new/coreutils.changes 2012-11-02 07:30:56.000000000 +0100 @@ -1,0 +2,11 @@ +Sun Oct 28 20:31:28 UTC 2012 - [email protected] + +- Add upstream patch: + + * cp could read from freed memory and could even make corrupt copies. + This could happen with a very fragmented and sparse input file, + on GNU/Linux file systems supporting fiemap extent scanning. + This bug also affects mv when it resorts to copying, and install. + [bug introduced in coreutils-8.11] + +------------------------------------------------------------------- New: ---- coreutils-cp-corrupt-fragmented-sparse.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ coreutils.spec ++++++ --- /var/tmp/diff_new_pack.5k3tjT/_old 2012-11-02 07:30:59.000000000 +0100 +++ /var/tmp/diff_new_pack.5k3tjT/_new 2012-11-02 07:30:59.000000000 +0100 @@ -76,6 +76,7 @@ Patch34: coreutils-acl-nofollow.patch Patch36: coreutils-basename_documentation.patch Patch37: coreutils-bnc#697897-setsid.patch +Patch38: coreutils-cp-corrupt-fragmented-sparse.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # this will create a cycle, broken up randomly - coreutils is just too core to have other # prerequires @@ -119,6 +120,7 @@ %patch34 %patch36 %patch37 +%patch38 xz -dc %{S:4} >po/de.po ++++++ coreutils-cp-corrupt-fragmented-sparse.patch ++++++ commit 64aef5fb9afecc023a6e719da161dbbf450908b8 Author: Jim Meyering <[email protected]> Date: Tue Oct 16 17:43:49 2012 +0200 cp: avoid data-corrupting free-memory-read NEWS entry: cp could read from freed memory and could even make corrupt copies. This could happen with a very fragmented and sparse input file, on GNU/Linux file systems supporting fiemap extent scanning. This bug also affects mv when it resorts to copying, and install. [bug introduced in coreutils-8.11] * src/extent-scan.c (extent_scan_read): Reset our last_ei pointer whenever the parent buffer might have just been freed. * tests/cp/fiemap-extent-FMR.sh: New test. * tests/local.mk (all_tests): Add it. * NEWS (Bug fixes): Mention it. Reported by Mike Gerth in http://bugs.gnu.org/12656, and with help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85. Index: src/extent-scan.c =================================================================== --- src/extent-scan.c.orig +++ src/extent-scan.c @@ -89,7 +89,7 @@ extern bool extent_scan_read (struct extent_scan *scan) { unsigned int si = 0; - struct extent_info *last_ei IF_LINT ( = scan->ext_info); + struct extent_info *last_ei = scan->ext_info; while (true) { @@ -127,8 +127,14 @@ extent_scan_read (struct extent_scan *sc assert (scan->ei_count <= SIZE_MAX - fiemap->fm_mapped_extents); scan->ei_count += fiemap->fm_mapped_extents; - scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count, - sizeof (struct extent_info)); + { + /* last_ei points into a buffer that may be freed via xnrealloc. + Record its offset and adjust after allocation. */ + size_t prev_idx = last_ei - scan->ext_info; + scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count, + sizeof (struct extent_info)); + last_ei = scan->ext_info + prev_idx; + } unsigned int i = 0; for (i = 0; i < fiemap->fm_mapped_extents; i++) Index: tests/cp/fiemap-FMR =================================================================== --- /dev/null +++ tests/cp/fiemap-FMR @@ -0,0 +1,31 @@ +#!/bin/sh +# Trigger a free-memory read bug in cp from coreutils-[8.11..8.19] + +# Copyright (C) 2012 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +. "${srcdir=.}/init.sh"; path_prepend_ ./src +print_ver_ cp + +require_valgrind_ +require_perl_ +: ${PERL=perl} + +$PERL -e 'for (1..600) { sysseek (*STDOUT, 4096, 1)' \ + -e '&& syswrite (*STDOUT, "a" x 1024) or die "$!"}' > j || fail=1 +valgrind --quiet --error-exitcode=3 cp j j2 || fail=1 +cmp j j2 || fail=1 + +Exit $fail Index: tests/Makefile.am =================================================================== --- tests/Makefile.am.orig +++ tests/Makefile.am @@ -342,6 +342,7 @@ TESTS = \ cp/existing-perm-race \ cp/fail-perm \ cp/fiemap-empty \ + cp/fiemap-FMR \ cp/fiemap-perf \ cp/fiemap-2 \ cp/file-perm-race \ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
