Your message dated Sun, 09 Sep 2018 19:19:14 +0000 with message-id <[email protected]> and subject line Bug#804474: fixed in ucl 1.03+repack-5 has caused the Debian Bug report #804474, regarding ucl: memory errors in compressing function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 804474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804474 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libucl-dev Version: 1.03-5 Memory errors are detected by valgrind in the following program: // Compile: gcc test.c -g -o test.exe -lucl #include <string.h> #include <ucl/ucl.h> #define COMPRESSED_LEN 1024 int main() { const char* uncompressed = "test test test"; char compressed[COMPRESSED_LEN]; ucl_uint compressed_len = COMPRESSED_LEN; ucl_progress_callback_p callback = NULL; int level = 7; struct ucl_compress_config_p conf = NULL; ucl_uintp result = NULL; ucl_nrv2b_99_compress( uncompressed, strlen(uncompressed), compressed, &compressed_len, callback, level, conf, result ); return 0; } Valgrind output is as follows: ==1681== Memcheck, a memory error detector ==1681== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==1681== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==1681== Command: ./test.exe ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E38FF3: swd_accept (ucl_swd.ch:460) ==1681== by 0x4E396E6: find_match (ucl_mchw.ch:136) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E39013: swd_accept (ucl_swd.ch:461) ==1681== by 0x4E396E6: find_match (ucl_mchw.ch:136) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E39051: swd_accept (ucl_swd.ch:463) ==1681== by 0x4E396E6: find_match (ucl_mchw.ch:136) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E39091: swd_accept (ucl_swd.ch:470) ==1681== by 0x4E396E6: find_match (ucl_mchw.ch:136) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E393B4: swd_findbest (ucl_swd.ch:615) ==1681== by 0x4E39742: find_match (ucl_mchw.ch:150) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E393D2: swd_findbest (ucl_swd.ch:616) ==1681== by 0x4E39742: find_match (ucl_mchw.ch:150) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E39419: swd_findbest (ucl_swd.ch:620) ==1681== by 0x4E39742: find_match (ucl_mchw.ch:150) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== Use of uninitialised value of size 8 ==1681== at 0x4E3959B: swd_findbest (ucl_swd.ch:671) ==1681== by 0x4E39742: find_match (ucl_mchw.ch:150) ==1681== by 0x4E3A63E: ucl_nrv2b_99_compress (n2_99.ch:590) ==1681== by 0x40080A: main (test.c:15) ==1681== ==1681== ==1681== HEAP SUMMARY: ==1681== in use at exit: 0 bytes in 0 blocks ==1681== total heap usage: 6 allocs, 6 frees, 809,216 bytes allocated ==1681== ==1681== All heap blocks were freed -- no leaks are possible ==1681== ==1681== For counts of detected and suppressed errors, rerun with: -v ==1681== Use --track-origins=yes to see where uninitialised values come from ==1681== ERROR SUMMARY: 11 errors from 8 contexts (suppressed: 0 from 0) I am using Debian GNU/Linux 7.9, kernel 3.2.0-4-amd64 and libc6 2.19-7.
--- End Message ---
--- Begin Message ---Source: ucl Source-Version: 1.03+repack-5 We believe that the bug you reported is fixed in the latest version of ucl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Robert Luberda <[email protected]> (supplier of updated ucl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 09 Sep 2018 20:57:20 +0200 Source: ucl Binary: libucl1 libucl-dev Architecture: source amd64 Version: 1.03+repack-5 Distribution: unstable Urgency: medium Maintainer: Robert Luberda <[email protected]> Changed-By: Robert Luberda <[email protected]> Description: libucl-dev - Portable compression library - development libucl1 - Portable compression library - runtime Closes: 804474 907426 Changes: ucl (1.03+repack-5) unstable; urgency=medium . * Add 05-Fix-double-free.patch from John Reiser to fix memory clobbering issue visible in upx (closes: #907426). * New 06-Fix-memory-errors.patch to initialize memory in order to get rid of memory errors detected by valgrind in a test program included in the bug report (closes: #804474). * Add 07-Fix-FTBFS-on-x32.patch that hopefully fixes compilation on x32 arch. * Bump debhelper's compat version to 11. * debian/rules: + enable `pie' hardening option; + do not use dpkg-parsechangelog (lintian); + enable LFS flags (lintian). * Document files removed from the upstream tarball in Files-Excluded field of debian/copyright (lintian) and update debian/watch for automatic creation of the tarball. * Add DEP-12 upstream metadata file. * debian/control: + update Vcs-* fields for salsa migration; + use https protocol in the `Homepage' field; + set `Rules-Requires-Root' to `no'; + Standards-Version: 4.2.1. Checksums-Sha1: 3e3300b79cdc691c8a5c2456f496a4aea62d996a 1877 ucl_1.03+repack-5.dsc 7f93015526843b69569793e7ba2b690e77959fdb 9976 ucl_1.03+repack-5.debian.tar.xz 6e90805526ac776a40c29d7662fcbf0264ecd11b 37776 libucl-dev_1.03+repack-5_amd64.deb bc166305143f554d4c415d883e5efa4188fd4890 60628 libucl1-dbgsym_1.03+repack-5_amd64.deb cf74e7028d532db758c9176234a14865fd3a486a 26232 libucl1_1.03+repack-5_amd64.deb 0fcd3423d24100b216d8da794b0a73de71c0b04f 6124 ucl_1.03+repack-5_amd64.buildinfo Checksums-Sha256: 71be06ad4dad18f6a7e07fad21d615279eaee687877d53b9c2bac1673ced1d03 1877 ucl_1.03+repack-5.dsc e9a854ddb1caa902c5b05c1246acb7b183bdea748bcbc1204f3034bdb1e7db99 9976 ucl_1.03+repack-5.debian.tar.xz ec95c9f75b95c4e8ceafe41ecdfb8fb59231781e159dd8085e8ae5cf11530aec 37776 libucl-dev_1.03+repack-5_amd64.deb 19259a1767cba8df1c7c224ad2c2e7725f5887bd5cb6c2fd84d6c04af85348fc 60628 libucl1-dbgsym_1.03+repack-5_amd64.deb 8210713cc4f21b63e666e395d61d4da0ec77ee0d000ce9f31f83b05fa4d78429 26232 libucl1_1.03+repack-5_amd64.deb 7030c45f626a7a202fe6abe87543b08892bf376bf93f7b9df9d7e71365ca54ee 6124 ucl_1.03+repack-5_amd64.buildinfo Files: 0541b6769bfa2b8e315a0fe61b1faa94 1877 libs optional ucl_1.03+repack-5.dsc e989ca74c2b5801b5425dcd74bfb6b5a 9976 libs optional ucl_1.03+repack-5.debian.tar.xz dfcb3f4005391e824ef4adda79db7bea 37776 libdevel optional libucl-dev_1.03+repack-5_amd64.deb bf45a47d90ce10770831421458ae1b7b 60628 debug optional libucl1-dbgsym_1.03+repack-5_amd64.deb 68cd75e1f5ee13c6f99dee3f596c7291 26232 libs optional libucl1_1.03+repack-5_amd64.deb 2d17fa9cec7fa8c4688177e4fa723734 6124 libs optional ucl_1.03+repack-5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAluVbXIACgkQYx3nVTvo r9QiYRAAigqhG7FqSz42LxD9BfGZJMKKjumKNNfU4Xl+QI12KSLbf98t5oK9dGM+ OX8LXxc5KjQZw4g6nVm8cHVXWBSpBsfpyOwJWy2KwFoxVXjgnxh6M3vXBZkoKrH+ MDP6u01artWhrRIvn5eNXgHVVoejvrxGSf2CpIMx7/z60hOSi9g8i6FcmOrNHdmw EdSyPaTdlB1V70SC6IcNEi6dagPOhtnsbo5E1m4MFEVIgrQWf8R+l9DVFN79h6KQ o9cHo4hfRwyJA9E5vORbBu0XIacFZEdBUWeapP3WQQJPCgWhe+jUjcBjk9jLgC8w xYWI2JI4o9CmPICVQOfbqAJxNuIjUzsSZETkV7BeI7GqV44XU+NjrJ0R93o7/goY 3o1OIKRlMyxtYS0MqOnY6fTGm2rOpRHWxC6lSHGJYS6c/nQokxZqzbLBm1rcGOMx dXZ+T9ktuTPGskDGjbBlDRzNBmWYooQ/LwGBd1AfCHHND7oi7RwvvRcBqAefUOYk m27A0f5uCRJSflaKR6aPY1+1zS2Ue7C2VZY/Yp3Ln/ydPPrLfRDrDld6Mtjj9ubt Kzv32Y2zaglnaFOkpL9aZjGbMTuCefv07PULAaFwmp6D5T/KuUto5nseXH+BFYca aSKFZJwsCyis3ucd0M8zuMHoTOcJO/0z4NayLYbjV4YmMUVRd5Q= =Ujc9 -----END PGP SIGNATURE-----
--- End Message ---

