Package: jbigkit Version: 2.0-2 Severity: normal Tags: patch User: [email protected] Usertags: origin-ubuntu ubuntu-patch quantal
I got the Ubuntu security team to review jbigkit (https://bugs.launchpad.net/ubuntu/+source/jbigkit/+bug/993304), since image processing libraries often end up being attack vectors one way or another. Jamie commented on some compiler warnings that show up. Here's a patch to fix them. Note that I've used some C99 printf length modifiers (z and t), since those are the most precise way to specify the types. This is fine for Debian, but I don't know whether upstream is happy to rely on C99; if not, they might have to use casts or something instead. * Fix a number of compiler warnings per feedback from Ubuntu security team (LP: #993304). diff -Nru jbigkit-2.0/debian/patches/series jbigkit-2.0/debian/patches/series --- jbigkit-2.0/debian/patches/series 2012-04-09 10:25:02.000000000 +0100 +++ jbigkit-2.0/debian/patches/series 2012-07-09 11:11:28.000000000 +0100 @@ -1,3 +1,4 @@ allNewMainMakefile.diff pbmtoolsMakefile.diff useLibtool.diff +warnings.diff diff -Nru jbigkit-2.0/debian/patches/warnings.diff jbigkit-2.0/debian/patches/warnings.diff --- jbigkit-2.0/debian/patches/warnings.diff 1970-01-01 01:00:00.000000000 +0100 +++ jbigkit-2.0/debian/patches/warnings.diff 2012-07-09 11:57:52.000000000 +0100 @@ -0,0 +1,263 @@ +Subject: Fix several compiler warnings +Author: Colin Watson <[email protected]> +Forwarded: no + +Index: b/libjbig/tstcodec.c +=================================================================== +--- a/libjbig/tstcodec.c ++++ b/libjbig/tstcodec.c +@@ -399,7 +399,7 @@ + for (i = 0; i < 16 * 16 && !trouble; i++) { + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); + if (pix < 0) { +- printf("Problem at pixel %ld, byte %d.\n\n", ++ printf("Problem at pixel %ld, byte %td.\n\n", + i+1, sd->pscd_ptr - sd->pscd_end); + trouble++; + break; +@@ -411,7 +411,7 @@ + } + } + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { +- printf("%d bytes left after decoder finished.\n\n", ++ printf("%td bytes left after decoder finished.\n\n", + sd->pscd_end - sd->pscd_ptr - 2); + trouble++; + } +@@ -439,7 +439,7 @@ + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); + } + if (pix < 0) { +- printf("Problem at pixel %ld, byte %d.\n\n", ++ printf("Problem at pixel %ld, byte %td.\n\n", + i+1, sd->pscd_ptr - sd->pscd_end); + trouble++; + break; +@@ -451,7 +451,7 @@ + } + } + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { +- printf("%d bytes left after decoder finished.\n\n", ++ printf("%td bytes left after decoder finished.\n\n", + sd->pscd_end - sd->pscd_ptr - 2); + trouble++; + } +Index: b/libjbig/tstcodec85.c +=================================================================== +--- a/libjbig/tstcodec85.c ++++ b/libjbig/tstcodec85.c +@@ -334,7 +334,7 @@ + for (i = 0; i < 16 * 16 && !trouble; i++) { + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); + if (pix < 0) { +- printf("Problem at pixel %ld, byte %d.\n\n", ++ printf("Problem at pixel %ld, byte %td.\n\n", + i+1, sd->pscd_ptr - sd->pscd_end); + trouble++; + break; +@@ -346,7 +346,7 @@ + } + } + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { +- printf("%d bytes left after decoder finished.\n\n", ++ printf("%td bytes left after decoder finished.\n\n", + sd->pscd_end - sd->pscd_ptr - 2); + trouble++; + } +@@ -374,7 +374,7 @@ + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); + } + if (pix < 0) { +- printf("Problem at pixel %ld, byte %d.\n\n", ++ printf("Problem at pixel %ld, byte %td.\n\n", + i+1, sd->pscd_ptr - sd->pscd_end); + trouble++; + break; +@@ -386,7 +386,7 @@ + } + } + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { +- printf("%d bytes left after decoder finished.\n\n", ++ printf("%td bytes left after decoder finished.\n\n", + sd->pscd_end - sd->pscd_ptr - 2); + trouble++; + } +Index: b/pbmtools/jbgtopbm.c +=================================================================== +--- a/pbmtools/jbgtopbm.c ++++ b/pbmtools/jbgtopbm.c +@@ -110,7 +110,7 @@ + for (i = 0; i < len && i < max; i++) + fprintf(f, "%02x ", p[i]); + if (len > i) +- fprintf(f, "... %d bytes total", len); ++ fprintf(f, "... %zd bytes total", len); + fprintf(f, "\n"); + } + +@@ -134,7 +134,7 @@ + /* read BIH */ + read_file(&bie, &buflen, &len, fin); + if (len < 20) { +- fprintf(f, "Error: Input file is %d < 20 bytes long and therefore " ++ fprintf(f, "Error: Input file is %zd < 20 bytes long and therefore " + "does not contain an intact BIE header!\n", len); + return; + } +@@ -188,18 +188,18 @@ + == (JBG_DPON | JBG_DPPRIV)) + p += 1728; /* skip DPTABLE */ + if (p > bie + len) { +- fprintf(f, "Error: Input file is %d < 20+1728 bytes long and therefore " ++ fprintf(f, "Error: Input file is %zd < 20+1728 bytes long and therefore " + "does not contain an intact BIE header with DPTABLE!\n", len); + return; + } + while (p != bie + len) { + if (p > bie + len - 2) { +- fprintf(f, "%06x: Error: single byte 0x%02x left\n", p - bie, *p); ++ fprintf(f, "%06tx: Error: single byte 0x%02x left\n", p - bie, *p); + return; + } + pnext = jbg_next_pscdms(p, len - (p - bie)); + if (p[0] != MARKER_ESC || p[1] == MARKER_STUFF) { +- fprintf(f, "%06x: PSCD: ", p - bie); ++ fprintf(f, "%06tx: PSCD: ", p - bie); + fprint_bytes(f, p, pnext ? (size_t) (pnext - p) : len - (p - bie), 60); + if (!pnext) { + fprintf(f, "Error: PSCD not terminated by SDNORM or SDRST marker\n"); +@@ -209,7 +209,7 @@ + switch (p[1]) { + case MARKER_SDNORM: + case MARKER_SDRST: +- fprintf(f, "%06x: ESC %s, ending SDE #%lu", p - bie, ++ fprintf(f, "%06tx: ESC %s, ending SDE #%lu", p - bie, + (p[1] == MARKER_SDNORM) ? "SDNORM" : "SDRST", ++sde); + if (sde == sdes) + fprintf(f, " (final SDE)"); +@@ -219,10 +219,10 @@ + fprintf(f, "\n"); + break; + case MARKER_ABORT: +- fprintf(f, "%06x: ESC ABORT\n", p - bie); ++ fprintf(f, "%06tx: ESC ABORT\n", p - bie); + break; + case MARKER_NEWLEN: +- fprintf(f, "%06x: ESC NEWLEN ", p - bie); ++ fprintf(f, "%06tx: ESC NEWLEN ", p - bie); + if (p + 5 < bie + len) { + fprintf(f, "YD = %lu\n", + yd = (((long) p[2] << 24) | ((long) p[3] << 16) | +@@ -242,7 +242,7 @@ + fprintf(f, "unexpected EOF\n"); + break; + case MARKER_ATMOVE: +- fprintf(f, "%06x: ESC ATMOVE ", p - bie); ++ fprintf(f, "%06tx: ESC ATMOVE ", p - bie); + if (p + 7 < bie + len) + fprintf(f, "YAT = %lu, tX = %d, tY = %d\n", + (((long) p[2] << 24) | ((long) p[3] << 16) | +@@ -251,7 +251,7 @@ + fprintf(f, "unexpected EOF\n"); + break; + case MARKER_COMMENT: +- fprintf(f, "%06x: ESC COMMENT ", p - bie); ++ fprintf(f, "%06tx: ESC COMMENT ", p - bie); + if (p + 5 < bie + len) + fprintf(f, "LC = %lu\n", + (((long) p[2] << 24) | ((long) p[3] << 16) | +@@ -260,7 +260,7 @@ + fprintf(f, "unexpected EOF\n"); + break; + default: +- fprintf(f, "%06x: ESC 0x%02x\n", p - bie, p[1]); ++ fprintf(f, "%06tx: ESC 0x%02x\n", p - bie, p[1]); + } + if (!pnext) { + fprintf(f, "Error encountered!\n"); +@@ -372,7 +372,7 @@ + /* read BIH first to check VLENGTH */ + len = fread(buffer, 1, 20, fin); + if (len < 20) { +- fprintf(stderr, "Input file '%s' (%d bytes) must be at least " ++ fprintf(stderr, "Input file '%s' (%zd bytes) must be at least " + "20 bytes long\n", fnin, len); + if (fout != stdout) { + fclose(fout); +Index: b/pbmtools/pbmtojbg.c +=================================================================== +--- a/pbmtools/pbmtojbg.c ++++ b/pbmtools/pbmtojbg.c +@@ -88,7 +88,11 @@ + while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ; + if (c != EOF) { + ungetc(c, f); +- fscanf(f, "%lu", &i); ++ if (fscanf(f, "%lu", &i) != 1) { ++ /* should never fail, since c must be a digit */ ++ fprintf(stderr, "Unexpected failure reading digit '%c'\n", c); ++ exit(1); ++ } + } + + return i; +@@ -302,7 +306,9 @@ + break; + case '4': + /* PBM raw binary format */ +- fread(bitmap[0], bitmap_size, 1, fin); ++ if (fread(bitmap[0], bitmap_size, 1, fin) != 1) { ++ /* silence compiler warnings; ferror/feof checked below */ ++ } + break; + case '2': + case '5': +@@ -314,8 +320,18 @@ + for (j = 0; j < bpp; j++) + image[x * bpp + (bpp - 1) - j] = v >> (j * 8); + } +- } else +- fread(image, width * height, bpp, fin); ++ } else { ++ if (fread(image, width * height, bpp, fin) != (size_t) bpp) { ++ if (ferror(fin)) { ++ fprintf(stderr, "Problem while reading input file '%s", fnin); ++ perror("'"); ++ exit(1); ++ } else { ++ fprintf(stderr, "Unexpected end of input file '%s'!\n", fnin); ++ exit(1); ++ } ++ } ++ } + jbg_split_planes(width, height, planes, encode_planes, image, bitmap, + use_graycode); + free(image); +Index: b/pbmtools/pbmtojbg85.c +=================================================================== +--- a/pbmtools/pbmtojbg85.c ++++ b/pbmtools/pbmtojbg85.c +@@ -72,7 +72,11 @@ + while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ; + if (c != EOF) { + ungetc(c, f); +- fscanf(f, "%lu", &i); ++ if (fscanf(f, "%lu", &i) != 1) { ++ /* should never fail, since c must be a digit */ ++ fprintf(stderr, "Unexpected failure reading digit '%c'\n", c); ++ exit(1); ++ } + } + + return i; +@@ -239,7 +243,9 @@ + break; + case '4': + /* PBM raw binary format */ +- fread(next_line, bpl, 1, fin); ++ if (fread(next_line, bpl, 1, fin) != 1) { ++ /* silence compiler warnings; ferror/feof checked below */ ++ } + break; + default: + fprintf(stderr, "Unsupported PBM type P%c!\n", type); Thanks, -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
