That seems perfectly sensible. Now to convince my sponsor to make a new upload :)
I'll try to find my sponsor in the morning. Warmest regards, Michael On Mon, Jul 9, 2012 at 9:08 PM, Colin Watson <[email protected]> wrote: > Package: jbigkit > Version: 2.0-2 > Severity: normal > Tags: patch > User: [email protected] > Usertags: origin-ubuntu ubuntu-patch quantal > > I got the Ubuntu security team to review jbigkit > (https://bugs.launchpad.net/ubuntu/+source/jbigkit/+bug/993304), since > image processing libraries often end up being attack vectors one way or > another. Jamie commented on some compiler warnings that show up. > Here's a patch to fix them. > > Note that I've used some C99 printf length modifiers (z and t), since > those are the most precise way to specify the types. This is fine for > Debian, but I don't know whether upstream is happy to rely on C99; if > not, they might have to use casts or something instead. > > * Fix a number of compiler warnings per feedback from Ubuntu security > team > (LP: #993304). > > diff -Nru jbigkit-2.0/debian/patches/series > jbigkit-2.0/debian/patches/series > --- jbigkit-2.0/debian/patches/series 2012-04-09 10:25:02.000000000 +0100 > +++ jbigkit-2.0/debian/patches/series 2012-07-09 11:11:28.000000000 +0100 > @@ -1,3 +1,4 @@ > allNewMainMakefile.diff > pbmtoolsMakefile.diff > useLibtool.diff > +warnings.diff > diff -Nru jbigkit-2.0/debian/patches/warnings.diff > jbigkit-2.0/debian/patches/warnings.diff > --- jbigkit-2.0/debian/patches/warnings.diff 1970-01-01 > 01:00:00.000000000 +0100 > +++ jbigkit-2.0/debian/patches/warnings.diff 2012-07-09 > 11:57:52.000000000 +0100 > @@ -0,0 +1,263 @@ > +Subject: Fix several compiler warnings > +Author: Colin Watson <[email protected]> > +Forwarded: no > + > +Index: b/libjbig/tstcodec.c > +=================================================================== > +--- a/libjbig/tstcodec.c > ++++ b/libjbig/tstcodec.c > +@@ -399,7 +399,7 @@ > + for (i = 0; i < 16 * 16 && !trouble; i++) { > + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); > + if (pix < 0) { > +- printf("Problem at pixel %ld, byte %d.\n\n", > ++ printf("Problem at pixel %ld, byte %td.\n\n", > + i+1, sd->pscd_ptr - sd->pscd_end); > + trouble++; > + break; > +@@ -411,7 +411,7 @@ > + } > + } > + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { > +- printf("%d bytes left after decoder finished.\n\n", > ++ printf("%td bytes left after decoder finished.\n\n", > + sd->pscd_end - sd->pscd_ptr - 2); > + trouble++; > + } > +@@ -439,7 +439,7 @@ > + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); > + } > + if (pix < 0) { > +- printf("Problem at pixel %ld, byte %d.\n\n", > ++ printf("Problem at pixel %ld, byte %td.\n\n", > + i+1, sd->pscd_ptr - sd->pscd_end); > + trouble++; > + break; > +@@ -451,7 +451,7 @@ > + } > + } > + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { > +- printf("%d bytes left after decoder finished.\n\n", > ++ printf("%td bytes left after decoder finished.\n\n", > + sd->pscd_end - sd->pscd_ptr - 2); > + trouble++; > + } > +Index: b/libjbig/tstcodec85.c > +=================================================================== > +--- a/libjbig/tstcodec85.c > ++++ b/libjbig/tstcodec85.c > +@@ -334,7 +334,7 @@ > + for (i = 0; i < 16 * 16 && !trouble; i++) { > + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); > + if (pix < 0) { > +- printf("Problem at pixel %ld, byte %d.\n\n", > ++ printf("Problem at pixel %ld, byte %td.\n\n", > + i+1, sd->pscd_ptr - sd->pscd_end); > + trouble++; > + break; > +@@ -346,7 +346,7 @@ > + } > + } > + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { > +- printf("%d bytes left after decoder finished.\n\n", > ++ printf("%td bytes left after decoder finished.\n\n", > + sd->pscd_end - sd->pscd_ptr - 2); > + trouble++; > + } > +@@ -374,7 +374,7 @@ > + pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1); > + } > + if (pix < 0) { > +- printf("Problem at pixel %ld, byte %d.\n\n", > ++ printf("Problem at pixel %ld, byte %td.\n\n", > + i+1, sd->pscd_ptr - sd->pscd_end); > + trouble++; > + break; > +@@ -386,7 +386,7 @@ > + } > + } > + if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) { > +- printf("%d bytes left after decoder finished.\n\n", > ++ printf("%td bytes left after decoder finished.\n\n", > + sd->pscd_end - sd->pscd_ptr - 2); > + trouble++; > + } > +Index: b/pbmtools/jbgtopbm.c > +=================================================================== > +--- a/pbmtools/jbgtopbm.c > ++++ b/pbmtools/jbgtopbm.c > +@@ -110,7 +110,7 @@ > + for (i = 0; i < len && i < max; i++) > + fprintf(f, "%02x ", p[i]); > + if (len > i) > +- fprintf(f, "... %d bytes total", len); > ++ fprintf(f, "... %zd bytes total", len); > + fprintf(f, "\n"); > + } > + > +@@ -134,7 +134,7 @@ > + /* read BIH */ > + read_file(&bie, &buflen, &len, fin); > + if (len < 20) { > +- fprintf(f, "Error: Input file is %d < 20 bytes long and therefore " > ++ fprintf(f, "Error: Input file is %zd < 20 bytes long and therefore " > + "does not contain an intact BIE header!\n", len); > + return; > + } > +@@ -188,18 +188,18 @@ > + == (JBG_DPON | JBG_DPPRIV)) > + p += 1728; /* skip DPTABLE */ > + if (p > bie + len) { > +- fprintf(f, "Error: Input file is %d < 20+1728 bytes long and > therefore " > ++ fprintf(f, "Error: Input file is %zd < 20+1728 bytes long and > therefore " > + "does not contain an intact BIE header with DPTABLE!\n", len); > + return; > + } > + while (p != bie + len) { > + if (p > bie + len - 2) { > +- fprintf(f, "%06x: Error: single byte 0x%02x left\n", p - bie, *p); > ++ fprintf(f, "%06tx: Error: single byte 0x%02x left\n", p - bie, *p); > + return; > + } > + pnext = jbg_next_pscdms(p, len - (p - bie)); > + if (p[0] != MARKER_ESC || p[1] == MARKER_STUFF) { > +- fprintf(f, "%06x: PSCD: ", p - bie); > ++ fprintf(f, "%06tx: PSCD: ", p - bie); > + fprint_bytes(f, p, pnext ? (size_t) (pnext - p) : len - (p - bie), > 60); > + if (!pnext) { > + fprintf(f, "Error: PSCD not terminated by SDNORM or SDRST > marker\n"); > +@@ -209,7 +209,7 @@ > + switch (p[1]) { > + case MARKER_SDNORM: > + case MARKER_SDRST: > +- fprintf(f, "%06x: ESC %s, ending SDE #%lu", p - bie, > ++ fprintf(f, "%06tx: ESC %s, ending SDE #%lu", p - bie, > + (p[1] == MARKER_SDNORM) ? "SDNORM" : "SDRST", ++sde); > + if (sde == sdes) > + fprintf(f, " (final SDE)"); > +@@ -219,10 +219,10 @@ > + fprintf(f, "\n"); > + break; > + case MARKER_ABORT: > +- fprintf(f, "%06x: ESC ABORT\n", p - bie); > ++ fprintf(f, "%06tx: ESC ABORT\n", p - bie); > + break; > + case MARKER_NEWLEN: > +- fprintf(f, "%06x: ESC NEWLEN ", p - bie); > ++ fprintf(f, "%06tx: ESC NEWLEN ", p - bie); > + if (p + 5 < bie + len) { > + fprintf(f, "YD = %lu\n", > + yd = (((long) p[2] << 24) | ((long) p[3] << 16) | > +@@ -242,7 +242,7 @@ > + fprintf(f, "unexpected EOF\n"); > + break; > + case MARKER_ATMOVE: > +- fprintf(f, "%06x: ESC ATMOVE ", p - bie); > ++ fprintf(f, "%06tx: ESC ATMOVE ", p - bie); > + if (p + 7 < bie + len) > + fprintf(f, "YAT = %lu, tX = %d, tY = %d\n", > + (((long) p[2] << 24) | ((long) p[3] << 16) | > +@@ -251,7 +251,7 @@ > + fprintf(f, "unexpected EOF\n"); > + break; > + case MARKER_COMMENT: > +- fprintf(f, "%06x: ESC COMMENT ", p - bie); > ++ fprintf(f, "%06tx: ESC COMMENT ", p - bie); > + if (p + 5 < bie + len) > + fprintf(f, "LC = %lu\n", > + (((long) p[2] << 24) | ((long) p[3] << 16) | > +@@ -260,7 +260,7 @@ > + fprintf(f, "unexpected EOF\n"); > + break; > + default: > +- fprintf(f, "%06x: ESC 0x%02x\n", p - bie, p[1]); > ++ fprintf(f, "%06tx: ESC 0x%02x\n", p - bie, p[1]); > + } > + if (!pnext) { > + fprintf(f, "Error encountered!\n"); > +@@ -372,7 +372,7 @@ > + /* read BIH first to check VLENGTH */ > + len = fread(buffer, 1, 20, fin); > + if (len < 20) { > +- fprintf(stderr, "Input file '%s' (%d bytes) must be at least " > ++ fprintf(stderr, "Input file '%s' (%zd bytes) must be at least " > + "20 bytes long\n", fnin, len); > + if (fout != stdout) { > + fclose(fout); > +Index: b/pbmtools/pbmtojbg.c > +=================================================================== > +--- a/pbmtools/pbmtojbg.c > ++++ b/pbmtools/pbmtojbg.c > +@@ -88,7 +88,11 @@ > + while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ; > + if (c != EOF) { > + ungetc(c, f); > +- fscanf(f, "%lu", &i); > ++ if (fscanf(f, "%lu", &i) != 1) { > ++ /* should never fail, since c must be a digit */ > ++ fprintf(stderr, "Unexpected failure reading digit '%c'\n", c); > ++ exit(1); > ++ } > + } > + > + return i; > +@@ -302,7 +306,9 @@ > + break; > + case '4': > + /* PBM raw binary format */ > +- fread(bitmap[0], bitmap_size, 1, fin); > ++ if (fread(bitmap[0], bitmap_size, 1, fin) != 1) { > ++ /* silence compiler warnings; ferror/feof checked below */ > ++ } > + break; > + case '2': > + case '5': > +@@ -314,8 +320,18 @@ > + for (j = 0; j < bpp; j++) > + image[x * bpp + (bpp - 1) - j] = v >> (j * 8); > + } > +- } else > +- fread(image, width * height, bpp, fin); > ++ } else { > ++ if (fread(image, width * height, bpp, fin) != (size_t) bpp) { > ++ if (ferror(fin)) { > ++ fprintf(stderr, "Problem while reading input file '%s", fnin); > ++ perror("'"); > ++ exit(1); > ++ } else { > ++ fprintf(stderr, "Unexpected end of input file '%s'!\n", fnin); > ++ exit(1); > ++ } > ++ } > ++ } > + jbg_split_planes(width, height, planes, encode_planes, image, bitmap, > + use_graycode); > + free(image); > +Index: b/pbmtools/pbmtojbg85.c > +=================================================================== > +--- a/pbmtools/pbmtojbg85.c > ++++ b/pbmtools/pbmtojbg85.c > +@@ -72,7 +72,11 @@ > + while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ; > + if (c != EOF) { > + ungetc(c, f); > +- fscanf(f, "%lu", &i); > ++ if (fscanf(f, "%lu", &i) != 1) { > ++ /* should never fail, since c must be a digit */ > ++ fprintf(stderr, "Unexpected failure reading digit '%c'\n", c); > ++ exit(1); > ++ } > + } > + > + return i; > +@@ -239,7 +243,9 @@ > + break; > + case '4': > + /* PBM raw binary format */ > +- fread(next_line, bpl, 1, fin); > ++ if (fread(next_line, bpl, 1, fin) != 1) { > ++ /* silence compiler warnings; ferror/feof checked below */ > ++ } > + break; > + default: > + fprintf(stderr, "Unsupported PBM type P%c!\n", type); > > Thanks, > > -- > Colin Watson [[email protected]] > > >
