Package: gjs Version: 1.43.3-2 Followup-For: Bug #794646 Control: reassign -1 tracker Control: tag -1 patch
Please find attached a debdiff which fixes the actual bug, in tracker. The patch has been accepted upstream. I have already built and tested it locally, and not encountered any crashes so far. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.4+ (SMP w/4 CPU cores) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gjs depends on: ii libc6 2.19-22 ii libgcc1 1:5.2.1-22 ii libgjs0e [libgjs0-libmozjs-24-0] 1.43.3-2 ii libglib2.0-0 2.46.1-1 ii libstdc++6 5.2.1-22 gjs recommends no packages. gjs suggests no packages. -- no debconf information
diff -Nru tracker-1.6.0/debian/changelog tracker-1.6.0/debian/changelog --- tracker-1.6.0/debian/changelog 2015-09-22 20:13:45.000000000 +0530 +++ tracker-1.6.0/debian/changelog 2015-10-23 16:25:08.000000000 +0530 @@ -1,3 +1,11 @@ +tracker (1.6.0-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Add patch rom bugzilla: + https://bug746195.bugzilla-attachments.gnome.org/attachment.cgi?id=313924 + + -- Ritesh Raj Sarraf <r...@debian.org> Fri, 23 Oct 2015 16:24:50 +0530 + tracker (1.6.0-1) unstable; urgency=medium [ Michael Biebl ] diff -Nru tracker-1.6.0/debian/patches/series tracker-1.6.0/debian/patches/series --- tracker-1.6.0/debian/patches/series 1970-01-01 05:30:00.000000000 +0530 +++ tracker-1.6.0/debian/patches/series 2015-10-23 17:17:22.000000000 +0530 @@ -0,0 +1 @@ +tracker-crash-fix-v3.patch diff -Nru tracker-1.6.0/debian/patches/tracker-crash-fix-v3.patch tracker-1.6.0/debian/patches/tracker-crash-fix-v3.patch --- tracker-1.6.0/debian/patches/tracker-crash-fix-v3.patch 1970-01-01 05:30:00.000000000 +0530 +++ tracker-1.6.0/debian/patches/tracker-crash-fix-v3.patch 2015-10-23 17:17:22.000000000 +0530 @@ -0,0 +1,83 @@ +From 32e1d2a4fac38a48c107cf47cc24f403233343bc Mon Sep 17 00:00:00 2001 +From: Marius Gedminas <mar...@gedmin.as> +Date: Fri, 23 Oct 2015 12:46:12 +0300 +Subject: [PATCH] Fix buffer overrun in libunistring builds + +libunistring uses UTF-8 strings without a trailing NUL byte. We're +passing such strings to tracker_parser_unaccent_nfkd_string() from +function_sparql_unaccent() in the sqlite interface. If the string has +no accented characters, writing a NUL byte at the end will step out of +bounds. This causes memory corruption and crashes. + +The other caller of tracker_parser_unaccent_nfkd_string() is +process_word_utf8(), and it looks like it wants a trailing NUL, so let's +add it there. + +There are no more callers of the libunistring version of +tracker_parser_unaccent_nfkd_string(). + +(For extra confusion, the libicu version of +tracker_parser_unaccent_nfkd_string() deals with U+0000-terminated +UTF-16 strings.) + +Should fix https://bugzilla.gnome.org/show_bug.cgi?id=746195 +--- + src/libtracker-common/tracker-parser-libunistring.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/src/libtracker-common/tracker-parser-libunistring.c b/src/libtracker-common/tracker-parser-libunistring.c +index 9de6e46..d24c5f1 100644 +--- a/src/libtracker-common/tracker-parser-libunistring.c ++++ b/src/libtracker-common/tracker-parser-libunistring.c +@@ -157,7 +157,8 @@ get_word_info (TrackerParser *parser, + } + + /* The input word in this method MUST be normalized in NFKD form, +- * and given in UTF-8, where str_length is the byte-length */ ++ * and given in UTF-8, where str_length is the byte-length ++ * (note: there is no trailing NUL character!) */ + gboolean + tracker_parser_unaccent_nfkd_string (gpointer str, + gsize *str_length) +@@ -169,7 +170,6 @@ tracker_parser_unaccent_nfkd_string (gpointer str, + + g_return_val_if_fail (str != NULL, FALSE); + g_return_val_if_fail (str_length != NULL, FALSE); +- g_return_val_if_fail (*str_length > 0, FALSE); + + word = (gchar *)str; + word_length = *str_length; +@@ -209,9 +209,6 @@ tracker_parser_unaccent_nfkd_string (gpointer str, + j += utf8_len; + } + +- /* Force proper string end */ +- word[j] = '\0'; +- + /* Set new output length */ + *str_length = j; + +@@ -289,9 +286,6 @@ process_word_utf8 (TrackerParser *parser, + normalized, new_word_length); + } + +- /* Set output NIL */ +- normalized[new_word_length] = '\0'; +- + /* UNAC stripping needed? (for non-CJK and non-ASCII) */ + if (parser->enable_unaccent && + type == TRACKER_PARSER_WORD_TYPE_OTHER_UNAC && +@@ -301,6 +295,9 @@ process_word_utf8 (TrackerParser *parser, + normalized, new_word_length); + } + ++ /* Set output NIL */ ++ normalized[new_word_length] = '\0'; ++ + /* Check if stop word */ + if (parser->ignore_stop_words) { + *stop_word = tracker_language_is_stop_word (parser->language, +-- +2.5.0 + +