Package: man-db
Version: 2.5.6-4
Severity: normal
Tags: patch
Hello,
There is an off-by-one error in pipeline_pump, see attached patch:
when EAGAIN is returned, w is -1, which later would be added to
pos[i] then minpos, etc. and will eventually pass -1 as length to
pipeline_peek_skip, making it crash. Can be reproduced on the
strauss.debian.net porter box by just running dpkg and pressing j to
browse down to line ~120.
Samuel
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages man-db depends on:
ii bsdmainutils 8.0.5 collection of more utilities from
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii dpkg 1.15.5.5 Debian package management system
ii groff-base 1.20.1-6 GNU troff text-formatting system (
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libgdbm3 1.8.3-9 GNU dbm database routines (runtime
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
man-db recommends no packages.
Versions of packages man-db suggests:
ii elinks [www-browser] 0.12~pre5-1 advanced text-mode WWW browser
ii galeon [www-browser] 2.0.7-1.1 GNOME web browser for advanced use
ii groff 1.20.1-6 GNU troff text-formatting system
ii iceape-browser [www-browser 2.0.1-1 Iceape Navigator (Internet browser
ii iceweasel [www-browser] 3.5.6-1 lightweight web browser based on M
ii konqueror [www-browser] 4:4.3.2-1 KDE 4's advanced file manager, web
ii less 436-1 pager program similar to more
ii links [www-browser] 2.2-1+b1 Web browser running in text mode
ii links2 [www-browser] 2.2-1+b1 Web browser running in both graphi
ii lynx-cur [www-browser] 2.8.8dev.2-1 Text-mode WWW Browser with NLS sup
ii w3m [www-browser] 0.5.2-2.1 WWW browsable pager with excellent
-- debconf information:
* man-db/build-database: true
* man-db/rebuild-database: true
* man-db/install-setuid: true
man-db/auto-update: true
--
Samuel Thibault <[email protected]>
`When you say "I wrote a program that crashed Windows", people just stare at
you blankly and say "Hey, I got those with the system, *for free*".'
(By Linus Torvalds)
--- ./lib/pipeline.c.orig 2010-01-12 02:08:13.000000000 +0000
+++ ./lib/pipeline.c 2010-01-12 02:08:26.000000000 +0000
@@ -1507,8 +1507,12 @@
for (;;) {
w = write (pieces[i]->infd, block + pos[i],
peek_size - pos[i]);
- if (w >= 0 || errno == EAGAIN)
+ if (w >= 0)
break;
+ if (errno == EAGAIN) {
+ w = 0;
+ break;
+ }
if (errno == EINTR)
continue;
/* It may be useful for other processes to
