tag 650359 + patch thanks Hello,
It seems that the assert in gmpc_easy_handler_get_data_as_string causes a NULL pointer dereference (should have spotted that earlier, sorry). This patch disables the assert if data is NULL. Can you please test it and tell me if it solves the bug ? Thanks ! -- Etienne Millon
>From c57d6d4a944bfc8b0a518f67ca357a5668c10596 Mon Sep 17 00:00:00 2001 From: Etienne Millon <m...@emillon.org> Date: Wed, 18 Jul 2012 11:49:54 +0200 Subject: [PATCH] Fix NULL pointer dereference (#650359) --- debian/changelog | 6 +++++ .../0009-Add-NULL-check-in-easy_download.patch | 27 ++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 34 insertions(+) create mode 100644 debian/patches/0009-Add-NULL-check-in-easy_download.patch diff --git a/debian/changelog b/debian/changelog index 0262b67..b045e9c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +gmpc (11.8.16-4) UNRELEASED; urgency=low + + * New patch fixing a NULL pointer dereference (Closes: #650359) + + -- Etienne Millon <etienne.mil...@gmail.com> Wed, 18 Jul 2012 11:48:06 +0200 + gmpc (11.8.16-3) unstable; urgency=low * New patches : diff --git a/debian/patches/0009-Add-NULL-check-in-easy_download.patch b/debian/patches/0009-Add-NULL-check-in-easy_download.patch new file mode 100644 index 0000000..9a1bbdb --- /dev/null +++ b/debian/patches/0009-Add-NULL-check-in-easy_download.patch @@ -0,0 +1,27 @@ +From: Etienne Millon <m...@emillon.org> +Date: Wed, 18 Jul 2012 11:45:12 +0200 +Subject: Add NULL check in easy_download + +gmpc_easy_handler_get_data_as_string checks that data is nul-terminated, but +this fails if data is NULL. This adds a check around the assert. + +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650359 +--- + src/Tools/gmpc_easy_download.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/Tools/gmpc_easy_download.c b/src/Tools/gmpc_easy_download.c +index db5398a..1b9c9cd 100644 +--- a/src/Tools/gmpc_easy_download.c ++++ b/src/Tools/gmpc_easy_download.c +@@ -499,7 +499,9 @@ const guchar *gmpc_easy_handler_get_data_vala_wrap(const GEADAsyncHandler * hand + const char *gmpc_easy_handler_get_data_as_string(const GEADAsyncHandler * handle) + { + _GEADAsyncHandler *d = (_GEADAsyncHandler *) handle; +- g_assert(d->data[d->length] == '\0'); ++ if (d->data != NULL) { ++ g_assert(d->data[d->length] == '\0'); ++ } + return (gchar *) d->data; + } + void gmpc_easy_handler_set_user_data(const GEADAsyncHandler * handle, gpointer user_data) diff --git a/debian/patches/series b/debian/patches/series index 63b924d..d2855b4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ 0006-Fix-MetaData-object-vala-binding.-fix-vala-13.3-buil.patch 0007-Fix-timeout-when-connecting-to-a-slow-mpd.patch 0008-Fix-build-with-valac-0.16.patch +0009-Add-NULL-check-in-easy_download.patch -- 1.7.10.4
