Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
unblock eztrace/1.0.6-3 Hello, I have uploaded to unstable the attached changes, which quite obviously fix a very likely crash of eztrace, notably when MALLOC_PERTURB_ is set: in that case the allocated buffer is full of non-zeroes, and thus the first strcat below will overrun the buffer. Samuel -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17.0 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- Samuel "I don't know why, but first C programs tend to look a lot worse than first programs in any other language (maybe except for fortran, but then I suspect all fortran programs look like `firsts')" (By Olaf Kirch)
diff -Nru eztrace-1.0.6/debian/changelog eztrace-1.0.6/debian/changelog --- eztrace-1.0.6/debian/changelog 2014-11-24 14:44:10.000000000 +0100 +++ eztrace-1.0.6/debian/changelog 2014-12-02 22:56:58.000000000 +0100 @@ -1,3 +1,9 @@ +eztrace (1.0.6-3) unstable; urgency=medium + + * patches/git-ebe444a: Cherry-pick from upstream to fix uninitialized value. + + -- Samuel Thibault <[email protected]> Tue, 02 Dec 2014 22:56:57 +0100 + eztrace (1.0.6-2) unstable; urgency=medium [ Peter Michael Green ] diff -Nru eztrace-1.0.6/debian/patches/git-ebe444a eztrace-1.0.6/debian/patches/git-ebe444a --- eztrace-1.0.6/debian/patches/git-ebe444a 1970-01-01 01:00:00.000000000 +0100 +++ eztrace-1.0.6/debian/patches/git-ebe444a 2014-12-02 22:55:48.000000000 +0100 @@ -0,0 +1,18 @@ +commit ebe444a2b5f1e5e9dabee2f4c3c8dd1db866e826 +Author: François Trahay <[email protected]> +Date: Tue Dec 2 17:10:03 2014 +0100 + + fix a possible memory corruption bug + +diff --git a/src/core/eztrace.c.in b/src/core/eztrace.c.in +index 00d53d2..be4fffb 100644 +--- a/src/core/eztrace.c.in ++++ b/src/core/eztrace.c.in +@@ -170,6 +170,7 @@ int main(int argc, char **argv) { + arg_length += strlen(argv[nb_opts + 2 + i]) + 10; + } + char *args_concat = malloc(sizeof(char) * (arg_length + 1)); ++ args_concat[0]='\0'; + + for (i = 0; i < nb_args; i++) { + strcat(args_concat, argv[nb_opts + 2 + i]); diff -Nru eztrace-1.0.6/debian/patches/series eztrace-1.0.6/debian/patches/series --- eztrace-1.0.6/debian/patches/series 2014-11-24 13:23:57.000000000 +0100 +++ eztrace-1.0.6/debian/patches/series 2014-12-02 22:57:08.000000000 +0100 @@ -5,3 +5,4 @@ git-8be2d52dfe036666a75160aa33531a52d5f2257a git-0cb79edc3411c0e04e411d7c8f60a6596632a4ea no-armv7.patch +git-ebe444a
