On Thu, Sep 15, 2016 at 1:12 PM, Dan Horák <d...@danny.cz> wrote:
> On Wed, 14 Sep 2016 20:50:49 +0100
> Richard Hughes <hughsi...@gmail.com> wrote:
>> Can we get somebody to revert
>> https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please.
>> The update was built to fix CVE-2015-5203 which fixes a double free
>> when opening corrupt JPEG-2000 files but in doing-so breaks quite a
>> few apps in the desktop spin causing them to exit with an assert deep
>> in libjasper.
>> In the update the function jas_stream_memopen has been changed:
>> -jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
>> +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
>> Unless I'm misunderstood things dramatically, size_t is basically
>> *unsigned* long integer, but this function offers a feature where if
>> the bufsize is -1 the buffer is realloc'd as needed. gdk-pixbuf2 uses
>> this feature for JPEG-2000 files. However, as size_t represents only
>> positive numbers, a conversion takes place to some very high number
>> and the allocation fails.
> one more case for enabling libabigail tests in bodhi ...
Indeed, I can clearly see that there are incompatible ABI changes 
with this update
on running libabigail tool. Right now, abichecks run  only on
sub-set of packages
but testers and developers can use libabigail tools  locally to see
possible ABI changes
which may occur with the package update. After reviewing ABI changes, action can
be taken accordingly.
devel mailing list