On Thu, Sep 15, 2016 at 1:12 PM, Dan HorĂ¡k <d...@danny.cz> wrote:
> On Wed, 14 Sep 2016 20:50:49 +0100
> Richard Hughes <hughsi...@gmail.com> wrote:
>> Can we get somebody to revert
>> https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please.
>> The update was built to fix CVE-2015-5203 which fixes a double free
>> when opening corrupt JPEG-2000 files but in doing-so breaks quite a
>> few apps in the desktop spin causing them to exit with an assert deep
>> in libjasper.
>> In the update the function jas_stream_memopen has been changed:
>> -jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
>> +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
>> Unless I'm misunderstood things dramatically, size_t is basically
>> *unsigned* long integer, but this function offers a feature where if
>> the bufsize is -1 the buffer is realloc'd as needed. gdk-pixbuf2 uses
>> this feature for JPEG-2000 files. However, as size_t represents only
>> positive numbers, a conversion takes place to some very high number
>> and the allocation fails.
> one more case for enabling libabigail tests in bodhi ...

Indeed, I can clearly see that there are incompatible ABI changes [1]
with this update
on running libabigail tool. Right now, abichecks run [2] only on
sub-set of packages
but testers and developers can use libabigail tools [3] locally to see
possible ABI changes
which may occur with the package update. After reviewing ABI changes, action can
be taken accordingly.

[1] https://paste.fedoraproject.org/428310/
[3] https://sourceware.org/libabigail/manual/libabigail-tools.html#tools-manuals
devel mailing list

Reply via email to