Bug#876388: marked as done (discover: segfaults)
Your message dated Sat, 10 Mar 2018 23:17:09 + with message-idand subject line Bug#876388: fixed in discover 2.1.2-7.1+deb9u1 has caused the Debian Bug report #876388, regarding discover: segfaults to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876388 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: discover Version: 2.1.2-7.1 Tags: patch Running `discover` produces a crash: Program received signal SIGSEGV, Segmentation fault. __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120 120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory. (gdb) bt #0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120 #1 0x7787abfe in __GI___strdup (s=0x ) at strdup.c:41 #2 0x77bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2 #3 0x5a73 in ?? () #4 0x678e in ?? () #5 0x778081c1 in __libc_start_main (main=0x5ea3, argc=1, argv=0x7fffe358, init=, fini=, rtld_fini=, stack_end=0x7fffe348) at ../csu/libc-start.c:308 #6 0x559a in ?? () Here is the fix of the problem: Use the right type for `len`, avoid segmentation fault `getline()` requires its second parameter to be `size_t *`. On the amd64 platform the size of `unsigned int` is 4 and the size of `size_t` is 8 bytes. Using a wrong pointer type can lead to a stack variables corruption (overwriting with zeros) and a segmentation fault later. See also similar `len` declarations in `_discover_get_pci_raw_sys()` in the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` / `discover_get_usb_raw()` in the source code. -- Mit freundlichen Grüßen, Anatolii Borodin From 4b7f09a2862fdf8a7811083d88057048f237ef7a Mon Sep 17 00:00:00 2001 From: Anatoly Borodin Date: Thu, 21 Sep 2017 14:50:52 + Subject: [PATCH] Use the right type for `len`, avoid segmentation fault `getline()` requires its second parameter to be `size_t *`. On the amd64 platform the size of `unsigned int` is 4 and the size of `size_t` is 8 bytes. Using a wrong pointer type can lead to a stack variables corruption (overwriting with zeros) and a segmentation fault later. See also similar `len` declarations in `_discover_get_pci_raw_sys()` in the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` / `discover_get_usb_raw()` in the source code. --- sysdeps/linux/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git sysdeps/linux/pci.c sysdeps/linux/pci.c index 1101f523de1b..42a20d323728 100644 --- sysdeps/linux/pci.c +++ sysdeps/linux/pci.c @@ -160,7 +160,7 @@ _discover_get_pci_raw_sys(void) FILE *f; DIR *pciDir; struct dirent *pci_device_entry; -unsigned int len; +size_t len = 0; char *device_dir, *line, *class, *vendor, *model, *p; char **device_dir_list = NULL; size_t device_dir_list_len, device_dir_index, device_dir_index2; -- 2.14.1 --- End Message --- --- Begin Message --- Source: discover Source-Version: 2.1.2-7.1+deb9u1 We believe that the bug you reported is fixed in the latest version of discover, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk (supplier of updated discover package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 26 Feb 2018 21:38:40 +0200 Source: discover Binary: discover libdiscover2 libdiscover-dev Architecture: source Version: 2.1.2-7.1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Install System Team Changed-By: Adrian Bunk Description: discover - hardware identification system libdiscover-dev - hardware identification library development files libdiscover2 - hardware identification library Closes: 876388 Changes: discover (2.1.2-7.1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Use correct type for the length parameter of the
Bug#876388: marked as done (discover: segfaults)
Your message dated Sun, 14 Jan 2018 21:49:40 + with message-idand subject line Bug#876388: fixed in discover 2.1.2-8 has caused the Debian Bug report #876388, regarding discover: segfaults to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876388 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: discover Version: 2.1.2-7.1 Tags: patch Running `discover` produces a crash: Program received signal SIGSEGV, Segmentation fault. __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120 120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory. (gdb) bt #0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120 #1 0x7787abfe in __GI___strdup (s=0x ) at strdup.c:41 #2 0x77bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2 #3 0x5a73 in ?? () #4 0x678e in ?? () #5 0x778081c1 in __libc_start_main (main=0x5ea3, argc=1, argv=0x7fffe358, init=, fini=, rtld_fini=, stack_end=0x7fffe348) at ../csu/libc-start.c:308 #6 0x559a in ?? () Here is the fix of the problem: Use the right type for `len`, avoid segmentation fault `getline()` requires its second parameter to be `size_t *`. On the amd64 platform the size of `unsigned int` is 4 and the size of `size_t` is 8 bytes. Using a wrong pointer type can lead to a stack variables corruption (overwriting with zeros) and a segmentation fault later. See also similar `len` declarations in `_discover_get_pci_raw_sys()` in the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` / `discover_get_usb_raw()` in the source code. -- Mit freundlichen Grüßen, Anatolii Borodin From 4b7f09a2862fdf8a7811083d88057048f237ef7a Mon Sep 17 00:00:00 2001 From: Anatoly Borodin Date: Thu, 21 Sep 2017 14:50:52 + Subject: [PATCH] Use the right type for `len`, avoid segmentation fault `getline()` requires its second parameter to be `size_t *`. On the amd64 platform the size of `unsigned int` is 4 and the size of `size_t` is 8 bytes. Using a wrong pointer type can lead to a stack variables corruption (overwriting with zeros) and a segmentation fault later. See also similar `len` declarations in `_discover_get_pci_raw_sys()` in the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` / `discover_get_usb_raw()` in the source code. --- sysdeps/linux/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git sysdeps/linux/pci.c sysdeps/linux/pci.c index 1101f523de1b..42a20d323728 100644 --- sysdeps/linux/pci.c +++ sysdeps/linux/pci.c @@ -160,7 +160,7 @@ _discover_get_pci_raw_sys(void) FILE *f; DIR *pciDir; struct dirent *pci_device_entry; -unsigned int len; +size_t len = 0; char *device_dir, *line, *class, *vendor, *model, *p; char **device_dir_list = NULL; size_t device_dir_list_len, device_dir_index, device_dir_index2; -- 2.14.1 --- End Message --- --- Begin Message --- Source: discover Source-Version: 2.1.2-8 We believe that the bug you reported is fixed in the latest version of discover, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois (supplier of updated discover package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 14 Jan 2018 21:27:01 + Source: discover Binary: discover libdiscover2 libdiscover-dev Architecture: source Version: 2.1.2-8 Distribution: unstable Urgency: high Maintainer: Debian Install System Team Changed-By: Cyril Brulebois Description: discover - hardware identification system libdiscover-dev - hardware identification library development files libdiscover2 - hardware identification library Closes: 847266 848424 876388 Changes: discover (2.1.2-8) unstable; urgency=high . * Remove Gaudenz Steinlin and Otavio Salvador from Uploaders, with thanks for their past