Bug#876388: marked as done (discover: segfaults)

2018-03-10 Thread Debian Bug Tracking System 
Your message dated Sat, 10 Mar 2018 23:17:09 +
with message-id 
and subject line Bug#876388: fixed in discover 2.1.2-7.1+deb9u1
has caused the Debian Bug report #876388,
regarding discover: segfaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876388
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: discover
Version: 2.1.2-7.1
Tags: patch



Running `discover` produces a crash:

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x7787abfe in __GI___strdup (s=0x ) at strdup.c:41
#2 0x77bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2
#3 0x5a73 in ?? ()
#4 0x678e in ?? ()
#5 0x778081c1 in __libc_start_main (main=0x5ea3,
argc=1, argv=0x7fffe358, init=, fini=, rtld_fini=,
stack_end=0x7fffe348) at ../csu/libc-start.c:308
#6 0x559a in ?? ()

Here is the fix of the problem:

Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.


-- 
Mit freundlichen Grüßen,
Anatolii Borodin
From 4b7f09a2862fdf8a7811083d88057048f237ef7a Mon Sep 17 00:00:00 2001
From: Anatoly Borodin 
Date: Thu, 21 Sep 2017 14:50:52 +
Subject: [PATCH] Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.
---
 sysdeps/linux/pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git sysdeps/linux/pci.c sysdeps/linux/pci.c
index 1101f523de1b..42a20d323728 100644
--- sysdeps/linux/pci.c
+++ sysdeps/linux/pci.c
@@ -160,7 +160,7 @@ _discover_get_pci_raw_sys(void)
 FILE *f;
 DIR *pciDir;
 struct dirent *pci_device_entry;
-unsigned int len;
+size_t len = 0;
 char *device_dir, *line, *class, *vendor, *model, *p;
 char **device_dir_list = NULL;
 size_t device_dir_list_len, device_dir_index, device_dir_index2;
-- 
2.14.1

--- End Message ---
--- Begin Message ---
Source: discover
Source-Version: 2.1.2-7.1+deb9u1

We believe that the bug you reported is fixed in the latest version of
discover, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated discover package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 26 Feb 2018 21:38:40 +0200
Source: discover
Binary: discover libdiscover2 libdiscover-dev
Architecture: source
Version: 2.1.2-7.1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Adrian Bunk 
Description:
 discover   - hardware identification system
 libdiscover-dev - hardware identification library development files
 libdiscover2 - hardware identification library
Closes: 876388
Changes:
 discover (2.1.2-7.1+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * Use correct type for the length parameter of the

Bug#876388: marked as done (discover: segfaults)

2018-01-14 Thread Debian Bug Tracking System 
Your message dated Sun, 14 Jan 2018 21:49:40 +
with message-id 
and subject line Bug#876388: fixed in discover 2.1.2-8
has caused the Debian Bug report #876388,
regarding discover: segfaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876388
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: discover
Version: 2.1.2-7.1
Tags: patch



Running `discover` produces a crash:

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x7787abfe in __GI___strdup (s=0x ) at strdup.c:41
#2 0x77bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2
#3 0x5a73 in ?? ()
#4 0x678e in ?? ()
#5 0x778081c1 in __libc_start_main (main=0x5ea3,
argc=1, argv=0x7fffe358, init=, fini=, rtld_fini=,
stack_end=0x7fffe348) at ../csu/libc-start.c:308
#6 0x559a in ?? ()

Here is the fix of the problem:

Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.


-- 
Mit freundlichen Grüßen,
Anatolii Borodin
From 4b7f09a2862fdf8a7811083d88057048f237ef7a Mon Sep 17 00:00:00 2001
From: Anatoly Borodin 
Date: Thu, 21 Sep 2017 14:50:52 +
Subject: [PATCH] Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.
---
 sysdeps/linux/pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git sysdeps/linux/pci.c sysdeps/linux/pci.c
index 1101f523de1b..42a20d323728 100644
--- sysdeps/linux/pci.c
+++ sysdeps/linux/pci.c
@@ -160,7 +160,7 @@ _discover_get_pci_raw_sys(void)
 FILE *f;
 DIR *pciDir;
 struct dirent *pci_device_entry;
-unsigned int len;
+size_t len = 0;
 char *device_dir, *line, *class, *vendor, *model, *p;
 char **device_dir_list = NULL;
 size_t device_dir_list_len, device_dir_index, device_dir_index2;
-- 
2.14.1

--- End Message ---
--- Begin Message ---
Source: discover
Source-Version: 2.1.2-8

We believe that the bug you reported is fixed in the latest version of
discover, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois  (supplier of updated discover package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 14 Jan 2018 21:27:01 +
Source: discover
Binary: discover libdiscover2 libdiscover-dev
Architecture: source
Version: 2.1.2-8
Distribution: unstable
Urgency: high
Maintainer: Debian Install System Team 
Changed-By: Cyril Brulebois 
Description:
 discover   - hardware identification system
 libdiscover-dev - hardware identification library development files
 libdiscover2 - hardware identification library
Closes: 847266 848424 876388
Changes:
 discover (2.1.2-8) unstable; urgency=high
 .
   * Remove Gaudenz Steinlin and Otavio Salvador from Uploaders, with
 thanks for their past