Bug#760690: dpkg: Memory handling error detected during build

[Bálint Réczey]

Package: dpkg
Version: 1.17.14
Severity: normal
Tags: patch


Hi,

Running tests from Valgrind revealed an off-by-one error in Dpkg. The
first attached patch fixes it and the second just simplifies a
function I looked at while making the first fix.

Please consider accepting the first patch because I'm bootstrapping an
new port, hardened-amd64, which will enable ASAN by default and would
make dpkg crash due to this bug.

Cheers,
Balint
From 3d42c9bba7eb65ac5ff70a0a73919368caced533 Mon Sep 17 00:00:00 2001
From: Balint Reczey bal...@balintreczey.hu
Date: Thu, 4 Sep 2014 16:31:29 +0200
Subject: [PATCH 1/2] Fix off-by-one error in command argv size calculation

---
 lib/dpkg/command.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dpkg/command.c b/lib/dpkg/command.c
index 0044d83..f5b08ea 100644
--- a/lib/dpkg/command.c
+++ b/lib/dpkg/command.c
@@ -78,7 +78,7 @@ static void
 command_grow_argv(struct command *cmd, int need)
 {
 	/* Check if we already have enough room. */
-	if ((cmd-argv_size - cmd-argc) = need)
+	if ((cmd-argv_size - (cmd-argc + 1)) = need)
 		return;
 
 	cmd-argv_size = (cmd-argv_size + need) * 2;
-- 
2.1.0

From 9f696c9db21ed8972115074edb7830518110e842 Mon Sep 17 00:00:00 2001
From: Balint Reczey bal...@balintreczey.hu
Date: Thu, 4 Sep 2014 20:30:31 +0200
Subject: [PATCH 2/2] Simplify command_add_argv()

---
 lib/dpkg/command.c | 19 ++-
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/lib/dpkg/command.c b/lib/dpkg/command.c
index f5b08ea..ff2cf37 100644
--- a/lib/dpkg/command.c
+++ b/lib/dpkg/command.c
@@ -131,20 +131,13 @@ command_add_argl(struct command *cmd, const char **argv)
 void
 command_add_argv(struct command *cmd, va_list args)
 {
-	va_list args_copy;
-	int i, add_argc = 0;
-
-	va_copy(args_copy, args);
-	while (va_arg(args_copy, const char *) != NULL)
-		add_argc++;
-	va_end(args_copy);
-
-	command_grow_argv(cmd, add_argc);
-
-	for (i = 0; i  add_argc; i++)
-		cmd-argv[cmd-argc++] = va_arg(args, const char *);
+	const char * arg;
 
-	cmd-argv[cmd-argc] = NULL;
+	arg = va_arg(args, const char *);
+	while (arg != NULL) {
+		command_add_arg(cmd, arg);
+		arg = va_arg(args, const char *);
+	}
 }
 
 /**
-- 
2.1.0

Bug#760690: dpkg: Memory handling error detected during build

[Guillem Jover]

Hi!

On Sun, 2014-09-07 at 00:58:40 +0200, Bálint Réczey wrote:
 Package: dpkg
 Version: 1.17.14
 Severity: normal
 Tags: patch

 Running tests from Valgrind revealed an off-by-one error in Dpkg. The
 first attached patch fixes it and the second just simplifies a
 function I looked at while making the first fix.
 
 Please consider accepting the first patch because I'm bootstrapping an
 new port, hardened-amd64, which will enable ASAN by default and would
 make dpkg crash due to this bug.

Ah, indeed thanks! A fix will be included with 1.17.14.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org