Bug#898297: ufraw/ufraw-batch: segfault during ufraw_close (program shutdown)

2018-10-15 Thread Lauro Moura 
Package: ufraw
Version: 0.22-3
Followup-For: Bug #898297
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch

*** /tmp/tmp3CJ0Wh/bug_body

In Ubuntu I had to add checks to both ld_modifier_destroy calls. It
fixes the segfault on exit.


-- System Information:
Debian Release: buster/sid
  APT prefers bionic-updates
  APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 
'bionic'), (100, 'bionic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-34-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru ufraw-0.22/debian/patches/05_lensfun_destroy_cleanup.patch 
ufraw-0.22/debian/patches/05_lensfun_destroy_cleanup.patch
--- ufraw-0.22/debian/patches/05_lensfun_destroy_cleanup.patch  1969-12-31 
21:00:00.0 -0300
+++ ufraw-0.22/debian/patches/05_lensfun_destroy_cleanup.patch  2018-10-15 
19:43:41.0 -0300
@@ -0,0 +1,20 @@
+Fix cleanup of lensfun, as suggested in
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898297
+Index: ufraw-0.22/ufraw_ufraw.c
+===
+--- ufraw-0.22.orig/ufraw_ufraw.c
 ufraw-0.22/ufraw_ufraw.c
+@@ -767,8 +767,10 @@ void ufraw_close(ufraw_data *uf)
+ g_free(uf->displayProfile);
+ g_free(uf->RawHistogram);
+ #ifdef HAVE_LENSFUN
+-lf_modifier_destroy(uf->TCAmodifier);
+-lf_modifier_destroy(uf->modifier);
++if (uf->TCAmodifier != NULL)
++lf_modifier_destroy(uf->TCAmodifier);
++if (uf->modifier != NULL)
++lf_modifier_destroy(uf->modifier);
+ #endif
+ ufobject_delete(uf->conf->ufobject);
+ g_free(uf->conf);
diff -Nru ufraw-0.22/debian/patches/series ufraw-0.22/debian/patches/series
--- ufraw-0.22/debian/patches/series2017-10-20 22:37:33.0 -0300
+++ ufraw-0.22/debian/patches/series2018-10-15 19:44:42.0 -0300
@@ -2,3 +2,4 @@
 02_CVE-2015-8366.patch
 03_fix-unsigned-char.patch
 04_fix-abs-gcc-7.patch
+05_lensfun_destroy_cleanup.patch

Bug#898297: ufraw/ufraw-batch: segfault during ufraw_close (program shutdown)

2018-05-09 Thread Helmut Grohne 
Package: ufraw-batch,ufraw
Version: 0.22-3
Severity: important
Tags: upstream

I am observing a segmentation fault when processing any file with ufraw
or ufraw-batch with any combination of options I tried. The segfault
happens after closing a file:

(gdb) bt
#0  lfModifier::~lfModifier (this=0x0, __in_chrg=) at 
./libs/lensfun/modifier.cpp:270
#1  0x7f53406cb2f9 in lfModifier::Destroy (this=0x0) at 
./libs/lensfun/modifier.cpp:143
#2  0x7f53406cb395 in lf_modifier_destroy (modifier=) at 
./libs/lensfun/modifier.cpp:308
#3  0x559485cd368a in ufraw_close (uf=0x559487c6ece0) at ufraw_ufraw.c:770
#4  0x559485cce2da in main (argc=, argv=) at 
ufraw-batch.c:107
(gdb)

While ufraw takes care to check uf->TCAmodifier against NULL, it doesn't
in ufraw_ufraw.c line 770 and just passes a NULL pointer to
lf_modifier_destroy. Sounds like all we need here is a NULL pointer
check (untested):

--- a/ufraw_ufraw.c
+++ b/ufraw_ufraw.c
@@ -767,7 +767,8 @@
 g_free(uf->displayProfile);
 g_free(uf->RawHistogram);
 #ifdef HAVE_LENSFUN
-lf_modifier_destroy(uf->TCAmodifier);
+if (uf->TCAmodifier != NULL)
+lf_modifier_destroy(uf->TCAmodifier);
 lf_modifier_destroy(uf->modifier);
 #endif
 ufobject_delete(uf->conf->ufobject);

This pretty much breaks ufraw-batch, because it segfaults after
processing the first file.

Helmut