Bug#895111: marked as done (ohcount: FTBFS on arm64 due to buffer overflow)

Sat, 07 Apr 2018 15:28:18 -0700 

Your message dated Sat, 07 Apr 2018 22:23:26 +0000
with message-id <e1f4wf4-0003ci...@fasolo.debian.org>
and subject line Bug#895111: fixed in ohcount 3.1.0-2
has caused the Debian Bug report #895111,
regarding ohcount: FTBFS on arm64 due to buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
895111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895111
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ohcount
Version: 3.1.0-1
Severity: serious
Tags: patch
Justification: FTBFS
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic ubuntu-patch

Dear Sylvestre,

ohcount 3.1.0-1 has been failing to build in unstable on arm64 (and in
Ubuntu on the same architecture) because an off-by-one error in the code
shows up as stack corruption in the build-time tests on this architecture. 
This buffer overflow may cause crashes on other architectures as well in
some circumstances, I haven't checked.

Please find attached the short patch for this issue, which has been uploaded
to Ubuntu to fix the build failure there.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slanga...@ubuntu.com                                     vor...@debian.org

diff -Nru ohcount-3.1.0/debian/patches/fix-buffer-overflow.patch 
ohcount-3.1.0/debian/patches/fix-buffer-overflow.patch
--- ohcount-3.1.0/debian/patches/fix-buffer-overflow.patch      1969-12-31 
16:00:00.000000000 -0800
+++ ohcount-3.1.0/debian/patches/fix-buffer-overflow.patch      2018-04-07 
00:24:49.000000000 -0700
@@ -0,0 +1,18 @@
+Description: fix a buffer overflow due to an off-by one
+ This manifests as a build failure on arm64 in Ubuntu.
+Author: Steve Langasek <steve.langa...@ubuntu.com>
+Last-Modified: 2018-04-07
+
+Index: ohcount-3.1.0/src/diff.c
+===================================================================
+--- ohcount-3.1.0.orig/src/diff.c
++++ ohcount-3.1.0/src/diff.c
+@@ -315,7 +315,7 @@ static int hash(char *line) {
+ void prepare(int i, const char *buf) {
+   struct line *p;
+   int j;
+-  char bufcpy[strlen(buf)];
++  char bufcpy[strlen(buf)+1];
+   char *l;
+ 
+   p = malloc(3*sizeof(struct line));
diff -Nru ohcount-3.1.0/debian/patches/series 
ohcount-3.1.0/debian/patches/series
--- ohcount-3.1.0/debian/patches/series 2018-01-14 10:03:49.000000000 -0800
+++ ohcount-3.1.0/debian/patches/series 2018-04-07 00:19:07.000000000 -0700
@@ -1,3 +1,4 @@
 disabled_test_suite.patch
 conflicting-type.diff
 build-cflags.diff
+fix-buffer-overflow.patch

--- End Message ---
--- Begin Message --- 
Source: ohcount
Source-Version: 3.1.0-2

We believe that the bug you reported is fixed in the latest version of
ohcount, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru <sylves...@debian.org> (supplier of updated ohcount package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 07 Apr 2018 23:40:10 +0200
Source: ohcount
Binary: ohcount ohcount-doc
Architecture: source amd64 all
Version: 3.1.0-2
Distribution: unstable
Urgency: medium
Maintainer: Sylvestre Ledru <sylves...@debian.org>
Changed-By: Sylvestre Ledru <sylves...@debian.org>
Description:
 ohcount    - Source code line counter
 ohcount-doc - Source code line counter - Documentation
Closes: 895111
Changes:
 ohcount (3.1.0-2) unstable; urgency=medium
 .
   * Fix a FTBFS (arm64 due to buffer overflow)
     Thanks to Steve Langasek for the patch
     (Closes: #895111)
Checksums-Sha1:
 52791a6d9250e8e87ee1c1fb89617db3acdbaf16 1999 ohcount_3.1.0-2.dsc
 2b8e051c9f2a317832b570cdcd74cd9e6254807b 7344 ohcount_3.1.0-2.debian.tar.xz
 0e848ff7529eebd28fdd1f5555e780f89298083c 248168 
ohcount-dbgsym_3.1.0-2_amd64.deb
 fe2db755bc18b78ff122b4d4cbcd09bb89b399a1 141760 ohcount-doc_3.1.0-2_all.deb
 53b3f5488a0878c710b2e048e7f3f8352de6b6c2 7270 ohcount_3.1.0-2_amd64.buildinfo
 e620d2bb380e4c8d6e3b8783adc103a89d114da0 299368 ohcount_3.1.0-2_amd64.deb
Checksums-Sha256:
 eab4182df5a77d6a2586a3c94895d9ecb185d37b5aa81c3e77c09fe161d1bf55 1999 
ohcount_3.1.0-2.dsc
 b72b323222f37934da76f4177b437e73e5d6aa36bac63a3c92ad9fa092d309fd 7344 
ohcount_3.1.0-2.debian.tar.xz
 bf8f529050d8ad87dbdc843630ffbf041b04f4c86be8154de923f1b4f7b6145d 248168 
ohcount-dbgsym_3.1.0-2_amd64.deb
 8053fa041916de9f82f22603b9e5aac208db4796daa3483fd71ea8c9f2172955 141760 
ohcount-doc_3.1.0-2_all.deb
 ea7323c934d02074aaaaff926300ea287f286408798a1153e64c271bbffb9be9 7270 
ohcount_3.1.0-2_amd64.buildinfo
 2ad9450fc9bcaaae0b5d95e1b74ab017f1f00af498466ae28e014aad5d766594 299368 
ohcount_3.1.0-2_amd64.deb
Files:
 5d2b1932a23b5d14231e9b44122b37ec 1999 utils optional ohcount_3.1.0-2.dsc
 87140b29482ca2dd852c8458a49f7b7b 7344 utils optional 
ohcount_3.1.0-2.debian.tar.xz
 e969de3eaf56b0bfb047fce58b346f91 248168 debug optional 
ohcount-dbgsym_3.1.0-2_amd64.deb
 4618e49e2512c359b47eccbb226c510f 141760 doc optional 
ohcount-doc_3.1.0-2_all.deb
 afad1aa7707ad9b93f1670543ab172fe 7270 utils optional 
ohcount_3.1.0-2_amd64.buildinfo
 3828d39cd5194c76b67237648b47ea31 299368 utils optional 
ohcount_3.1.0-2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtg21mU05vsTRqVzPfmUo2nUvG+EFAlrJP04ACgkQfmUo2nUv
G+H+/g/7BFtFgIsDvyidjuu++Rj3Jwt50Cj7AVLmB2lZN/Wecn1GSv6x2o73ws57
vVCOxr5SzYisYB1vLOG8Y4vzGEKNJFKnp91RAU99wABMBOgFdnE0VuRVa6Elt0yI
K8YfJNB8uZAXX1pmawE8WWWa2urqmvvOuH8PYs8qEpb0Wd6pD/Q/DxgxEXcvtTQF
jgtTywxb4yLGriVBNn88d6Z3VKOjh9vbM9mRiWBlGqNW+ZLVnu1id25PldChN9Ng
NvER/4XZsTit5fQWUIIUtTW3uKDixsXkTRiLT+fzV9TcEc6wv1N0RrdqHWWti2UU
ny+RBaY5zVTUGZK3BO3VU+HHIM9hx4ZuK4JBeIq3THVxqQbxpurMdpZJ1N0iNuA3
CXITsv670QqOUFfUoBTVYi2JxdMTm4ItxNY4FHS0/YUP6r58+9Tfp0efkHVrtanX
CRy2yZ9cftyoMQZeSnVSbSb1pdJEPWkJvUgUJpqXxA5hzX1esik0mxHayVv0wE6C
LW6YIq2ojRDmRtxTYyw1qh+wtST8pl+yvx0ufEHJUw0Pignr2byVOGdL6kE0kdGX
5j8kiIiKn0gOKLC0I8UZ4aKj5IosELS4KtV6HXXmk4cMmKLx4Tz40fle+cg8us1v
03f0I4wbmXDJc4CVRsWrm8gtgrcrQPHYAw5mHVJIQprJr07YTqQ=
=SFiL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to