Bug#876388: marked as done (discover: segfaults)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 14 Jan 2018 21:49:40 +0000
with message-id <E1eaq9s-0003fC-Fz@fasolo.debian.org>
and subject line Bug#876388: fixed in discover 2.1.2-8
has caused the Debian Bug report #876388,
regarding discover: segfaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
876388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876388
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject:
• From: Anatolii Borodin <anatoly.borodin@gmail.com>
• Date: Thu, 21 Sep 2017 17:41:20 +0200
• Message-id: <CACNzp2n-CxO8_dtMKBoAchmnWfoGb7UsauEUc-e+Lc-Fn3T3bg@mail.gmail.com>

Package: discover
Version: 2.1.2-7.1
Tags: patch



Running `discover` produces a crash:

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x00007ffff787abfe in __GI___strdup (s=0x555500000000 <error:
Cannot access memory at address 0x555500000000>) at strdup.c:41
#2 0x00007ffff7bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2
#3 0x0000555555555a73 in ?? ()
#4 0x000055555555678e in ?? ()
#5 0x00007ffff78081c1 in __libc_start_main (main=0x555555555ea3,
argc=1, argv=0x7fffffffe358, init=<optimized out>, fini=<optimized
out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe348) at ../csu/libc-start.c:308
#6 0x000055555555559a in ?? ()

Here is the fix of the problem:

Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.


-- 
Mit freundlichen Grüßen,
Anatolii Borodin

From 4b7f09a2862fdf8a7811083d88057048f237ef7a Mon Sep 17 00:00:00 2001
From: Anatoly Borodin <anatoly.borodin@gmail.com>
Date: Thu, 21 Sep 2017 14:50:52 +0000
Subject: [PATCH] Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.
---
 sysdeps/linux/pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git sysdeps/linux/pci.c sysdeps/linux/pci.c
index 1101f523de1b..42a20d323728 100644
--- sysdeps/linux/pci.c
+++ sysdeps/linux/pci.c
@@ -160,7 +160,7 @@ _discover_get_pci_raw_sys(void)
     FILE *f;
     DIR *pciDir;
     struct dirent *pci_device_entry;
-    unsigned int len;
+    size_t len = 0;
     char *device_dir, *line, *class, *vendor, *model, *p;
     char **device_dir_list = NULL;
     size_t device_dir_list_len, device_dir_index, device_dir_index2;
-- 
2.14.1

--- End Message ---

--- Begin Message ---

• To: 876388-close@bugs.debian.org
• Subject: Bug#876388: fixed in discover 2.1.2-8
• From: Cyril Brulebois <kibi@debian.org>
• Date: Sun, 14 Jan 2018 21:49:40 +0000
• Message-id: <E1eaq9s-0003fC-Fz@fasolo.debian.org>

Source: discover
Source-Version: 2.1.2-8

We believe that the bug you reported is fixed in the latest version of
discover, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876388@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated discover package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 14 Jan 2018 21:27:01 +0000
Source: discover
Binary: discover libdiscover2 libdiscover-dev
Architecture: source
Version: 2.1.2-8
Distribution: unstable
Urgency: high
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description:
 discover   - hardware identification system
 libdiscover-dev - hardware identification library development files
 libdiscover2 - hardware identification library
Closes: 847266 848424 876388
Changes:
 discover (2.1.2-8) unstable; urgency=high
 .
   * Remove Gaudenz Steinlin and Otavio Salvador from Uploaders, with
     thanks for their past contributions (Closes: #848424, #847266).
   * Use correct type for the length parameter of the getline() call,
     thanks to Anatoly Borodin and Simon Quigley for writing and for
     forwarding the patch (Closes: #876388, LP: #1718687).
   * Restore -O2 optimization level, as switching to -O1 in the previous
     upload probably just happened to paper over this issue.
Checksums-Sha1:
 94013761b87e7ff7e4412a7975fbaa05769a8b2b 1926 discover_2.1.2-8.dsc
 da1ec07b2fe491ee8ae59c7b0e8700d981eed5a1 188653 discover_2.1.2-8.diff.gz
 22b38156777a817cd24e182800e79b12007bdd99 5445 discover_2.1.2-8_source.buildinfo
Checksums-Sha256:
 dd086a0bfbeb5947d7a646260a7f10749a30309c9c09093a7695f6c0271f94c5 1926 discover_2.1.2-8.dsc
 b3659bd8b3869aba77b9f20593286dba12adecabf0cf307d9346d533734a3d6f 188653 discover_2.1.2-8.diff.gz
 270485dff7c5f0cde8b54dcdfb47c9147f480a4e8cc7a00293d2967763c64915 5445 discover_2.1.2-8_source.buildinfo
Files:
 e3378a63b8c047ebe8619a1a850c94b4 1926 admin optional discover_2.1.2-8.dsc
 95acf2c0714a3f16b348ba1cae12df8e 188653 admin optional discover_2.1.2-8.diff.gz
 45d6539f869d0f4e4d6be4aa109058d6 5445 admin optional discover_2.1.2-8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAlpbzhYACgkQ/5FK8MKz
VSD6EBAAtHIGO/2uGhMDVMkWOrPts7JurTZwNllTXuIhbzEFJT3ZsbmheyDuxTNn
PLkoqcRvK6GtMW/ufBu0awvSTnB/OMUcZ0CV07m2zqwOxxz7KaWIZRFVxM8JuM1p
j0EyhGeS/TkFymiv5n/DUgaRcATXy6PuoOe3TkNICRXJU9pQI/nA2Qd+OA+MXjve
BzST16bi6TlLVRfWad5zFXXIH6eABDHrZY2mMtpx/4AFT5MMkyiLzY/HFAoKFKIa
Hdvy4/Hb5YzARvALp9c8M2Art3oi179LJtsw2/SOjegnJtOf1Ao4cXb8cieWSozB
GK+nSyOf/f3AyUdbWipkOkMfPYTCBtH0QnPlste6ARGi81xzjz2jHRAj3xwMjhId
QJYl+nvQM8UP2WHXSruvna2WWcr6/s5Rj8kklKIc55X+p57HNaKBT9fkIdvqurtk
7jlFR8sozYHyQuf1m7hS0SsNU5slBt5rasrgfaGtlaOvYjM3qPKKemAeKv3CffD5
Kjw58O8iha9RxapkmnXxaUqd6s08dtqAFZKmVK+oTCce1Ry1/s6dQVXALNJZYNwv
mO04N8j3yyjs/oytpfJZN7GhYeX9FHc5staWiOY0BMng567A/XhZdp7Q75f1hLkF
GLwvX4PXtlYVY57USyw1ttiVzOzSK5ygrXZG5Xe/rC7nNA47CGc=
=Ad9M
-----END PGP SIGNATURE-----

--- End Message ---