[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#155362: marked as done (Some memory handling bugs)



Your message dated Sat, 31 Aug 2002 06:30:24 -0400
with message-id <E17l5WK-0005J3-00@auric.debian.org>
and subject line Bug#155362: fixed in dpkg 1.10.5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Aug 2002 00:22:31 +0000
>From smliedes@mail.student.oulu.fi Sat Aug 03 19:22:31 2002
Return-path: <smliedes@mail.student.oulu.fi>
Received: from ousrvr.oulu.fi (oulu.fi) [130.231.240.1] (root)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17b9AF-0007SP-00; Sat, 03 Aug 2002 19:22:31 -0500
Received: from paju.oulu.fi (paju.oulu.fi [130.231.240.20])
	by oulu.fi (8.8.5/8.8.5) with ESMTP id DAA23519
	for <submit@bugs.debian.org>; Sun, 4 Aug 2002 03:22:23 +0300 (EET DST)
Received: from rak166 (rak166.oulu.fi [130.231.6.166])
	by paju.oulu.fi (8.8.5/8.8.5) with ESMTP id DAA02222
	for <submit@bugs.debian.org>; Sun, 4 Aug 2002 03:22:22 +0300 (EEST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Sami Liedes <smliedes@mail.student.oulu.fi> (by way of Sami Liedes <smliedes@mail.student.oulu.fi>)
Subject: Some memory handling bugs
Date: Sun, 4 Aug 2002 03:22:29 +0300
User-Agent: KMail/1.4.2
To: submit@bugs.debian.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200208040322.29046.smliedes@mail.student.oulu.fi>
Delivered-To: submit@bugs.debian.org

Package: dpkg
Version: 1.10.4
Severity: normal
Tags: patch

There are at least three cases where dpkg accesses memory just outside
what it has allocated, and one memory leak. I believe the attached patch
fixes these problems (hope it comes through as is, I've had problems
with that before).

=09Sami


diff -ur dpkg-1.10.4/lib/database.c mod/lib/database.c
--- dpkg-1.10.4/lib/database.c=092002-05-06 19:18:15.000000000 +0300
+++ mod/lib/database.c=092002-08-03 22:34:36.000000000 +0300
@@ -181,7 +181,7 @@
   pointerp=3D bins + (hash(name) & (BINS-1));
   while (*pointerp && strcasecmp((*pointerp)->name,name))
     pointerp=3D &(*pointerp)->next;
-  if (*pointerp) return *pointerp;
+  if (*pointerp) { free(name); return *pointerp; }

   newpkg=3D nfmalloc(sizeof(struct pkginfo));
   blankpackage(newpkg);
diff -ur dpkg-1.10.4/lib/parse.c mod/lib/parse.c
--- dpkg-1.10.4/lib/parse.c=092002-05-06 19:18:15.000000000 +0300
+++ mod/lib/parse.c=092002-08-04 02:58:13.000000000 +0300
@@ -172,6 +172,7 @@
       for (;;) {
         if (c =3D=3D '\n' || c =3D=3D MSDOS_EOF_CHAR) {
           lno++;
+          if (EOF_mmap(dataptr, endptr)) break;
           c=3D getc_mmap(dataptr);
 /* Found double eol, or start of new field */
           if (EOF_mmap(dataptr, endptr) || c =3D=3D '\n' || !isspace(c))=
 break;
Only in mod/lib: parse.c~
diff -ur dpkg-1.10.4/lib/parsehelp.c mod/lib/parsehelp.c
--- dpkg-1.10.4/lib/parsehelp.c=092002-05-06 19:18:15.000000000 +0300
+++ mod/lib/parsehelp.c=092002-08-03 21:54:01.000000000 +0300
@@ -214,7 +214,7 @@
   } else {
     rversion->epoch=3D 0;
   }
-  rversion->version=3D nfstrnsave(string,end-string+1);
+  rversion->version=3D nfstrnsave(string,end-string);
   hyphen=3D strrchr(rversion->version,'-');
   if (hyphen) *hyphen++=3D 0;
   rversion->revision=3D hyphen ? hyphen : "";
diff -ur dpkg-1.10.4/main/main.c mod/main/main.c
--- dpkg-1.10.4/main/main.c=092002-06-02 07:26:46.000000000 +0300
+++ mod/main/main.c=092002-08-03 21:31:24.000000000 +0300
@@ -433,7 +433,7 @@
   int i, argc =3D 1;
   const char *const *arg =3D argv;
   while(*arg !=3D 0) { arg++; argc++; }
-  nargv=3D malloc(sizeof(char *) * argc + 2);
+  nargv=3D malloc(sizeof(char *) * (argc + 2));

   if (!nargv) ohshite(_("couldn't malloc in execbackend"));
   nargv[0]=3D strdup(cipaction->parg);


---------------------------------------
Received: (at 155362-close) by bugs.debian.org; 31 Aug 2002 10:38:55 +0000
>From rmurray@auric.debian.org Sat Aug 31 05:38:55 2002
Return-path: <rmurray@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17l5eY-0003PN-00; Sat, 31 Aug 2002 05:38:54 -0500
Received: from rmurray by auric.debian.org with local (Exim 3.35 1 (Debian))
	id 17l5WK-0005J3-00; Sat, 31 Aug 2002 06:30:24 -0400
From: Adam Heath <doogie@debian.org>
To: 155362-close@bugs.debian.org
X-Katie: $Revision: 1.17 $
Subject: Bug#155362: fixed in dpkg 1.10.5
Message-Id: <E17l5WK-0005J3-00@auric.debian.org>
Sender: Ryan Murray <rmurray@auric.debian.org>
Date: Sat, 31 Aug 2002 06:30:24 -0400
Delivered-To: 155362-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.10.5_all.deb
  to pool/main/d/dpkg/dpkg-dev_1.10.5_all.deb
dpkg-doc_1.10.5_all.deb
  to pool/main/d/dpkg/dpkg-doc_1.10.5_all.deb
dpkg_1.10.5.dsc
  to pool/main/d/dpkg/dpkg_1.10.5.dsc
dpkg_1.10.5.tar.gz
  to pool/main/d/dpkg/dpkg_1.10.5.tar.gz
dpkg_1.10.5_i386.deb
  to pool/main/d/dpkg/dpkg_1.10.5_i386.deb
dselect_1.10.5_i386.deb
  to pool/main/d/dpkg/dselect_1.10.5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 155362@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Heath <doogie@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 29 Aug 2002 16:43:15 -0500
Source: dpkg
Binary: dpkg-static dselect dpkg-dev dpkg-doc dpkg
Architecture: source all i386
Version: 1.10.5
Distribution: unstable
Urgency: low
Maintainer: Dpkg Development <debian-dpkg@lists.debian.org>
Changed-By: Adam Heath <doogie@debian.org>
Description: 
 dpkg       - Package maintenance system for Debian
 dpkg-dev   - Package building tools for Debian
 dpkg-doc   - Dpkg Internals Documentation
 dselect    - a user tool to manage Debian packages
Closes: 147492 153769 154257 154503 154898 155362 156437 156545 157304 157453 157762
Changes: 
 dpkg (1.10.5) unstable; urgency=low
 .
   * Fix segfault in md5sum if the file being checked doesn't exist.
     Closes: #154503.
   * Fix extraction of md5sum in dpkg-scanpackages.  Closes: #153769.
   * Handle directories better in md5sum.  Closes: #157453.
   * Fix read past buffer in lib/nfmalloc.c.  Closes: #157304.
   * Fix several read pass buffer bugs, and a memleak.  Closes: #155362.
   * Fix segfault when --auto-deconfigure is given.  Closes: #157762.
   * Allow spaces between the end of a version, and the trailing ')'.
     Closes: #154898.
   * Fixes for HURD:  Closes: #156545
     * Add i386-gnu0.3 to archtable.
     * Fix handling of static compiles, with regard to zlib.
   * Previous install-infos(before 1.10) handled multiple dir file entries,
     because they would copy the entire stanza unmodified.  The newest
     version does not do this, as it reformats the options, and thereby
     only takes the first line.  So, we now split all the lines from the
     stanza, and process them all.  Closes: #147492.
   * Fix corruption of available file, caused by use of memory that was
     previously freed.  Closes: #154257.
   * Fix several minor memleaks.
   * Remove /usr/sbin/start-stop-daemon.  Closes: #156437.
Files: 
 8ca73db018cab82b48c6417138d456cb 716 base required dpkg_1.10.5.dsc
 4eebb8207cbb172e96dd8e4c258663dc 1568097 base required dpkg_1.10.5.tar.gz
 8878555aaf21faeecb6efaace48caac4 1136194 base required dpkg_1.10.5_i386.deb
 97a0772ce9ea2aff0678fe747e6d1303 89588 base required dselect_1.10.5_i386.deb
 5fe280f17cf726fbe1c0aec5f7c9e6bc 1126796 byhand - dpkg-1.10.5_i386.nondebbin.tar.gz
 83d81f422079ae537854124b91b15747 1628852 byhand - dpkg-1.10.5_i386-static.nondebbin.tar.gz
 ffdfb744fe93761ce05798185bbaccbc 111730 utils standard dpkg-dev_1.10.5_all.deb
 d54cda2f79bbbbdc9d73842825830dcd 10692 doc optional dpkg-doc_1.10.5_all.deb
 4eebb8207cbb172e96dd8e4c258663dc 1568097 byhand - dpkg-1.10.5.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9bpjziix9wovUpIkRAgEnAJ9GpFqYbH+b1/kFq8q55yumPLGStQCdEJ6v
aLVWOqCgkb9aXi1P3Xp4FA4=
=5q//
-----END PGP SIGNATURE-----



Reply to: