I have uploaded a new version of ‘file’ to unstable, it already migrated
to testing. This upload closes #403085 which the submitter of that bug
classified as ‘critical’. Though I am not convinced of the severity, I
hereby request inclusion of 4.17-5 in Etch.
The complete diff (apart from the changelog entry):
diff -r -u6 file_4.17-4/src/apprentice.c file_4.17-5/src/apprentice.c
--- file_4.17-4/src/apprentice.c 2006-03-02 23:08:57.000000000 +0100
+++ file_4.17-5/src/apprentice.c 2006-12-20 10:39:26.000000000 +0100
@@ -384,12 +384,13 @@
if ((marray = malloc(maxmagic * sizeof(*marray))) == NULL) {
(void)fclose(f);
file_oomem(ms);
return -1;
}
marraycount = 0;
+ (void) memset((void *)marray, 0, maxmagic * sizeof(*marray));
/* print silly verbose header for USG compat. */
if (action == FILE_CHECK)
(void)fprintf(stderr, "%s\n", hdr);
/* parse it */
diff -r -u2 file_4.17-4/src/magic.c file_4.17-5/src/magic.c
--- file_4.17-4/src/magic.c 2005-10-17 19:13:13.000000000 +0200
+++ file_4.17-5/src/magic.c 2006-12-20 10:39:26.000000000 +0100
@@ -87,4 +87,5 @@
if ((ms = malloc(sizeof(struct magic_set))) == NULL)
return NULL;
+ (void) memset((void *)ms, 0, sizeof(struct magic_set));
if (magic_setflags(ms, flags) == -1) {
As you can see, it contains merely two very innocent-looking memset
calls.
Bye,
Mike
--
|=| Michael Piefel
|=| Member of the Debian project
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil