Re: djvulibre-plugin/testing and #504340

To: 504340@bugs.debian.org
Cc: debian-release@lists.debian.org
Subject: Re: djvulibre-plugin/testing and #504340
From: Thomas Viehmann <tv@beamnet.de>
Date: Fri, 19 Dec 2008 00:16:54 +0100
Message-id: <[🔎] 494AD9E6.1010500@beamnet.de>
In-reply-to: <[🔎] 49483A14.40409@beamnet.de>
References: <[🔎] 49483A14.40409@beamnet.de>

Hi,

so here is an update on the djvulibre-plugin segfault.
Using only the upstream patch, the segfault remained for me, the plugin
segfaulting at the first line changed in the patch. There seems to be
some race condition: sprinkling a few fprintf's for debugging makes the
segfault go away, as does the attached, slightly more orthodox patch.
Unfortunately, I don't have a full analysis to offer, but it would seem
that the attached strictly reduces the problem and in my testing (both
in a testing chroot and compiling the testing version in unstable)
resulted in the submitter's example link and a few other attempts
working where they segfaulted without the patch and with only the
upstream part.

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/

diff -u djvulibre-3.5.20/debian/changelog djvulibre-3.5.20/debian/changelog
--- djvulibre-3.5.20/debian/changelog
+++ djvulibre-3.5.20/debian/changelog
@@ -1,3 +1,12 @@
+djvulibre (3.5.20-8+lenny1) testing; urgency=low
+
+  * Non-maintainer upload.
+  * djvulibre-plugin: Verify data passed to SetWindow plugin
+    callback to avoid crash. Patch from upstream, slightly amended.
+    Closes: #504340, #507972
+
+ -- Thomas Viehmann <tv@ramanujan>  Tue, 16 Dec 2008 22:38:06 +0100
+
 djvulibre (3.5.20-8+lenny0) testing; urgency=low
 
   * Non-maintainer upload to testing.
only in patch2:
unchanged:
--- djvulibre-3.5.20.orig/gui/nsdejavu/nsdejavu.c
+++ djvulibre-3.5.20/gui/nsdejavu/nsdejavu.c
@@ -2037,7 +2037,7 @@
 
   if (map_lookup(&instance, id, &inst) < 0)
     return NPERR_INVALID_INSTANCE_ERROR;
-  cur_window = inst->window;
+  cur_window = (inst) ? inst->window : 0;
   new_window = (win_str) ? (Window) win_str->window : 0;
   if (cur_window)
     {
@@ -2054,9 +2054,10 @@
     }
   if (new_window)
     {
-      NPSetWindowCallbackStruct *cbs 
-        = (NPSetWindowCallbackStruct *) win_str->ws_info;
-      Display * displ=cbs->display;
+      Display *displ = 0;
+      if (NPN_GetValue(np_inst, NPNVxDisplay, &displ) != NPERR_NO_ERROR)
+        displ = ((NPSetWindowCallbackStruct *)(win_str->ws_info))->display;
+      
       if (!IsConnectionOK(FALSE)) 
         return NPERR_GENERIC_ERROR;
       if (Attach(displ, new_window, id) < 0)

Reply to:

Follow-Ups:
- Re: Bug#504340: djvulibre-plugin/testing and #504340
  - From: Leon Bottou <leon@bottou.org>

References:
- djvulibre-plugin #504340: upstream patch not successful in lenny?
  - From: Thomas Viehmann <tv@beamnet.de>

Prev by Date: unblock request for libhid
Next by Date: Freeze exception for kernel-patch-nfs-ngroups 4.58+nmu1
Previous by thread: djvulibre-plugin #504340: upstream patch not successful in lenny?
Next by thread: Re: Bug#504340: djvulibre-plugin/testing and #504340
Index(es):
- Date
- Thread