Bug#846948: jessie-pu: package file/1:5.22+15-2+deb8u3

[Christoph Biedl <debian.axhn@manchmal.in-ulm.de>]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello release team,

A memory leak was found in in libmagic's (src:file) loader of magic
files, appearently independently by Shi Yin in PR/569[1] and Arnaud
Quette in #840754[2]. This was fixed upstream in version 5.29 which is
in testing and unstable (as 1:5.29-1), oldstable/wheezy doesn't seem to
have this problem.

For stable/jessie I'd like to handle this in the next point release.

The actual fix is commit FILE5_28-42-g10ee4ec[3] where commit
FILE5_24-31-g3aa35aa[4] is needed as a prerequisite. I've dropped a
hunk from that fix which AFAICS is not relevant for Debian and would
otherwise require the inclusion FILE5_25-3-gb0ccffd[5] as another
prerequisite: According to its description, that third commit is needed
on systems without mmap only.

Find attached:

* A debdiff for 1:5.22+15-2+deb8u3
* A commulative patch about the code changes to ease review.

After applying the patch, the valgrind check as described in the BTS
no longer reports leaks.

Regards,

    Christoph

[1] https://bugs.gw.com/view.php?id=569
[2] https://bugs.debian.org/840754
[3] https://github.com/file/file/commit/FILE5_28-42-g10ee4ec
[4] https://github.com/file/file/commit/FILE5_24-31-g3aa35aa
[5] https://github.com/file/file/commit/FILE5_25-3-gb0ccffd

diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog	2016-05-09 08:23:30.000000000 +0200
+++ file-5.22+15/debian/changelog	2016-12-04 10:00:07.000000000 +0100
@@ -1,3 +1,9 @@
+file (1:5.22+15-2+deb8u3) stable; urgency=medium
+
+  * Fix memory leak in magic loader. Closes: #840754
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sun, 04 Dec 2016 10:00:07 +0100
+
 file (1:5.22+15-2+deb8u2) stable; urgency=high
 
   * Fix CVE-2015-8865:
diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
--- file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch	2016-12-02 00:00:46.000000000 +0100
@@ -0,0 +1,32 @@
+Subject: Don't leak memory when loading non-compiled files
+Origin: FILE5_24-31-g3aa35aa
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Thu Sep 10 13:59:47 2015 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -538,6 +538,7 @@
+ private void
+ apprentice_unmap(struct magic_map *map)
+ {
++	size_t i;
+ 	if (map == NULL)
+ 		return;
+ 
+@@ -550,6 +551,8 @@
+ #endif
+ 	case MAP_TYPE_MALLOC:
+ 		free(map->p);
++		for (i = 0; i < MAGIC_SETS; i++)
++			free(map->magic[i]);
+ 		break;
+ 	case MAP_TYPE_USER:
+ 		break;
+@@ -1285,6 +1288,7 @@
+ 		file_oomem(ms, sizeof(*map));
+ 		return NULL;
+ 	}
++	map->type = MAP_TYPE_MALLOC;
+ 
+ 	/* print silly verbose header for USG compat. */
+ 	if (action == FILE_CHECK)
diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
--- file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch	2016-12-04 09:36:35.000000000 +0100
@@ -0,0 +1,22 @@
+Subject: PR/569: Shi Yin: Fix memory leak
+Origin: FILE5_28-42-g10ee4ec
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Sun Sep 11 13:53:02 2016 +0000
+Comment: Only relevant parts of that commit were used
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -404,11 +404,11 @@
+ {
+ 	struct mlist *ml;
+ 
+-	mlp->map = idx == 0 ? map : NULL;
++	mlp->map = NULL;
+ 	if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL)
+ 		return -1;
+ 
+-	ml->map = NULL;
++	ml->map = idx == 0 ? map : NULL;
+ 	ml->magic = map->magic[idx];
+ 	ml->nmagic = map->nmagic[idx];
+ 
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series	2016-05-09 08:10:53.000000000 +0200
+++ file-5.22+15/debian/patches/series	2016-12-04 09:50:30.000000000 +0100
@@ -13,3 +13,5 @@
 cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
 cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
 CVE-2015-8865.6713ca4.patch
+cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
+cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch

diff --git a/src/apprentice.c b/src/apprentice.c
index 1b574c5..ec7ac36 100644
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -404,11 +404,11 @@ add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx)
 {
 	struct mlist *ml;
 
-	mlp->map = idx == 0 ? map : NULL;
+	mlp->map = NULL;
 	if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL)
 		return -1;
 
-	ml->map = NULL;
+	ml->map = idx == 0 ? map : NULL;
 	ml->magic = map->magic[idx];
 	ml->nmagic = map->nmagic[idx];
 
@@ -538,6 +538,7 @@ free:
 private void
 apprentice_unmap(struct magic_map *map)
 {
+	size_t i;
 	if (map == NULL)
 		return;
 
@@ -550,6 +551,8 @@ apprentice_unmap(struct magic_map *map)
 #endif
 	case MAP_TYPE_MALLOC:
 		free(map->p);
+		for (i = 0; i < MAGIC_SETS; i++)
+			free(map->magic[i]);
 		break;
 	case MAP_TYPE_USER:
 		break;
@@ -1285,6 +1288,7 @@ apprentice_load(struct magic_set *ms, const char *fn, int action)
 		file_oomem(ms, sizeof(*map));
 		return NULL;
 	}
+	map->type = MAP_TYPE_MALLOC;
 
 	/* print silly verbose header for USG compat. */
 	if (action == FILE_CHECK)

Attachment: signature.asc
Description: Digital signature