Bug#854465: unblock: jdupes/1.7-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#854465: unblock: jdupes/1.7-2
From: Joao Eriberto Mota Filho <eriberto@debian.org>
Date: Tue, 07 Feb 2017 10:30:34 -0200
Message-id: <[🔎] 148647063412.30090.6836711420637894482.reportbug@octans.dc.eb.mil.br>
Reply-to: Joao Eriberto Mota Filho <eriberto@debian.org>, 854465@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package jdupes.

Some considerations:

  * The revision fix a segment fault issue when jdupes is used in some
    conditions. It will close #854427, severity important.

  * The patch used to fix was generated by the upstream.

  * The package was already uploaded to Sid and it builds correctly
    on all applicable architectures.

  * There is a debdiff attached.

  * The debian/changelog says:

    jdupes (1.7-2) unstable; urgency=medium

      * debian/patches/10_fix-segfault.patch: added to fix a segmentation
        fault in jdupes. (Closes: #854427)

Thanks in advance.

Regards,

Eriberto

diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog	2017-01-03 17:30:04.000000000 -0200
+++ jdupes-1.7/debian/changelog	2017-02-06 22:19:51.000000000 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2) unstable; urgency=medium
+
+  * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
+    jdupes. (Closes: #854427)
+
+ -- Joao Eriberto Mota Filho <eriberto@debian.org>  Mon, 06 Feb 2017 22:19:51 -0200
+
 jdupes (1.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch jdupes-1.7/debian/patches/10_fix-segfault.patch
--- jdupes-1.7/debian/patches/10_fix-segfault.patch	1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/10_fix-segfault.patch	2017-02-06 22:19:33.000000000 -0200
@@ -0,0 +1,147 @@
+Description: fix a major bug in string_malloc()'s free list functionality
+             (Closes: #854427)
+Author: Jody Bruchon <jody@jodybruchon.com>
+Last-Update: 2017-01-19
+Index: jdupes-1.7/string_malloc.c
+===================================================================
+--- jdupes-1.7.orig/string_malloc.c
++++ jdupes-1.7/string_malloc.c
+@@ -30,7 +30,7 @@
+ #endif
+ 
+ static void *sma_head = NULL;
+-static uintptr_t *sma_lastpage = NULL;
++static uintptr_t *sma_curpage = NULL;
+ static unsigned int sma_pages = 0;
+ static void *sma_freelist[SMA_MAX_FREE];
+ static int sma_freelist_cnt = 0;
+@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0;
+ /* Scan the freed chunk list for a suitably sized object */
+ static inline void *scan_freelist(const size_t size)
+ {
+-	size_t *min_p, *object;
++	size_t *object, *min_p;
+ 	size_t sz, min = 0;
+-	int i, used = 0;
++	int i, used = 0, min_i = -1;
+ 
+ 	/* Don't bother scanning if the list is empty */
+ 	if (sma_freelist_cnt == 0) return NULL;
+@@ -74,9 +74,9 @@ static inline void *scan_freelist(const
+ 		/* Skip smaller objects */
+ 		if (sz < size) continue;
+ 		/* Object is big enough; record if it's the new minimum */
+-		if (min == 0 || sz < min) {
++		if (min == 0 || sz <= min) {
+ 			min = sz;
+-			min_p = object;
++			min_i = i;
+ 			/* Always stop scanning if exact sized object found */
+ 			if (sz == size) break;
+ 		}
+@@ -85,8 +85,9 @@ static inline void *scan_freelist(const
+ 	/* Enhancement TODO: split the free item if it's big enough */
+ 
+ 	/* Return smallest object found and delete from free list */
+-	if (min != 0) {
+-		sma_freelist[i] = NULL;
++	if (min_i != -1) {
++		min_p = sma_freelist[min_i];
++		sma_freelist[min_i] = NULL;
+ 		sma_freelist_cnt--;
+ 		min_p++;
+ 		return (void *)min_p;
+@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v
+ 	*pageptr = (uintptr_t)NULL;
+ 
+ 	/* Link previous page to this page, if applicable */
+-	if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr;
++	if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr;
+ 
+ 	/* Update last page pointers and total page counter */
+-	sma_lastpage = pageptr;
++	sma_curpage = pageptr;
+ 	sma_pages++;
+ 
+ 	return (void *)pageptr;
+@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v
+ 
+ void *string_malloc(size_t len)
+ {
+-	const void * restrict page = (char *)sma_lastpage;
++	const void * restrict page = (char *)sma_curpage;
+ 	static size_t *address;
+ 
+ 	/* Calling with no actual length is invalid */
+@@ -130,8 +131,6 @@ void *string_malloc(size_t len)
+ 		len &= ~(sizeof(uintptr_t) - 1);
+ 		len += sizeof(uintptr_t);
+ 	}
+-	/* Make room for size prefix */
+-	len += sizeof(size_t);
+ 
+ 	/* Pass-through allocations larger than maximum object size to malloc() */
+ 	if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) {
+@@ -151,7 +150,7 @@ void *string_malloc(size_t len)
+ 		for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL;
+ 		/* Allocate first page and set up for first allocation */
+ 		sma_head = string_malloc_page();
+-		if (!sma_head) return NULL;
++		if (sma_head == NULL) return NULL;
+ 		sma_nextfree = sizeof(uintptr_t);
+ 		page = sma_head;
+ 	}
+@@ -164,17 +163,20 @@ void *string_malloc(size_t len)
+ 	}
+ 
+ 	/* Allocate new page if this object won't fit */
+-	if ((sma_nextfree + len) > SMA_PAGE_SIZE) {
++	if ((sma_nextfree + len + sizeof(size_t)) > SMA_PAGE_SIZE) {
+ 		size_t sz;
+ 		size_t *tailaddr;
+ 		/* See if remaining space is usable */
+-		if (sma_freelist_cnt < SMA_MAX_FREE && sma_nextfree < SMA_PAGE_SIZE) {
+-			/* Get total remaining space size */
+-			sz = SMA_PAGE_SIZE - sma_nextfree;
+-			if (sz >= (SMA_MIN_SLACK + sizeof(size_t))) {
++		if (sma_freelist_cnt < SMA_MAX_FREE && (sma_nextfree + sizeof(size_t)) < SMA_PAGE_SIZE) {
++			/* Get remaining space size minus page linkage and obj size prefix */
++			sz = sma_nextfree + sizeof(size_t) + SMA_MIN_SLACK;
++
++			if (sz <= SMA_PAGE_SIZE) {
++				sz = SMA_PAGE_SIZE - sma_nextfree - sizeof(size_t);
+ 				tailaddr = (size_t *)((uintptr_t)page + sma_nextfree);
+-				*tailaddr = sz;
+-				string_free(tailaddr + 1);
++				*tailaddr = (size_t)sz;
++				tailaddr++;
++				string_free(tailaddr);
+ 				DBG(sma_free_tails++;)
+ 			}
+ 		}
+@@ -188,7 +190,7 @@ void *string_malloc(size_t len)
+ 	/* Prefix object with its size */
+ 	*address = len;
+ 	address++;
+-	sma_nextfree += len;
++	sma_nextfree += len + sizeof(size_t);
+ 
+ 	DBG(sma_allocs++;)
+ 	return (void *)address;
+@@ -206,7 +208,7 @@ void string_free(void * const restrict a
+ 		goto sf_failed;
+ 
+ 	/* Tiny objects keep big ones from being freed; ignore them */
+-	if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < (SMA_MIN_SLACK + sizeof(size_t)))
++	if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < SMA_MIN_SLACK)
+ 		goto sf_failed;
+ 
+ 	/* Add object to free list */
+@@ -233,6 +235,7 @@ void string_malloc_destroy(void)
+ 	uintptr_t *next;
+ 
+ 	cur = (void *)sma_head;
++	if (sma_head == NULL) return;
+ 	while (sma_pages > 0) {
+ 		next = (uintptr_t *)*(uintptr_t *)cur;
+ 		free(cur);
diff -Nru jdupes-1.7/debian/patches/series jdupes-1.7/debian/patches/series
--- jdupes-1.7/debian/patches/series	1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/series	2017-02-06 22:17:30.000000000 -0200
@@ -0,0 +1 @@
+10_fix-segfault.patch

Reply to:

Follow-Ups:
- Bug#854465: marked as done (unblock: jdupes/1.7-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#854464: unblock: clhep/2.1.4.1+dfsg-1
Next by Date: Processed: lprng silently loses authentication support when compiled with OpenSSL 1.1
Previous by thread: Bug#854464: marked as done (unblock: clhep/2.1.4.1+dfsg-1)
Next by thread: Bug#854465: marked as done (unblock: jdupes/1.7-2)
Index(es):
- Date
- Thread