Bug#854465: marked as done (unblock: jdupes/1.7-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 07 Feb 2017 16:31:00 +0000
with message-id <a95ec7eb-23b1-c2c8-1128-6b95c1e2c5f4@thykier.net>
and subject line Re: Bug#854465: unblock: jdupes/1.7-2
has caused the Debian Bug report #854465,
regarding unblock: jdupes/1.7-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
854465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854465
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: jdupes/1.7-2
• From: Joao Eriberto Mota Filho <eriberto@debian.org>
• Date: Tue, 07 Feb 2017 10:30:34 -0200
• Message-id: <[🔎] 148647063412.30090.6836711420637894482.reportbug@octans.dc.eb.mil.br>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package jdupes.

Some considerations:

  * The revision fix a segment fault issue when jdupes is used in some
    conditions. It will close #854427, severity important.

  * The patch used to fix was generated by the upstream.

  * The package was already uploaded to Sid and it builds correctly
    on all applicable architectures.

  * There is a debdiff attached.

  * The debian/changelog says:

    jdupes (1.7-2) unstable; urgency=medium

      * debian/patches/10_fix-segfault.patch: added to fix a segmentation
        fault in jdupes. (Closes: #854427)

Thanks in advance.

Regards,

Eriberto

diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog	2017-01-03 17:30:04.000000000 -0200
+++ jdupes-1.7/debian/changelog	2017-02-06 22:19:51.000000000 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2) unstable; urgency=medium
+
+  * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
+    jdupes. (Closes: #854427)
+
+ -- Joao Eriberto Mota Filho <eriberto@debian.org>  Mon, 06 Feb 2017 22:19:51 -0200
+
 jdupes (1.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch jdupes-1.7/debian/patches/10_fix-segfault.patch
--- jdupes-1.7/debian/patches/10_fix-segfault.patch	1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/10_fix-segfault.patch	2017-02-06 22:19:33.000000000 -0200
@@ -0,0 +1,147 @@
+Description: fix a major bug in string_malloc()'s free list functionality
+             (Closes: #854427)
+Author: Jody Bruchon <jody@jodybruchon.com>
+Last-Update: 2017-01-19
+Index: jdupes-1.7/string_malloc.c
+===================================================================
+--- jdupes-1.7.orig/string_malloc.c
++++ jdupes-1.7/string_malloc.c
+@@ -30,7 +30,7 @@
+ #endif
+ 
+ static void *sma_head = NULL;
+-static uintptr_t *sma_lastpage = NULL;
++static uintptr_t *sma_curpage = NULL;
+ static unsigned int sma_pages = 0;
+ static void *sma_freelist[SMA_MAX_FREE];
+ static int sma_freelist_cnt = 0;
+@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0;
+ /* Scan the freed chunk list for a suitably sized object */
+ static inline void *scan_freelist(const size_t size)
+ {
+-	size_t *min_p, *object;
++	size_t *object, *min_p;
+ 	size_t sz, min = 0;
+-	int i, used = 0;
++	int i, used = 0, min_i = -1;
+ 
+ 	/* Don't bother scanning if the list is empty */
+ 	if (sma_freelist_cnt == 0) return NULL;
+@@ -74,9 +74,9 @@ static inline void *scan_freelist(const
+ 		/* Skip smaller objects */
+ 		if (sz < size) continue;
+ 		/* Object is big enough; record if it's the new minimum */
+-		if (min == 0 || sz < min) {
++		if (min == 0 || sz <= min) {
+ 			min = sz;
+-			min_p = object;
++			min_i = i;
+ 			/* Always stop scanning if exact sized object found */
+ 			if (sz == size) break;
+ 		}
+@@ -85,8 +85,9 @@ static inline void *scan_freelist(const
+ 	/* Enhancement TODO: split the free item if it's big enough */
+ 
+ 	/* Return smallest object found and delete from free list */
+-	if (min != 0) {
+-		sma_freelist[i] = NULL;
++	if (min_i != -1) {
++		min_p = sma_freelist[min_i];
++		sma_freelist[min_i] = NULL;
+ 		sma_freelist_cnt--;
+ 		min_p++;
+ 		return (void *)min_p;
+@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v
+ 	*pageptr = (uintptr_t)NULL;
+ 
+ 	/* Link previous page to this page, if applicable */
+-	if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr;
++	if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr;
+ 
+ 	/* Update last page pointers and total page counter */
+-	sma_lastpage = pageptr;
++	sma_curpage = pageptr;
+ 	sma_pages++;
+ 
+ 	return (void *)pageptr;
+@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v
+ 
+ void *string_malloc(size_t len)
+ {
+-	const void * restrict page = (char *)sma_lastpage;
++	const void * restrict page = (char *)sma_curpage;
+ 	static size_t *address;
+ 
+ 	/* Calling with no actual length is invalid */
+@@ -130,8 +131,6 @@ void *string_malloc(size_t len)
+ 		len &= ~(sizeof(uintptr_t) - 1);
+ 		len += sizeof(uintptr_t);
+ 	}
+-	/* Make room for size prefix */
+-	len += sizeof(size_t);
+ 
+ 	/* Pass-through allocations larger than maximum object size to malloc() */
+ 	if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) {
+@@ -151,7 +150,7 @@ void *string_malloc(size_t len)
+ 		for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL;
+ 		/* Allocate first page and set up for first allocation */
+ 		sma_head = string_malloc_page();
+-		if (!sma_head) return NULL;
++		if (sma_head == NULL) return NULL;
+ 		sma_nextfree = sizeof(uintptr_t);
+ 		page = sma_head;
+ 	}
+@@ -164,17 +163,20 @@ void *string_malloc(size_t len)
+ 	}
+ 
+ 	/* Allocate new page if this object won't fit */
+-	if ((sma_nextfree + len) > SMA_PAGE_SIZE) {
++	if ((sma_nextfree + len + sizeof(size_t)) > SMA_PAGE_SIZE) {
+ 		size_t sz;
+ 		size_t *tailaddr;
+ 		/* See if remaining space is usable */
+-		if (sma_freelist_cnt < SMA_MAX_FREE && sma_nextfree < SMA_PAGE_SIZE) {
+-			/* Get total remaining space size */
+-			sz = SMA_PAGE_SIZE - sma_nextfree;
+-			if (sz >= (SMA_MIN_SLACK + sizeof(size_t))) {
++		if (sma_freelist_cnt < SMA_MAX_FREE && (sma_nextfree + sizeof(size_t)) < SMA_PAGE_SIZE) {
++			/* Get remaining space size minus page linkage and obj size prefix */
++			sz = sma_nextfree + sizeof(size_t) + SMA_MIN_SLACK;
++
++			if (sz <= SMA_PAGE_SIZE) {
++				sz = SMA_PAGE_SIZE - sma_nextfree - sizeof(size_t);
+ 				tailaddr = (size_t *)((uintptr_t)page + sma_nextfree);
+-				*tailaddr = sz;
+-				string_free(tailaddr + 1);
++				*tailaddr = (size_t)sz;
++				tailaddr++;
++				string_free(tailaddr);
+ 				DBG(sma_free_tails++;)
+ 			}
+ 		}
+@@ -188,7 +190,7 @@ void *string_malloc(size_t len)
+ 	/* Prefix object with its size */
+ 	*address = len;
+ 	address++;
+-	sma_nextfree += len;
++	sma_nextfree += len + sizeof(size_t);
+ 
+ 	DBG(sma_allocs++;)
+ 	return (void *)address;
+@@ -206,7 +208,7 @@ void string_free(void * const restrict a
+ 		goto sf_failed;
+ 
+ 	/* Tiny objects keep big ones from being freed; ignore them */
+-	if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < (SMA_MIN_SLACK + sizeof(size_t)))
++	if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < SMA_MIN_SLACK)
+ 		goto sf_failed;
+ 
+ 	/* Add object to free list */
+@@ -233,6 +235,7 @@ void string_malloc_destroy(void)
+ 	uintptr_t *next;
+ 
+ 	cur = (void *)sma_head;
++	if (sma_head == NULL) return;
+ 	while (sma_pages > 0) {
+ 		next = (uintptr_t *)*(uintptr_t *)cur;
+ 		free(cur);
diff -Nru jdupes-1.7/debian/patches/series jdupes-1.7/debian/patches/series
--- jdupes-1.7/debian/patches/series	1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/series	2017-02-06 22:17:30.000000000 -0200
@@ -0,0 +1 @@
+10_fix-segfault.patch

--- End Message ---

--- Begin Message ---

• To: Joao Eriberto Mota Filho <eriberto@debian.org>, 854465-done@bugs.debian.org
• Subject: Re: Bug#854465: unblock: jdupes/1.7-2
• From: Niels Thykier <niels@thykier.net>
• Date: Tue, 07 Feb 2017 16:31:00 +0000
• Message-id: <a95ec7eb-23b1-c2c8-1128-6b95c1e2c5f4@thykier.net>
• In-reply-to: <[🔎] 148647063412.30090.6836711420637894482.reportbug@octans.dc.eb.mil.br>
• References: <[🔎] 148647063412.30090.6836711420637894482.reportbug@octans.dc.eb.mil.br>

Joao Eriberto Mota Filho:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package jdupes.
> 
> Some considerations:
> 
>   * The revision fix a segment fault issue when jdupes is used in some
>     conditions. It will close #854427, severity important.
> 
>   * The patch used to fix was generated by the upstream.
> 
>   * The package was already uploaded to Sid and it builds correctly
>     on all applicable architectures.
> 
>   * There is a debdiff attached.
> 
>   * The debian/changelog says:
> 
>     jdupes (1.7-2) unstable; urgency=medium
> 
>       * debian/patches/10_fix-segfault.patch: added to fix a segmentation
>         fault in jdupes. (Closes: #854427)
> 
> Thanks in advance.
> 
> Regards,
> 
> Eriberto
> 


Unblocked, thanks

~Niels

--- End Message ---