--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package jdupes.
Some considerations:
* The revision fix a segment fault issue when jdupes is used in some
conditions. It will close #854427, severity important.
* The patch used to fix was generated by the upstream.
* The package was already uploaded to Sid and it builds correctly
on all applicable architectures.
* There is a debdiff attached.
* The debian/changelog says:
jdupes (1.7-2) unstable; urgency=medium
* debian/patches/10_fix-segfault.patch: added to fix a segmentation
fault in jdupes. (Closes: #854427)
Thanks in advance.
Regards,
Eriberto
diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog 2017-01-03 17:30:04.000000000 -0200
+++ jdupes-1.7/debian/changelog 2017-02-06 22:19:51.000000000 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2) unstable; urgency=medium
+
+ * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
+ jdupes. (Closes: #854427)
+
+ -- Joao Eriberto Mota Filho <eriberto@debian.org> Mon, 06 Feb 2017 22:19:51 -0200
+
jdupes (1.7-1) unstable; urgency=medium
* New upstream release.
diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch jdupes-1.7/debian/patches/10_fix-segfault.patch
--- jdupes-1.7/debian/patches/10_fix-segfault.patch 1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/10_fix-segfault.patch 2017-02-06 22:19:33.000000000 -0200
@@ -0,0 +1,147 @@
+Description: fix a major bug in string_malloc()'s free list functionality
+ (Closes: #854427)
+Author: Jody Bruchon <jody@jodybruchon.com>
+Last-Update: 2017-01-19
+Index: jdupes-1.7/string_malloc.c
+===================================================================
+--- jdupes-1.7.orig/string_malloc.c
++++ jdupes-1.7/string_malloc.c
+@@ -30,7 +30,7 @@
+ #endif
+
+ static void *sma_head = NULL;
+-static uintptr_t *sma_lastpage = NULL;
++static uintptr_t *sma_curpage = NULL;
+ static unsigned int sma_pages = 0;
+ static void *sma_freelist[SMA_MAX_FREE];
+ static int sma_freelist_cnt = 0;
+@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0;
+ /* Scan the freed chunk list for a suitably sized object */
+ static inline void *scan_freelist(const size_t size)
+ {
+- size_t *min_p, *object;
++ size_t *object, *min_p;
+ size_t sz, min = 0;
+- int i, used = 0;
++ int i, used = 0, min_i = -1;
+
+ /* Don't bother scanning if the list is empty */
+ if (sma_freelist_cnt == 0) return NULL;
+@@ -74,9 +74,9 @@ static inline void *scan_freelist(const
+ /* Skip smaller objects */
+ if (sz < size) continue;
+ /* Object is big enough; record if it's the new minimum */
+- if (min == 0 || sz < min) {
++ if (min == 0 || sz <= min) {
+ min = sz;
+- min_p = object;
++ min_i = i;
+ /* Always stop scanning if exact sized object found */
+ if (sz == size) break;
+ }
+@@ -85,8 +85,9 @@ static inline void *scan_freelist(const
+ /* Enhancement TODO: split the free item if it's big enough */
+
+ /* Return smallest object found and delete from free list */
+- if (min != 0) {
+- sma_freelist[i] = NULL;
++ if (min_i != -1) {
++ min_p = sma_freelist[min_i];
++ sma_freelist[min_i] = NULL;
+ sma_freelist_cnt--;
+ min_p++;
+ return (void *)min_p;
+@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v
+ *pageptr = (uintptr_t)NULL;
+
+ /* Link previous page to this page, if applicable */
+- if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr;
++ if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr;
+
+ /* Update last page pointers and total page counter */
+- sma_lastpage = pageptr;
++ sma_curpage = pageptr;
+ sma_pages++;
+
+ return (void *)pageptr;
+@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v
+
+ void *string_malloc(size_t len)
+ {
+- const void * restrict page = (char *)sma_lastpage;
++ const void * restrict page = (char *)sma_curpage;
+ static size_t *address;
+
+ /* Calling with no actual length is invalid */
+@@ -130,8 +131,6 @@ void *string_malloc(size_t len)
+ len &= ~(sizeof(uintptr_t) - 1);
+ len += sizeof(uintptr_t);
+ }
+- /* Make room for size prefix */
+- len += sizeof(size_t);
+
+ /* Pass-through allocations larger than maximum object size to malloc() */
+ if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) {
+@@ -151,7 +150,7 @@ void *string_malloc(size_t len)
+ for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL;
+ /* Allocate first page and set up for first allocation */
+ sma_head = string_malloc_page();
+- if (!sma_head) return NULL;
++ if (sma_head == NULL) return NULL;
+ sma_nextfree = sizeof(uintptr_t);
+ page = sma_head;
+ }
+@@ -164,17 +163,20 @@ void *string_malloc(size_t len)
+ }
+
+ /* Allocate new page if this object won't fit */
+- if ((sma_nextfree + len) > SMA_PAGE_SIZE) {
++ if ((sma_nextfree + len + sizeof(size_t)) > SMA_PAGE_SIZE) {
+ size_t sz;
+ size_t *tailaddr;
+ /* See if remaining space is usable */
+- if (sma_freelist_cnt < SMA_MAX_FREE && sma_nextfree < SMA_PAGE_SIZE) {
+- /* Get total remaining space size */
+- sz = SMA_PAGE_SIZE - sma_nextfree;
+- if (sz >= (SMA_MIN_SLACK + sizeof(size_t))) {
++ if (sma_freelist_cnt < SMA_MAX_FREE && (sma_nextfree + sizeof(size_t)) < SMA_PAGE_SIZE) {
++ /* Get remaining space size minus page linkage and obj size prefix */
++ sz = sma_nextfree + sizeof(size_t) + SMA_MIN_SLACK;
++
++ if (sz <= SMA_PAGE_SIZE) {
++ sz = SMA_PAGE_SIZE - sma_nextfree - sizeof(size_t);
+ tailaddr = (size_t *)((uintptr_t)page + sma_nextfree);
+- *tailaddr = sz;
+- string_free(tailaddr + 1);
++ *tailaddr = (size_t)sz;
++ tailaddr++;
++ string_free(tailaddr);
+ DBG(sma_free_tails++;)
+ }
+ }
+@@ -188,7 +190,7 @@ void *string_malloc(size_t len)
+ /* Prefix object with its size */
+ *address = len;
+ address++;
+- sma_nextfree += len;
++ sma_nextfree += len + sizeof(size_t);
+
+ DBG(sma_allocs++;)
+ return (void *)address;
+@@ -206,7 +208,7 @@ void string_free(void * const restrict a
+ goto sf_failed;
+
+ /* Tiny objects keep big ones from being freed; ignore them */
+- if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < (SMA_MIN_SLACK + sizeof(size_t)))
++ if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < SMA_MIN_SLACK)
+ goto sf_failed;
+
+ /* Add object to free list */
+@@ -233,6 +235,7 @@ void string_malloc_destroy(void)
+ uintptr_t *next;
+
+ cur = (void *)sma_head;
++ if (sma_head == NULL) return;
+ while (sma_pages > 0) {
+ next = (uintptr_t *)*(uintptr_t *)cur;
+ free(cur);
diff -Nru jdupes-1.7/debian/patches/series jdupes-1.7/debian/patches/series
--- jdupes-1.7/debian/patches/series 1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/series 2017-02-06 22:17:30.000000000 -0200
@@ -0,0 +1 @@
+10_fix-segfault.patch
--- End Message ---