[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#846948: marked as done (jessie-pu: package file/1:5.22+15-2+deb8u3)

Your message dated Sat, 14 Jan 2017 12:37:03 +0000
with message-id <1484397423.1091.25.camel@adam-barratt.org.uk>
and subject line Closing requests included in today's point release
has caused the Debian Bug report #846948,
regarding jessie-pu: package file/1:5.22+15-2+deb8u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
846948: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846948
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello release team,

A memory leak was found in in libmagic's (src:file) loader of magic
files, appearently independently by Shi Yin in PR/569[1] and Arnaud
Quette in #840754[2]. This was fixed upstream in version 5.29 which is
in testing and unstable (as 1:5.29-1), oldstable/wheezy doesn't seem to
have this problem.

For stable/jessie I'd like to handle this in the next point release.

The actual fix is commit FILE5_28-42-g10ee4ec[3] where commit
FILE5_24-31-g3aa35aa[4] is needed as a prerequisite. I've dropped a
hunk from that fix which AFAICS is not relevant for Debian and would
otherwise require the inclusion FILE5_25-3-gb0ccffd[5] as another
prerequisite: According to its description, that third commit is needed
on systems without mmap only.

Find attached:

* A debdiff for 1:5.22+15-2+deb8u3
* A commulative patch about the code changes to ease review.

After applying the patch, the valgrind check as described in the BTS
no longer reports leaks.

Regards,

    Christoph

[1] https://bugs.gw.com/view.php?id=569
[2] https://bugs.debian.org/840754
[3] https://github.com/file/file/commit/FILE5_28-42-g10ee4ec
[4] https://github.com/file/file/commit/FILE5_24-31-g3aa35aa
[5] https://github.com/file/file/commit/FILE5_25-3-gb0ccffd

diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog	2016-05-09 08:23:30.000000000 +0200
+++ file-5.22+15/debian/changelog	2016-12-04 10:00:07.000000000 +0100
@@ -1,3 +1,9 @@
+file (1:5.22+15-2+deb8u3) stable; urgency=medium
+
+  * Fix memory leak in magic loader. Closes: #840754
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sun, 04 Dec 2016 10:00:07 +0100
+
 file (1:5.22+15-2+deb8u2) stable; urgency=high
 
   * Fix CVE-2015-8865:
diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
--- file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch	2016-12-02 00:00:46.000000000 +0100
@@ -0,0 +1,32 @@
+Subject: Don't leak memory when loading non-compiled files
+Origin: FILE5_24-31-g3aa35aa
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Thu Sep 10 13:59:47 2015 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -538,6 +538,7 @@
+ private void
+ apprentice_unmap(struct magic_map *map)
+ {
++	size_t i;
+ 	if (map == NULL)
+ 		return;
+ 
+@@ -550,6 +551,8 @@
+ #endif
+ 	case MAP_TYPE_MALLOC:
+ 		free(map->p);
++		for (i = 0; i < MAGIC_SETS; i++)
++			free(map->magic[i]);
+ 		break;
+ 	case MAP_TYPE_USER:
+ 		break;
+@@ -1285,6 +1288,7 @@
+ 		file_oomem(ms, sizeof(*map));
+ 		return NULL;
+ 	}
++	map->type = MAP_TYPE_MALLOC;
+ 
+ 	/* print silly verbose header for USG compat. */
+ 	if (action == FILE_CHECK)
diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
--- file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch	2016-12-04 09:36:35.000000000 +0100
@@ -0,0 +1,22 @@
+Subject: PR/569: Shi Yin: Fix memory leak
+Origin: FILE5_28-42-g10ee4ec
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Sun Sep 11 13:53:02 2016 +0000
+Comment: Only relevant parts of that commit were used
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -404,11 +404,11 @@
+ {
+ 	struct mlist *ml;
+ 
+-	mlp->map = idx == 0 ? map : NULL;
++	mlp->map = NULL;
+ 	if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL)
+ 		return -1;
+ 
+-	ml->map = NULL;
++	ml->map = idx == 0 ? map : NULL;
+ 	ml->magic = map->magic[idx];
+ 	ml->nmagic = map->nmagic[idx];
+ 
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series	2016-05-09 08:10:53.000000000 +0200
+++ file-5.22+15/debian/patches/series	2016-12-04 09:50:30.000000000 +0100
@@ -13,3 +13,5 @@
 cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
 cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
 CVE-2015-8865.6713ca4.patch
+cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
+cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch

diff --git a/src/apprentice.c b/src/apprentice.c
index 1b574c5..ec7ac36 100644
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -404,11 +404,11 @@ add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx)
 {
 	struct mlist *ml;
 
-	mlp->map = idx == 0 ? map : NULL;
+	mlp->map = NULL;
 	if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL)
 		return -1;
 
-	ml->map = NULL;
+	ml->map = idx == 0 ? map : NULL;
 	ml->magic = map->magic[idx];
 	ml->nmagic = map->nmagic[idx];
 
@@ -538,6 +538,7 @@ free:
 private void
 apprentice_unmap(struct magic_map *map)
 {
+	size_t i;
 	if (map == NULL)
 		return;
 
@@ -550,6 +551,8 @@ apprentice_unmap(struct magic_map *map)
 #endif
 	case MAP_TYPE_MALLOC:
 		free(map->p);
+		for (i = 0; i < MAGIC_SETS; i++)
+			free(map->magic[i]);
 		break;
 	case MAP_TYPE_USER:
 		break;
@@ -1285,6 +1288,7 @@ apprentice_load(struct magic_set *ms, const char *fn, int action)
 		file_oomem(ms, sizeof(*map));
 		return NULL;
 	}
+	map->type = MAP_TYPE_MALLOC;
 
 	/* print silly verbose header for USG compat. */
 	if (action == FILE_CHECK)

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Version: 8.7

Hi,

Each of these bugs refers to an update that was included in today's 8.7
point release.

Regards,

Adam

--- End Message ---
Reply to: