--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package libdbi/0.9.0-4+deb9u1
- From: László Böszörményi (GCS) <gcs@debian.org>
- Date: Sun, 5 Nov 2017 14:52:46 +0100
- Message-id: <CAKjSHr19oeeBE=+mx8bzBf9vWv0ss9Ra5dXqxB1k1u3XY0eyNA@mail.gmail.com>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Hi SRMs,
I got a private bugreport (and so I can't reference it) that libdbi is
inconsistent on error handling of the dbi_result_next_row() function.
Some digging revealed that the error handler commented out[1] years
ago with other changes. Asked upstream about that, who confirmed it
was not intended to comment out the proper error handling. He
immediately re-enabled it[2] in the Git tree.
I don't think this has any security impact (treat bad input as normal
data), but it would be good to have consistent error handling in the
libdbi library.
Thanks for considering,
Laszlo/GCS
[1] https://sourceforge.net/p/libdbi/libdbi/ci/7f31b680238ea464e9bad9ef97cf411a3635af55/
[2] https://sourceforge.net/p/libdbi/libdbi/ci/88b8477d57153b9f736dd19d432d3b7ab1c49073/
diff -Nru libdbi-0.9.0/debian/changelog libdbi-0.9.0/debian/changelog
--- libdbi-0.9.0/debian/changelog 2014-11-01 16:12:02.000000000 +0100
+++ libdbi-0.9.0/debian/changelog 2017-10-29 19:19:04.000000000 +0100
@@ -1,3 +1,10 @@
+libdbi (0.9.0-4+deb9u1) stretch; urgency=medium
+
+ * Backport fix to re-enable a call to _error_handler() that was commented
+ out for no obvious reason in dbi_result_next_row() .
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 29 Oct 2017 18:19:04 +0000
+
libdbi (0.9.0-4) unstable; urgency=medium
* Backport fix for double-free in dbi_shutdown_r() (closes: #764130).
diff -Nru libdbi-0.9.0/debian/patches/re-enable_call_to_error_handler.patch libdbi-0.9.0/debian/patches/re-enable_call_to_error_handler.patch
--- libdbi-0.9.0/debian/patches/re-enable_call_to_error_handler.patch 1970-01-01 01:00:00.000000000 +0100
+++ libdbi-0.9.0/debian/patches/re-enable_call_to_error_handler.patch 2017-10-29 19:19:04.000000000 +0100
@@ -0,0 +1,19 @@
+commit 88b8477d57153b9f736dd19d432d3b7ab1c49073
+Author: mhoenicka <markus.hoenicka@mhoenicka.de>
+Date: Sat Oct 28 01:54:33 2017 +0200
+
+ re-enabled a call to _error_handler() that was commented out for no obvious reason
+
+diff --git a/src/dbi_result.c b/src/dbi_result.c
+index 232d0ec..1e1b0be 100644
+--- a/src/dbi_result.c
++++ b/src/dbi_result.c
+@@ -174,7 +174,7 @@ int dbi_result_next_row(dbi_result Result) {
+ _reset_conn_error(RESULT->conn);
+
+ if (!dbi_result_has_next_row(Result)) {
+-/* _error_handler(RESULT->conn, DBI_ERROR_BADIDX); */
++ _error_handler(RESULT->conn, DBI_ERROR_BADIDX);
+ return 0;
+ }
+ return dbi_result_seek_row(Result, RESULT->currowidx+1);
diff -Nru libdbi-0.9.0/debian/patches/series libdbi-0.9.0/debian/patches/series
--- libdbi-0.9.0/debian/patches/series 2014-11-01 16:02:53.000000000 +0100
+++ libdbi-0.9.0/debian/patches/series 2017-10-29 19:19:04.000000000 +0100
@@ -1,3 +1,4 @@
fix_memory_leak_if_not_connected.patch
fix_possible_access_to_unallocated_memory.patch
fix_double-free_in_dbi_shutdown_r.patch
+re-enable_call_to_error_handler.patch
--- End Message ---