Bug#925936: release.debian.org: Would v4l-utils 1.16.5 match unblocking criteria?
Control: tags -1 - moreinfo
Hello,
A new patch turned up and I decided to only cherry-pick the three most
important patches from the stable-1.16 tree.
Debdiff is attached.
If you agree on the changes I will upload via unstable.
Thanks,
Gregor
diff -Nru v4l-utils-1.16.3/debian/changelog v4l-utils-1.16.3/debian/changelog
--- v4l-utils-1.16.3/debian/changelog 2018-12-15 19:34:33.000000000 +0100
+++ v4l-utils-1.16.3/debian/changelog 2019-04-14 14:30:26.000000000 +0200
@@ -1,3 +1,9 @@
+v4l-utils (1.16.3-2) unstable; urgency=medium
+
+ * Fix double-free and uninitailized memory issue. LP: #1819650
+
+ -- Gregor Jasny <gjasny@googlemail.com> Sun, 14 Apr 2019 14:30:26 +0200
+
v4l-utils (1.16.3-1) unstable; urgency=medium
* Imported Upstream version 1.16.3
diff -Nru v4l-utils-1.16.3/debian/gbp.conf v4l-utils-1.16.3/debian/gbp.conf
--- v4l-utils-1.16.3/debian/gbp.conf 2018-10-06 13:53:55.000000000 +0200
+++ v4l-utils-1.16.3/debian/gbp.conf 2019-04-14 14:23:39.000000000 +0200
@@ -1,6 +1,6 @@
[DEFAULT]
upstream-branch = upstream
-debian-branch = master
+debian-branch = buster
upstream-tag = upstream/%(version)s
debian-tag = debian/%(version)s
pristine-tar = True
diff -Nru v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
--- v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch 1970-01-01 01:00:00.000000000 +0100
+++ v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch 2019-04-14 14:28:27.000000000 +0200
@@ -0,0 +1,50 @@
+Subject: dvbv5-tools: be sure to zero struct arguments
+Author: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Origin: upstream, https://git.linuxtv.org/v4l-utils.git/commit/?h=stable-1.16&id=faef148b1b67bd17f8aaaa79fd71746532c86e90
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1819650
+
+From 23e5056b0487acdaa56e5569952b5a8f344cf49b Mon Sep 17 00:00:00 2001
+Date: Thu, 14 Mar 2019 19:23:38 -0300
+
+Let's not let the arguments struct with some random value.
+
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+---
+ utils/dvb/dvb-format-convert.c | 2 +-
+ utils/dvb/dvbv5-scan.c | 2 +-
+ utils/dvb/dvbv5-zap.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/utils/dvb/dvb-format-convert.c
++++ b/utils/dvb/dvb-format-convert.c
+@@ -123,7 +123,7 @@
+
+ int main(int argc, char **argv)
+ {
+- struct arguments args;
++ struct arguments args = {};
+ int idx = -1, missing = 0;
+ const struct argp argp = {
+ .options = options,
+--- a/utils/dvb/dvbv5-scan.c
++++ b/utils/dvb/dvbv5-scan.c
+@@ -450,7 +450,7 @@
+
+ int main(int argc, char **argv)
+ {
+- struct arguments args;
++ struct arguments args = {};
+ int err, lnb = -1,idx = -1;
+ struct dvb_device *dvb;
+ struct dvb_dev_list *dvb_dev;
+--- a/utils/dvb/dvbv5-zap.c
++++ b/utils/dvb/dvbv5-zap.c
+@@ -1018,7 +1018,7 @@
+
+ int main(int argc, char **argv)
+ {
+- struct arguments args;
++ struct arguments args = {};
+ char *homedir = getenv("HOME");
+ char *channel = NULL;
+ int lnb = -1, idx = -1;
diff -Nru v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
--- v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch 1970-01-01 01:00:00.000000000 +0100
+++ v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch 2019-04-14 14:28:25.000000000 +0200
@@ -0,0 +1,93 @@
+Subject: libdvbv5: leaks and double free in dvb_fe_open_fname()
+Author: Sean Young <sean@mess.org>
+Origin: upstream, https://git.linuxtv.org/v4l-utils.git/commit/?h=stable-1.16&id=c82608ca1595427c2bdbd4abb9aca9163e1df60a
+Bug-Ubuntu: https://bugs.launchpad.net/raspbian/+bug/1819650
+
+dvb_fe_open_fname() takes ownership of fname if the function succeeds, but
+also in two of the error paths (e.g. if the ioctl FE_GET_PROPERTY fails).
+
+Adjust dvb_fe_open_fname() so it copies fname rather than taking ownership
+(and passing that to params). This makes the code cleaner.
+
+Signed-off-by: Sean Young <sean@mess.org>
+---
+ lib/libdvbv5/dvb-dev-local.c | 2 +-
+ lib/libdvbv5/dvb-fe.c | 18 ++++++++----------
+ 2 files changed, 9 insertions(+), 11 deletions(-)
+
+--- a/lib/libdvbv5/dvb-dev-local.c
++++ b/lib/libdvbv5/dvb-dev-local.c
+@@ -467,7 +467,7 @@
+ flags &= ~O_NONBLOCK;
+ }
+
+- ret = dvb_fe_open_fname(parms, strdup(dev->path), flags);
++ ret = dvb_fe_open_fname(parms, dev->path, flags);
+ if (ret) {
+ free(open_dev);
+ return NULL;
+--- a/lib/libdvbv5/dvb-fe.c
++++ b/lib/libdvbv5/dvb-fe.c
+@@ -133,7 +133,6 @@
+ int flags)
+ {
+ int ret;
+- char *fname;
+ struct dvb_device *dvb;
+ struct dvb_dev_list *dvb_dev;
+ struct dvb_v5_fe_parms_priv *parms = NULL;
+@@ -153,7 +152,6 @@
+ dvb_dev_free(dvb);
+ return NULL;
+ }
+- fname = strdup(dvb_dev->path);
+
+ if (!strcmp(dvb_dev->bus_addr, "platform:dvbloopback")) {
+ logfunc(LOG_WARNING, _("Detected dvbloopback"));
+@@ -161,14 +159,10 @@
+ }
+
+ dvb_dev_free(dvb);
+- if (!fname) {
+- logfunc(LOG_ERR, _("fname calloc: %s"), strerror(errno));
+- return NULL;
+- }
++
+ parms = calloc(sizeof(*parms), 1);
+ if (!parms) {
+ logfunc(LOG_ERR, _("parms calloc: %s"), strerror(errno));
+- free(fname);
+ return NULL;
+ }
+ parms->p.verbose = verbose;
+@@ -183,7 +177,7 @@
+ if (use_legacy_call)
+ parms->p.legacy_fe = 1;
+
+- ret = dvb_fe_open_fname(parms, fname, flags);
++ ret = dvb_fe_open_fname(parms, dvb_dev->path, flags);
+ if (ret < 0) {
+ free(parms);
+ return NULL;
+@@ -203,7 +197,6 @@
+ fd = open(fname, flags, 0);
+ if (fd == -1) {
+ dvb_logerr(_("%s while opening %s"), strerror(errno), fname);
+- free(fname);
+ return -errno;
+ }
+
+@@ -226,7 +219,12 @@
+ }
+ }
+
+- parms->fname = fname;
++ parms->fname = strdup(fname);
++ if (!parms->fname) {
++ dvb_logerr(_("fname calloc: %s"), strerror(errno));
++ return -errno;
++ }
++
+ parms->fd = fd;
+ parms->fe_flags = flags;
+ parms->dvb_prop[0].cmd = DTV_API_VERSION;
diff -Nru v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch
--- v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch 1970-01-01 01:00:00.000000000 +0100
+++ v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch 2019-04-14 14:28:20.000000000 +0200
@@ -0,0 +1,59 @@
+Subject: libdvbv5: fix double free in dvb_fe_open_fname
+Author: Andre Roth <neolynx@gmail.com>
+Origin: upstream, https://git.linuxtv.org/v4l-utils.git/commit/?h=stable-1.16&id=78057aaa784a922b4ac6af9f323b828f7a834581
+Bug-Ubuntu: https://bugs.launchpad.net/raspbian/+bug/1819650
+
+Since parms and fname is allocated outside of the function, do not free it.
+Use dvb_v5_free for freeing parms, it will free fname if required.
+
+Signed-off-by: Andre Roth <neolynx@gmail.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+---
+ lib/libdvbv5/dvb-fe.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/lib/libdvbv5/dvb-fe.c
++++ b/lib/libdvbv5/dvb-fe.c
+@@ -179,7 +179,7 @@
+
+ ret = dvb_fe_open_fname(parms, dvb_dev->path, flags);
+ if (ret < 0) {
+- free(parms);
++ dvb_v5_free(parms);
+ return NULL;
+ }
+
+@@ -202,9 +202,7 @@
+
+ if (xioctl(fd, FE_GET_INFO, &parms->p.info) == -1) {
+ dvb_perror("FE_GET_INFO");
+- dvb_v5_free(parms);
+ close(fd);
+- free(fname);
+ return -errno;
+ }
+
+@@ -291,7 +289,6 @@
+ }
+ if (!parms->p.num_systems) {
+ dvb_logerr(_("delivery system not detected"));
+- dvb_v5_free(parms);
+ close(fd);
+ return -EINVAL;
+ }
+@@ -302,7 +299,6 @@
+ dtv_prop.props = parms->dvb_prop;
+ if (xioctl(fd, FE_GET_PROPERTY, &dtv_prop) == -1) {
+ dvb_perror("FE_GET_PROPERTY");
+- dvb_v5_free(parms);
+ close(fd);
+ return -errno;
+ }
+@@ -312,7 +308,6 @@
+
+ if (parms->p.num_systems == 0) {
+ dvb_logerr(_("driver returned 0 supported delivery systems!"));
+- dvb_v5_free(parms);
+ close(fd);
+ return -EINVAL;
+ }
diff -Nru v4l-utils-1.16.3/debian/patches/series v4l-utils-1.16.3/debian/patches/series
--- v4l-utils-1.16.3/debian/patches/series 2018-12-15 19:34:33.000000000 +0100
+++ v4l-utils-1.16.3/debian/patches/series 2019-04-14 14:24:59.000000000 +0200
@@ -1 +1,4 @@
dont-gererate-treeview.diff
+0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
+0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
+0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch
Reply to: