Your message dated Thu, 29 Dec 2016 10:48:36 +0000 with message-id <E1cMYGC-0006JZ-23@fasolo.debian.org> and subject line Bug#849026: fixed in libxi 2:1.7.8-2 has caused the Debian Bug report #849026, regarding libxi_1.6.1-1+deb7u2 introduced free of unallocated object to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 849026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849026 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: libxi_1.6.1-1+deb7u2 introduced free of unallocated object
- From: Thomas Walker <thwalker3@gmail.com>
- Date: Wed, 21 Dec 2016 22:07:07 +0000
- Message-id: <[🔎] CAAp9V_gAJLJiaXkYf5LKkHb+KfmM5sdM_XnbuUQWqv4=-t7G=g@mail.gmail.com>
Package: libxiVersion: 1.6.1-1+deb7u2After updating the above package (from deb7u1), various applications (google-chrome-stable notably) begin to crash with messages indicating an attempt to free an invalid pointer. Upon looking into the issue further, I noticed that the following addition to XIQueryDevice.c is flawed:@@ -103,7 +130,17 @@SyncHandle();return info;+error_loop:+ while (--i >= 0)+ {+ Xfree(info[i].name);+ Xfree(info[i].classes);+ }error:+ Xfree(info);+ Xfree(buf);UnlockDisplay(dpy);SyncHandle();There are 3 places that "goto error", two before info and buf are allocated, and one after we've checked and found one (or both) to be NULL. Moving those Xfree()s up a couple of lines into error_loop (where we know they are already allocated) fixes the problem.
--- End Message ---
--- Begin Message ---
- To: 849026-close@bugs.debian.org
- Subject: Bug#849026: fixed in libxi 2:1.7.8-2
- From: Emilio Pozuelo Monfort <pochu@debian.org>
- Date: Thu, 29 Dec 2016 10:48:36 +0000
- Message-id: <E1cMYGC-0006JZ-23@fasolo.debian.org>
Source: libxi Source-Version: 2:1.7.8-2 We believe that the bug you reported is fixed in the latest version of libxi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849026@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libxi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 29 Dec 2016 11:22:29 +0100 Source: libxi Binary: libxi6 libxi6-udeb libxi-dev Architecture: source Version: 2:1.7.8-2 Distribution: unstable Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Description: libxi-dev - X11 Input extension library (development headers) libxi6 - X11 Input extension library libxi6-udeb - X11 Input extension library (udeb) Closes: 849026 Changes: libxi (2:1.7.8-2) unstable; urgency=medium . * Cherry-pick upstream commit 557b6079, don't free an uninitialized buffer. Closes: #849026. Checksums-Sha1: 1dc19e90cc1765f6f580caa3b80c94df6531ea32 2202 libxi_1.7.8-2.dsc 3cf75684a7263f41cbd6fbf9e1709202ca9005eb 604295 libxi_1.7.8.orig.tar.gz c2b5263a5cb2921100f31c061de37fb84774e5ec 15765 libxi_1.7.8-2.diff.gz Checksums-Sha256: 5928022c4607b10b75c95e0b3d6474801895ef12eee3c16c9d5ebf1c366334ab 2202 libxi_1.7.8-2.dsc 7466d0c626a9cc2e53fd78c811815e82924cd7582236a82401df3d282a9c2889 604295 libxi_1.7.8.orig.tar.gz 47450993e29758a08d99a6b7c79c4044fb7bf0a5dd8ac5193c4d70555e46815d 15765 libxi_1.7.8-2.diff.gz Files: 891888a49e3c591c7999bc494b24ea47 2202 x11 optional libxi_1.7.8-2.dsc 0b7e861d0591451f89d8f87ff558900c 604295 x11 optional libxi_1.7.8.orig.tar.gz 54a54c5359d8daf5bd7fcc0005f0e924 15765 x11 optional libxi_1.7.8-2.diff.gz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhk5DsACgkQnUbEiOQ2 gwK/iBAAiRE6nCQpibRMBcAhWmvVQIT1Oid1mmXqS+IpoIVMwRac1UaW+Sye9S1w ecAVKj93vA8xp1LM/j2MUl6YO8Q5gzX73vHPuf5c0todgASOOzfZbWznWFu45Jqc ZEnKH758YETuAaWIxivLofAetFd/hCRU0xEx41fvkcmY5cpxuzhYRWXYlbQvW+2y udfLrDE0hiLhlQEfaNxujmtoRZZDBEo/q574LP3TsRrNgmIGFbSSgip0gB9NvAyT cCLf3jSd3bjv2yecvL77169UtHgR8wQuhVisi+zsAy0JD6Y21gxk9oVRBLzx6Y+u szLnt02k2InLWlt7TEZkT4MlmypLnvLBjfFozcPeD+fXJe/TQLUn05HGqWtIBNt9 e6LlI6rWtRtyY4sGDQtcLo2SVohMLcR7eSY+4fVNbFydBc/7O13iH/P3/Cd5Tu9X 55ucG+lUElGmSOs5k/x0RR2VeBJ5Oqy3hNrr02GZFbq6q20OkbrJMRShfbK2DcRb HSHsXKK2ky1GqFgRmMJf1ExPVKuc+GDd45huk4tnFlIpAtNf8n+0WfUGWSB4e/SX CEV7DluW1s4mw82mXev7/JiFEAqnwBOvTHVy0/zXMnwfn8VZCX48Bqu2z+hIpB2x N8Dr9KRCZLjQUQn4463KgQ6tGVX/8EqmmfffMx+rDIyGqgPbyAE= =28zw -----END PGP SIGNATURE-----
--- End Message ---