Your message dated Sat, 07 Apr 2018 17:35:21 +0000 with message-id <e1f4rkh-000aaf...@fasolo.debian.org> and subject line Bug#894386: fixed in libinstpatch 1.0.0-7 has caused the Debian Bug report #894386, regarding libinstpatch: memory corruption in file IpatchSF2Reader.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 894386: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894386 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libinstpatch Severity: normal Dear Maintainer, The file IpatchSF2Reader.c has seen in the upstream code base some fixes of potential memory corruption. This can lead to undefined behaviour. I provide a patch with the specific changes, fixing the issue. -- System Information: Debian Release: buster/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-2-amd64 (SMP w/24 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled--- libinstpatch-1.0.0/libinstpatch/IpatchSF2Reader.c 2010-10-25 12:46:26.000000000 -0400 +++ libinstpatch-1.0.0.orig/libinstpatch/IpatchSF2Reader.c 2018-03-29 11:57:52.433939326 -0400 @@ -647,13 +647,13 @@ if (!ipatch_file_read (riff->handle, bag_table, chunk->size, err)) return (FALSE); /* bag_table will be freed by finalize() */ - pgenndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[0]); - pmodndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[1]); + pgenndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[0]); + pmodndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[1]); for (i=0; i < reader->pbag_count; i++) { - genndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[(i+1)*2]); - modndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[(i+1)*2+1]); + genndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[(i+1)*2]); + modndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[(i+1)*2+1]); if (genndx < pgenndx) { @@ -973,13 +973,13 @@ if (!ipatch_file_read (riff->handle, bag_table, chunk->size, err)) return (FALSE); /* bag_table will be freed by finalize() */ - pgenndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[0]); - pmodndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[1]); + pgenndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[0]); + pmodndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[1]); for (i=0; i < reader->ibag_count; i++) { - genndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[(i+1)*2]); - modndx = IPATCH_FILE_SWAP16 (riff->handle, &bag_table[(i+1)*2+1]); + genndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[(i+1)*2]); + modndx = IPATCH_FILE_SWAP16 (riff->handle->file, &bag_table[(i+1)*2+1]); if (genndx < pgenndx) {
--- End Message ---
--- Begin Message ---Source: libinstpatch Source-Version: 1.0.0-7 We believe that the bug you reported is fixed in the latest version of libinstpatch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 894...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill <jcowg...@debian.org> (supplier of updated libinstpatch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Apr 2018 18:26:26 +0100 Source: libinstpatch Binary: libinstpatch-1.0-0 libinstpatch-dev libinstpatch-doc Architecture: source Version: 1.0.0-7 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multime...@lists.debian.org> Changed-By: James Cowgill <jcowg...@debian.org> Description: libinstpatch-1.0-0 - MIDI instrument editing library libinstpatch-dev - MIDI instrument editing library development files libinstpatch-doc - MIDI instrument editing library documentation Closes: 894386 Changes: libinstpatch (1.0.0-7) unstable; urgency=medium . * Team upload. . [ James Cowgill ] * debian/compat: Use debhelper compat 11. * debian/control: - Set Maintainer to debian-multimedia@lists.d.o. - Drop unneeded build-dependency on autotools-dev. - Bump standards version to 4.1.4. - Set Rules-Requires-Root: no. * debian/libinstpatch-1.0-0.symbols: - Use a single symbols file for all arches. * debian/patches: - Add upstream patch to fix IPATCH_FILE_SWAP16 usage in IpatchSF2Reader. (Closes: #894386) - Mark patches already applied upstream. * debian/rules: - Remove useless LDFLAGS variable in d/rules. * debian/source/local-options: Remove. . [ Ondřej Nový ] * d/copyright: Change Format URL to correct one. * d/control: Set Vcs-* to salsa.debian.org. * d/changelog: Remove trailing whitespaces. Checksums-Sha1: 684f29f1afae624ccd1f2c2a0889bc8dcc74a13f 2313 libinstpatch_1.0.0-7.dsc 4bfcf9f2201d0528d397b53037c51e00220a9d41 10404 libinstpatch_1.0.0-7.debian.tar.xz 912ca6229a6c1f0d0e5fadb9f7da72a1ec2082a5 7317 libinstpatch_1.0.0-7_source.buildinfo Checksums-Sha256: 7f9048224923223db7463a9124dcb32b9429eef404700c74eb91e9253169bcc5 2313 libinstpatch_1.0.0-7.dsc 56ae1b288421c4d989ba2de7443dcee10aedab67e86cd040013d7dcea7c2cb45 10404 libinstpatch_1.0.0-7.debian.tar.xz 96afa4090b92a73e0c1fca3264f4832129d64b3688271d737c0edeab115226f8 7317 libinstpatch_1.0.0-7_source.buildinfo Files: a52988cea0ca0b74b8ebbb2760726f1d 2313 sound optional libinstpatch_1.0.0-7.dsc da0c87ff62ab7aab0422e53c59374316 10404 sound optional libinstpatch_1.0.0-7.debian.tar.xz 2a0d41902cf9960722ff1585ea82de2e 7317 sound optional libinstpatch_1.0.0-7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlrI/4oUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe8M9A/4hwOR76ODmPX5X/PUqoaTQN9GffAe TLcCB/NaRaocgjkMr+H/3nYvvWIUEBkVJWKWzoH8mNN2KjHIzu5uTw0LBR9INYoB B5cMwNYarTsKGXi41QfApjzlMZpDwgZr3qS7/2sQ6r8c+QSzGkL2UGYGB0NJ19rj UC+Whjp7utpTyjldkchX8E8Qx++9Vbb6oIODLPZHULehluowrT3K/l+G7UTUMtNC aOXBB6GHaOkqZmaqrzlhzsUBzs6MI4tPAi1xXhZA6jlrTZUsQ6scT+lDsVbIeEPz ZWzxmvk7fBDnTv/NUYFtIVD4qO0T8NTzmN4pPjfRc9N5WdSX75737rUSGdX+XC2+ EwJFlhGWTkCvSfa+8iNnVgCyRwg21BxpRgD0E+E3w7dqTyMUshH3QvHzKNiHNl6Z YyhTS6LU7zw2hMUE6FA5M7s9bU0UDM74dQb2aT7BoO+rDpi4X7ZJHnaoPxImGH0K TqZ1rtK6Nb8VBSlkE5rwJRDZo2t9/RDi2MA/S+zFU4L8BkIdJeW5MVrhOOibrOxg ad09kIbzSkciD6JB37Hmx7hwOZr8eHBfXMGqsbCwTkwLyAeWp/ejvObxNKxGHn3n cLnk3MiXgNkKwCB8ooOoeXgbOjyNMCD6R/jb9usfyn5uR/46mIBxNxGBocZ2oCDq j+ddzsX4Wvu6pQ== =v9ld -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
