Bug#612326: marked as done (liboauth0: patch to xmalloc_fatal removes error handling)

Thu, 11 Aug 2011 03:57:46 -0700 

Your message dated Thu, 11 Aug 2011 13:37:22 +0300
with message-id <[email protected]>
and subject line Bug fixed in 0.9.4-2
has caused the Debian Bug report #612326,
regarding liboauth0: patch to xmalloc_fatal removes error handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
612326: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612326
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: liboauth0
Version: 0.9.4-1
Severity: normal

The patch 02_xmalloc_dont_exit.patch changes xmalloc_fatal to not exit
in case of failure.  However this is done wrong as the functions calling
xmalloc and friends expect to never get a NULL pointer.

This can be verified by "sabotaging" xmalloc to always call
xmalloc_fatal (even when malloc was successful).  Doing so results in
the test suite crashing with a segmentation fault, cf. [1].

If the library should not just call exit(), the code must make sure to
return an error whenever xmalloc fails.

Also the return value of the patched xmalloc_fatal is currently not well
defined: there is no return statement at the end of the function.

Regards,
Ansgar

  [1] <http://lists.debian.org/[email protected]>

--- End Message ---
--- Begin Message --- 
fixed 612326 0.9.4-2
thanks
I've uploaded a version 0.9.4-2 which fixes this bug by returning NULL in case malloc fails. 

Changelog:
 liboauth (0.9.4-2) unstable; urgency=low
 .
   * Make package multiarch-aware.
     - Bump compat to 9.
   * debian/control:
- Add libcurl4-gnutls-dev to liboauth-dev dependencies, thanks Mathieu! 
     - Bump Standards-Version to 3.9.2 (no changes needed).
   * debian/patches/02_xmalloc_dont_exit.patch: Return NULL in case malloc
     fails.
I forgot to add the Closes: #nnn tag while uploading, so I'm closing this bug now.

--- End Message ---

Reply via email to