Bug#854465: unblock: jdupes/1.7-2

Tue, 07 Feb 2017 04:33:32 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package jdupes.

Some considerations:

  * The revision fix a segment fault issue when jdupes is used in some
    conditions. It will close #854427, severity important.

  * The patch used to fix was generated by the upstream.

  * The package was already uploaded to Sid and it builds correctly
    on all applicable architectures.

  * There is a debdiff attached.

  * The debian/changelog says:

    jdupes (1.7-2) unstable; urgency=medium

      * debian/patches/10_fix-segfault.patch: added to fix a segmentation
        fault in jdupes. (Closes: #854427)

Thanks in advance.

Regards,

Eriberto

diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog 2017-01-03 17:30:04.000000000 -0200
+++ jdupes-1.7/debian/changelog 2017-02-06 22:19:51.000000000 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2) unstable; urgency=medium
+
+  * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
+    jdupes. (Closes: #854427)
+
+ -- Joao Eriberto Mota Filho <eribe...@debian.org>  Mon, 06 Feb 2017 22:19:51 
-0200
+
 jdupes (1.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch 
jdupes-1.7/debian/patches/10_fix-segfault.patch
--- jdupes-1.7/debian/patches/10_fix-segfault.patch     1969-12-31 
21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/10_fix-segfault.patch     2017-02-06 
22:19:33.000000000 -0200
@@ -0,0 +1,147 @@
+Description: fix a major bug in string_malloc()'s free list functionality
+             (Closes: #854427)
+Author: Jody Bruchon <j...@jodybruchon.com>
+Last-Update: 2017-01-19
+Index: jdupes-1.7/string_malloc.c
+===================================================================
+--- jdupes-1.7.orig/string_malloc.c
++++ jdupes-1.7/string_malloc.c
+@@ -30,7 +30,7 @@
+ #endif
+ 
+ static void *sma_head = NULL;
+-static uintptr_t *sma_lastpage = NULL;
++static uintptr_t *sma_curpage = NULL;
+ static unsigned int sma_pages = 0;
+ static void *sma_freelist[SMA_MAX_FREE];
+ static int sma_freelist_cnt = 0;
+@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0;
+ /* Scan the freed chunk list for a suitably sized object */
+ static inline void *scan_freelist(const size_t size)
+ {
+-      size_t *min_p, *object;
++      size_t *object, *min_p;
+       size_t sz, min = 0;
+-      int i, used = 0;
++      int i, used = 0, min_i = -1;
+ 
+       /* Don't bother scanning if the list is empty */
+       if (sma_freelist_cnt == 0) return NULL;
+@@ -74,9 +74,9 @@ static inline void *scan_freelist(const
+               /* Skip smaller objects */
+               if (sz < size) continue;
+               /* Object is big enough; record if it's the new minimum */
+-              if (min == 0 || sz < min) {
++              if (min == 0 || sz <= min) {
+                       min = sz;
+-                      min_p = object;
++                      min_i = i;
+                       /* Always stop scanning if exact sized object found */
+                       if (sz == size) break;
+               }
+@@ -85,8 +85,9 @@ static inline void *scan_freelist(const
+       /* Enhancement TODO: split the free item if it's big enough */
+ 
+       /* Return smallest object found and delete from free list */
+-      if (min != 0) {
+-              sma_freelist[i] = NULL;
++      if (min_i != -1) {
++              min_p = sma_freelist[min_i];
++              sma_freelist[min_i] = NULL;
+               sma_freelist_cnt--;
+               min_p++;
+               return (void *)min_p;
+@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v
+       *pageptr = (uintptr_t)NULL;
+ 
+       /* Link previous page to this page, if applicable */
+-      if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr;
++      if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr;
+ 
+       /* Update last page pointers and total page counter */
+-      sma_lastpage = pageptr;
++      sma_curpage = pageptr;
+       sma_pages++;
+ 
+       return (void *)pageptr;
+@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v
+ 
+ void *string_malloc(size_t len)
+ {
+-      const void * restrict page = (char *)sma_lastpage;
++      const void * restrict page = (char *)sma_curpage;
+       static size_t *address;
+ 
+       /* Calling with no actual length is invalid */
+@@ -130,8 +131,6 @@ void *string_malloc(size_t len)
+               len &= ~(sizeof(uintptr_t) - 1);
+               len += sizeof(uintptr_t);
+       }
+-      /* Make room for size prefix */
+-      len += sizeof(size_t);
+ 
+       /* Pass-through allocations larger than maximum object size to malloc() 
*/
+       if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) {
+@@ -151,7 +150,7 @@ void *string_malloc(size_t len)
+               for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL;
+               /* Allocate first page and set up for first allocation */
+               sma_head = string_malloc_page();
+-              if (!sma_head) return NULL;
++              if (sma_head == NULL) return NULL;
+               sma_nextfree = sizeof(uintptr_t);
+               page = sma_head;
+       }
+@@ -164,17 +163,20 @@ void *string_malloc(size_t len)
+       }
+ 
+       /* Allocate new page if this object won't fit */
+-      if ((sma_nextfree + len) > SMA_PAGE_SIZE) {
++      if ((sma_nextfree + len + sizeof(size_t)) > SMA_PAGE_SIZE) {
+               size_t sz;
+               size_t *tailaddr;
+               /* See if remaining space is usable */
+-              if (sma_freelist_cnt < SMA_MAX_FREE && sma_nextfree < 
SMA_PAGE_SIZE) {
+-                      /* Get total remaining space size */
+-                      sz = SMA_PAGE_SIZE - sma_nextfree;
+-                      if (sz >= (SMA_MIN_SLACK + sizeof(size_t))) {
++              if (sma_freelist_cnt < SMA_MAX_FREE && (sma_nextfree + 
sizeof(size_t)) < SMA_PAGE_SIZE) {
++                      /* Get remaining space size minus page linkage and obj 
size prefix */
++                      sz = sma_nextfree + sizeof(size_t) + SMA_MIN_SLACK;
++
++                      if (sz <= SMA_PAGE_SIZE) {
++                              sz = SMA_PAGE_SIZE - sma_nextfree - 
sizeof(size_t);
+                               tailaddr = (size_t *)((uintptr_t)page + 
sma_nextfree);
+-                              *tailaddr = sz;
+-                              string_free(tailaddr + 1);
++                              *tailaddr = (size_t)sz;
++                              tailaddr++;
++                              string_free(tailaddr);
+                               DBG(sma_free_tails++;)
+                       }
+               }
+@@ -188,7 +190,7 @@ void *string_malloc(size_t len)
+       /* Prefix object with its size */
+       *address = len;
+       address++;
+-      sma_nextfree += len;
++      sma_nextfree += len + sizeof(size_t);
+ 
+       DBG(sma_allocs++;)
+       return (void *)address;
+@@ -206,7 +208,7 @@ void string_free(void * const restrict a
+               goto sf_failed;
+ 
+       /* Tiny objects keep big ones from being freed; ignore them */
+-      if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < (SMA_MIN_SLACK + 
sizeof(size_t)))
++      if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < SMA_MIN_SLACK)
+               goto sf_failed;
+ 
+       /* Add object to free list */
+@@ -233,6 +235,7 @@ void string_malloc_destroy(void)
+       uintptr_t *next;
+ 
+       cur = (void *)sma_head;
++      if (sma_head == NULL) return;
+       while (sma_pages > 0) {
+               next = (uintptr_t *)*(uintptr_t *)cur;
+               free(cur);
diff -Nru jdupes-1.7/debian/patches/series jdupes-1.7/debian/patches/series
--- jdupes-1.7/debian/patches/series    1969-12-31 21:00:00.000000000 -0300
+++ jdupes-1.7/debian/patches/series    2017-02-06 22:17:30.000000000 -0200
@@ -0,0 +1 @@
+10_fix-segfault.patch

Reply via email to