Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package jdupes. Some considerations: * The revision fix a segment fault issue when jdupes is used in some conditions. It will close #854427, severity important. * The patch used to fix was generated by the upstream. * The package was already uploaded to Sid and it builds correctly on all applicable architectures. * There is a debdiff attached. * The debian/changelog says: jdupes (1.7-2) unstable; urgency=medium * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in jdupes. (Closes: #854427) Thanks in advance. Regards, Eriberto
diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog --- jdupes-1.7/debian/changelog 2017-01-03 17:30:04.000000000 -0200 +++ jdupes-1.7/debian/changelog 2017-02-06 22:19:51.000000000 -0200 @@ -1,3 +1,10 @@ +jdupes (1.7-2) unstable; urgency=medium + + * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in + jdupes. (Closes: #854427) + + -- Joao Eriberto Mota Filho <eribe...@debian.org> Mon, 06 Feb 2017 22:19:51 -0200 + jdupes (1.7-1) unstable; urgency=medium * New upstream release. diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch jdupes-1.7/debian/patches/10_fix-segfault.patch --- jdupes-1.7/debian/patches/10_fix-segfault.patch 1969-12-31 21:00:00.000000000 -0300 +++ jdupes-1.7/debian/patches/10_fix-segfault.patch 2017-02-06 22:19:33.000000000 -0200 @@ -0,0 +1,147 @@ +Description: fix a major bug in string_malloc()'s free list functionality + (Closes: #854427) +Author: Jody Bruchon <j...@jodybruchon.com> +Last-Update: 2017-01-19 +Index: jdupes-1.7/string_malloc.c +=================================================================== +--- jdupes-1.7.orig/string_malloc.c ++++ jdupes-1.7/string_malloc.c +@@ -30,7 +30,7 @@ + #endif + + static void *sma_head = NULL; +-static uintptr_t *sma_lastpage = NULL; ++static uintptr_t *sma_curpage = NULL; + static unsigned int sma_pages = 0; + static void *sma_freelist[SMA_MAX_FREE]; + static int sma_freelist_cnt = 0; +@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0; + /* Scan the freed chunk list for a suitably sized object */ + static inline void *scan_freelist(const size_t size) + { +- size_t *min_p, *object; ++ size_t *object, *min_p; + size_t sz, min = 0; +- int i, used = 0; ++ int i, used = 0, min_i = -1; + + /* Don't bother scanning if the list is empty */ + if (sma_freelist_cnt == 0) return NULL; +@@ -74,9 +74,9 @@ static inline void *scan_freelist(const + /* Skip smaller objects */ + if (sz < size) continue; + /* Object is big enough; record if it's the new minimum */ +- if (min == 0 || sz < min) { ++ if (min == 0 || sz <= min) { + min = sz; +- min_p = object; ++ min_i = i; + /* Always stop scanning if exact sized object found */ + if (sz == size) break; + } +@@ -85,8 +85,9 @@ static inline void *scan_freelist(const + /* Enhancement TODO: split the free item if it's big enough */ + + /* Return smallest object found and delete from free list */ +- if (min != 0) { +- sma_freelist[i] = NULL; ++ if (min_i != -1) { ++ min_p = sma_freelist[min_i]; ++ sma_freelist[min_i] = NULL; + sma_freelist_cnt--; + min_p++; + return (void *)min_p; +@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v + *pageptr = (uintptr_t)NULL; + + /* Link previous page to this page, if applicable */ +- if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr; ++ if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr; + + /* Update last page pointers and total page counter */ +- sma_lastpage = pageptr; ++ sma_curpage = pageptr; + sma_pages++; + + return (void *)pageptr; +@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v + + void *string_malloc(size_t len) + { +- const void * restrict page = (char *)sma_lastpage; ++ const void * restrict page = (char *)sma_curpage; + static size_t *address; + + /* Calling with no actual length is invalid */ +@@ -130,8 +131,6 @@ void *string_malloc(size_t len) + len &= ~(sizeof(uintptr_t) - 1); + len += sizeof(uintptr_t); + } +- /* Make room for size prefix */ +- len += sizeof(size_t); + + /* Pass-through allocations larger than maximum object size to malloc() */ + if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) { +@@ -151,7 +150,7 @@ void *string_malloc(size_t len) + for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL; + /* Allocate first page and set up for first allocation */ + sma_head = string_malloc_page(); +- if (!sma_head) return NULL; ++ if (sma_head == NULL) return NULL; + sma_nextfree = sizeof(uintptr_t); + page = sma_head; + } +@@ -164,17 +163,20 @@ void *string_malloc(size_t len) + } + + /* Allocate new page if this object won't fit */ +- if ((sma_nextfree + len) > SMA_PAGE_SIZE) { ++ if ((sma_nextfree + len + sizeof(size_t)) > SMA_PAGE_SIZE) { + size_t sz; + size_t *tailaddr; + /* See if remaining space is usable */ +- if (sma_freelist_cnt < SMA_MAX_FREE && sma_nextfree < SMA_PAGE_SIZE) { +- /* Get total remaining space size */ +- sz = SMA_PAGE_SIZE - sma_nextfree; +- if (sz >= (SMA_MIN_SLACK + sizeof(size_t))) { ++ if (sma_freelist_cnt < SMA_MAX_FREE && (sma_nextfree + sizeof(size_t)) < SMA_PAGE_SIZE) { ++ /* Get remaining space size minus page linkage and obj size prefix */ ++ sz = sma_nextfree + sizeof(size_t) + SMA_MIN_SLACK; ++ ++ if (sz <= SMA_PAGE_SIZE) { ++ sz = SMA_PAGE_SIZE - sma_nextfree - sizeof(size_t); + tailaddr = (size_t *)((uintptr_t)page + sma_nextfree); +- *tailaddr = sz; +- string_free(tailaddr + 1); ++ *tailaddr = (size_t)sz; ++ tailaddr++; ++ string_free(tailaddr); + DBG(sma_free_tails++;) + } + } +@@ -188,7 +190,7 @@ void *string_malloc(size_t len) + /* Prefix object with its size */ + *address = len; + address++; +- sma_nextfree += len; ++ sma_nextfree += len + sizeof(size_t); + + DBG(sma_allocs++;) + return (void *)address; +@@ -206,7 +208,7 @@ void string_free(void * const restrict a + goto sf_failed; + + /* Tiny objects keep big ones from being freed; ignore them */ +- if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < (SMA_MIN_SLACK + sizeof(size_t))) ++ if (*(size_t *)((uintptr_t)addr - sizeof(size_t)) < SMA_MIN_SLACK) + goto sf_failed; + + /* Add object to free list */ +@@ -233,6 +235,7 @@ void string_malloc_destroy(void) + uintptr_t *next; + + cur = (void *)sma_head; ++ if (sma_head == NULL) return; + while (sma_pages > 0) { + next = (uintptr_t *)*(uintptr_t *)cur; + free(cur); diff -Nru jdupes-1.7/debian/patches/series jdupes-1.7/debian/patches/series --- jdupes-1.7/debian/patches/series 1969-12-31 21:00:00.000000000 -0300 +++ jdupes-1.7/debian/patches/series 2017-02-06 22:17:30.000000000 -0200 @@ -0,0 +1 @@ +10_fix-segfault.patch