Bug#893285: stretch-pu: package docbook-to-man/1:2.0.0-35+deb9u1

Mon, 19 Mar 2018 20:00:42 -0700 

retitle 893285 stretch-pu: package docbook-to-man/1:2.0.0-35+deb9u1
reassign 893285 release.debian.org
severity 893285 normal
tags 893285 + stretch
user release.debian....@packages.debian.org
usertags 893285 pu
thanks

Hi,

I'd like update docbook-to-man in stable to fix an issue with corrupted
output due to incorrect use of memcpy vs memmove as originally outlined
in #842635 and #858389

The diff is attached (modulo the changelog entry), but just to quote the
relevant portion here:

  --- a/Instant/main.c
  +++ b/Instant/main.c
  @@ -796,7 +796,7 @@ ReadESIS(
                        if ( ! buf[2] )
                                break;
                        buf[0] = ' ';
  -                     memcpy(&buf[1], &buf[2], strlen(buf)-1);
  +                     memmove(&buf[1], &buf[2], strlen(buf)-1);
                }
   
                cont[ncont].ch.data = strdup(buf);

(This would also make a number of packages reproducible.)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

diffstat for docbook-to-man-2.0.0 docbook-to-man-2.0.0

 12-Prevent-undefined-behaviour-in-memcpy-parameter-over.patch |   29 ++++++++++
 series                                                        |    1 
 2 files changed, 30 insertions(+)

diff -Nru 
docbook-to-man-2.0.0/debian/patches/12-Prevent-undefined-behaviour-in-memcpy-parameter-over.patch
 
docbook-to-man-2.0.0/debian/patches/12-Prevent-undefined-behaviour-in-memcpy-parameter-over.patch
--- 
docbook-to-man-2.0.0/debian/patches/12-Prevent-undefined-behaviour-in-memcpy-parameter-over.patch
   1969-12-31 19:00:00.000000000 -0500
+++ 
docbook-to-man-2.0.0/debian/patches/12-Prevent-undefined-behaviour-in-memcpy-parameter-over.patch
   2016-09-17 21:03:42.000000000 -0400
@@ -0,0 +1,29 @@
+From: Chris Lamb <la...@debian.org>
+Date: Fri, 12 May 2017 10:58:54 +0200
+Subject: Prevent undefined behaviour in memcpy parameter overlap.
+
+On i386 (but not armhf or amd64), docbook-to-man inserts random
+characters into the output. e.g. it will sometimes generate an "I"
+instead of a literal tab.
+
+Thanks to Chris West <solo-debianb...@goeswhere.com> and Yuri Gribov
+<tetra2...@gmail.com>
+
+Debian-Bugs: #842635 #858389
+---
+ Instant/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Instant/main.c b/Instant/main.c
+index 64a5e96..0341670 100644
+--- a/Instant/main.c
++++ b/Instant/main.c
+@@ -796,7 +796,7 @@ ReadESIS(
+                       if ( ! buf[2] )
+                               break;
+                       buf[0] = ' ';
+-                      memcpy(&buf[1], &buf[2], strlen(buf)-1);
++                      memmove(&buf[1], &buf[2], strlen(buf)-1);
+               }
+ 
+               cont[ncont].ch.data = strdup(buf);
diff -Nru docbook-to-man-2.0.0/debian/patches/series 
docbook-to-man-2.0.0/debian/patches/series
--- docbook-to-man-2.0.0/debian/patches/series  2016-09-17 21:03:42.000000000 
-0400
+++ docbook-to-man-2.0.0/debian/patches/series  2016-09-17 21:03:42.000000000 
-0400
@@ -7,3 +7,4 @@
 07-remove-timestamp.patch
 10-better-checking-of-return-value-of-Split-function.patch
 11-remove-sp-dependency.patch
+12-Prevent-undefined-behaviour-in-memcpy-parameter-over.patch

Reply via email to