Bug#731967: debdiff of NMU of libqb 0.16.0.real-1.1

Wed, 19 Feb 2014 23:58:28 -0800 

debdiff libqb_0.16.0.real-1.dsc libqb_0.16.0.real-1.1.dsc
diff -Nru libqb-0.16.0.real/debian/changelog libqb-0.16.0.real/debian/changelog
--- libqb-0.16.0.real/debian/changelog  2013-08-02 06:39:15.000000000 +0100
+++ libqb-0.16.0.real/debian/changelog  2014-02-20 07:32:10.000000000 +0000
@@ -1,3 +1,15 @@
+libqb (0.16.0.real-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Do not overwrite memory during reading
+    Add test_ring_buffer1.diff
+    Patch by Dejan Latinovic
+    Closes: #731967
+  * Pass --localstatedir=`pwd`/var to configure to not fail the
+    tests when it's built with pbuilder
+
+ -- Anibal Monsalve Salazar <ani...@debian.org>  Thu, 20 Feb 2014 07:21:30 
+0000
+
 libqb (0.16.0.real-1) unstable; urgency=low
 
   * New upload, this time with the "right" upstream .orig.tar.gz
diff -Nru libqb-0.16.0.real/debian/patches/series 
libqb-0.16.0.real/debian/patches/series
--- libqb-0.16.0.real/debian/patches/series     2013-08-02 07:03:11.000000000 
+0100
+++ libqb-0.16.0.real/debian/patches/series     2014-02-19 10:33:58.000000000 
+0000
@@ -1 +1,2 @@
 fix_version_number.patch
+test_ring_buffer1.diff
diff -Nru libqb-0.16.0.real/debian/patches/test_ring_buffer1.diff 
libqb-0.16.0.real/debian/patches/test_ring_buffer1.diff
--- libqb-0.16.0.real/debian/patches/test_ring_buffer1.diff     1970-01-01 
01:00:00.000000000 +0100
+++ libqb-0.16.0.real/debian/patches/test_ring_buffer1.diff     2014-02-14 
12:50:15.000000000 +0000
@@ -0,0 +1,66 @@
+Author: "Dejan Latinovic" <dejan.latino...@rt-rk.com>
+Description: Fix for ring buffer test.
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731967
+
+After I ran rb.test manually I got this error:
+
+< Running suite(s): ringbuffer
+< 75%: Checks: 4, Failures: 0, Errors: 1
+< check_rb.c:82:E:test01:test_ring_buffer1:0: (after this point) Received < < 
signal 11 (Segmentation fault)
+< check_rb.c:123:P:test02:test_ring_buffer2:0: Passed
+< check_rb.c:155:P:test03:test_ring_buffer3:0: Passed
+< check_rb.c:183:P:test04:test_ring_buffer4:0: Passed
+
+
+The problem is that test_ring_buffer1 in ./tests/check_rb.c,
+at line:
+< actual = qb_rb_chunk_read(rb, &hdr, 512, 0);
+
+is attempting to read chunk from ring buffer
+< qb_ringbuffer_t *rb
+
+and store it into address of struct hdr
+< struct qb_ipc_request_header hdr;
+
+If the size of the chunk(90-93) is larger than size of the hdr (16),
+it comes to overwriting memory during reading.
+
+This test does not fail on some other architectures
+because there is a possibility that my_buf is located after hdr,
+< char my_buf[512];
+and then the overwriting passes unnoticed.
+
+A patch fixing this issue is attached.
+
+Index: libqb-0.16.0.real/tests/check_rb.c
+===================================================================
+--- libqb-0.16.0.real.orig/tests/check_rb.c    2013-12-09 14:28:57.000000000 
+0000
++++ libqb-0.16.0.real/tests/check_rb.c 2013-12-09 14:31:15.000000000 +0000
+@@ -57,8 +57,9 @@
+                                   hdr.id, "actually the line number", i,
+                                   __func__, __FILE__) + 1;
+                       hdr.size += sizeof(struct qb_ipc_request_header);
++                      memcpy(my_buf, &hdr, sizeof(struct 
qb_ipc_request_header));
+                       avail = qb_rb_space_free(rb);
+-                      actual = qb_rb_chunk_write(rb, &hdr, hdr.size);
++                      actual = qb_rb_chunk_write(rb, my_buf, hdr.size);
+                       if (avail < (hdr.size + (3 * sizeof(uint32_t)))) {
+                               ck_assert_int_eq(actual, -EAGAIN);
+                       } else {
+@@ -72,13 +73,13 @@
+               str = my_buf + sizeof(struct qb_ipc_request_header);
+ 
+               for (i = 0; i < 15; i++) {
+-                      actual = qb_rb_chunk_read(rb, &hdr, 512, 0);
++                      actual = qb_rb_chunk_read(rb, my_buf, 512, 0);
+                       if (actual < 0) {
+                               ck_assert_int_eq(0, qb_rb_chunks_used(rb));
+                               break;
+                       }
++                      memcpy(&hdr, my_buf, sizeof(struct 
qb_ipc_request_header));
+                       str[actual - sizeof(struct qb_ipc_request_header)] = 
'\0';
+-
+                       ck_assert_int_eq(actual, hdr.size);
+               }
+       }
diff -Nru libqb-0.16.0.real/debian/rules libqb-0.16.0.real/debian/rules
--- libqb-0.16.0.real/debian/rules      2013-03-20 23:03:33.000000000 +0000
+++ libqb-0.16.0.real/debian/rules      2014-02-20 07:20:49.000000000 +0000
@@ -17,3 +17,7 @@
 
 override_dh_autoreconf:
        dh_autoreconf ./autogen.sh
+
+override_dh_auto_configure:
+       mkdir -p `pwd`/dev/shm `pwd`/var/run
+       dh_auto_configure -- --localstatedir=`pwd`/var


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to