Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hello release team,
A memory leak was found in in libmagic's (src:file) loader of magic
files, appearently independently by Shi Yin in PR/569[1] and Arnaud
Quette in #840754[2]. This was fixed upstream in version 5.29 which is
in testing and unstable (as 1:5.29-1), oldstable/wheezy doesn't seem to
have this problem.
For stable/jessie I'd like to handle this in the next point release.
The actual fix is commit FILE5_28-42-g10ee4ec[3] where commit
FILE5_24-31-g3aa35aa[4] is needed as a prerequisite. I've dropped a
hunk from that fix which AFAICS is not relevant for Debian and would
otherwise require the inclusion FILE5_25-3-gb0ccffd[5] as another
prerequisite: According to its description, that third commit is needed
on systems without mmap only.
Find attached:
* A debdiff for 1:5.22+15-2+deb8u3
* A commulative patch about the code changes to ease review.
After applying the patch, the valgrind check as described in the BTS
no longer reports leaks.
Regards,
Christoph
[1] https://bugs.gw.com/view.php?id=569
[2] https://bugs.debian.org/840754
[3] https://github.com/file/file/commit/FILE5_28-42-g10ee4ec
[4] https://github.com/file/file/commit/FILE5_24-31-g3aa35aa
[5] https://github.com/file/file/commit/FILE5_25-3-gb0ccffd
diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog 2016-05-09 08:23:30.0 +0200
+++ file-5.22+15/debian/changelog 2016-12-04 10:00:07.0 +0100
@@ -1,3 +1,9 @@
+file (1:5.22+15-2+deb8u3) stable; urgency=medium
+
+ * Fix memory leak in magic loader. Closes: #840754
+
+ -- Christoph Biedl Sun, 04 Dec 2016
10:00:07 +0100
+
file (1:5.22+15-2+deb8u2) stable; urgency=high
* Fix CVE-2015-8865:
diff -Nru
file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
---
file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
1970-01-01 01:00:00.0 +0100
+++
file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
2016-12-02 00:00:46.0 +0100
@@ -0,0 +1,32 @@
+Subject: Don't leak memory when loading non-compiled files
+Origin: FILE5_24-31-g3aa35aa
+Upstream-Author: Christos Zoulas
+Date: Thu Sep 10 13:59:47 2015 +
+
+--- a/src/apprentice.c
b/src/apprentice.c
+@@ -538,6 +538,7 @@
+ private void
+ apprentice_unmap(struct magic_map *map)
+ {
++ size_t i;
+ if (map == NULL)
+ return;
+
+@@ -550,6 +551,8 @@
+ #endif
+ case MAP_TYPE_MALLOC:
+ free(map->p);
++ for (i = 0; i < MAGIC_SETS; i++)
++ free(map->magic[i]);
+ break;
+ case MAP_TYPE_USER:
+ break;
+@@ -1285,6 +1288,7 @@
+ file_oomem(ms, sizeof(*map));
+ return NULL;
+ }
++ map->type = MAP_TYPE_MALLOC;
+
+ /* print silly verbose header for USG compat. */
+ if (action == FILE_CHECK)
diff -Nru
file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
---
file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
1970-01-01 01:00:00.0 +0100
+++
file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
2016-12-04 09:36:35.0 +0100
@@ -0,0 +1,22 @@
+Subject: PR/569: Shi Yin: Fix memory leak
+Origin: FILE5_28-42-g10ee4ec
+Upstream-Author: Christos Zoulas
+Date: Sun Sep 11 13:53:02 2016 +
+Comment: Only relevant parts of that commit were used
+
+--- a/src/apprentice.c
b/src/apprentice.c
+@@ -404,11 +404,11 @@
+ {
+ struct mlist *ml;
+
+- mlp->map = idx == 0 ? map : NULL;
++ mlp->map = NULL;
+ if ((ml = CAST(struct mlist *, malloc(sizeof(*ml == NULL)
+ return -1;
+
+- ml->map = NULL;
++ ml->map = idx == 0 ? map : NULL;
+ ml->magic = map->magic[idx];
+ ml->nmagic = map->nmagic[idx];
+
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series 2016-05-09 08:10:53.0 +0200
+++ file-5.22+15/debian/patches/series 2016-12-04 09:50:30.0 +0100
@@ -13,3 +13,5 @@
cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
CVE-2015-8865.6713ca4.patch
+cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch