[pkg-fgfs-crew] simgear rebuild needed? [Was: Bug#765855: libopenscenegraph100: use-after-free crash in Node::remove*Callback]
Florent Rougon
f.rougon at free.fr
Sat Nov 1 17:27:21 UTC 2014
Hello,
"Rebecca N. Palmer" <rebecca_palmer at zoho.com> wrote:
> This crash is a use-after-free in openscenegraph Node::remove*Callback:
> if the node holds the only reference to the callback (nc itself isn't a
> ref_ptr so doesn't count), it will automatically be freed when removed,
> and the following nc->setNestedCallback(0) is hence an out of bounds access.
[...]
> This is fixed upstream by
> https://github.com/openscenegraph/osg/commit/49d560f4d9d0641c98df67264b7ace4733c6b9a9;
> I have checked that this fixes this bug. As the fix is in an inline
> method, a rebuild of simgear is required to pick it up; given that we
> don't know if any more of openscenegraph's reverse dependencies are
> affected, I suggest binNMUing them all. (This isn't a now-forbidden
> transition as the interface doesn't change: fixing openscenegraph
> without rebuilding doesn't further break things, it just doesn't fix the
> bug.)
Wow, you did an outstanding work, Rebecca! I tested this commit as you
said and FG doesn't crash anymore. Moreover, openscenegraph 3.2.1-5 has
been uploaded to unstable yesterday, containing this bug fix. I rebuilt
simgear 3.0.0 and 3.2.0 separately against this new version and it does
fix the FG crash in both versions. Therefore, as you suggested, it is
probably time to ask for binNMUs of both simgear versions (3.0.0 in
unstable and 3.2.0 in experimental). Or maybe it has to be done manually
for experimental, since it's a bit special, I don't know.
Thank you!
--
Florent
More information about the pkg-fgfs-crew
mailing list