[libmusicbrainz-discid-perl] 01/01: add patch fixing patch currpution in diskid_put

Damyan Ivanov dmn at moszumanska.debian.org
Tue Aug 19 14:39:26 UTC 2014 

This is an automated email from the git hooks/post-receive script.

dmn pushed a commit to branch master
in repository libmusicbrainz-discid-perl.

commit ef724c8d71c2c13cb892befe50eced8fa7bea010
Author: Damyan Ivanov <dmn at debian.org>
Date:   Tue Aug 19 14:39:19 2014 +0000

    add patch fixing patch currpution in diskid_put
    
    Fixes failing tests in i386 and other 32-bit archtectures with
    -fstack-protector-strong
    Closes: #758216
---
 debian/patches/series                            |  1 +
 debian/patches/stack-corruption-discid_put.patch | 26 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/debian/patches/series b/debian/patches/series
index 47d7148..80152e0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 pod-encoding.patch
 url.patch
+stack-corruption-discid_put.patch
diff --git a/debian/patches/stack-corruption-discid_put.patch b/debian/patches/stack-corruption-discid_put.patch
new file mode 100644
index 0000000..9d540ad
--- /dev/null
+++ b/debian/patches/stack-corruption-discid_put.patch
@@ -0,0 +1,26 @@
+Description: stack corruption in discid_put
+ This patch fixes two ways to corrupt the stack. One is by supplying
+ more that 99 offset arguments. The offsets array is declared with space
+ for 100 elements, but the first is reserved for the sectors argument.
+ .
+ The second stack corruption is because of a typo in the initialization
+ for loop. Because of that, the for loop is essentially reduced to
+ "i=100" and the following line (not part of the loop) sets
+ offsets[100], which is beyond the allocated space for the array. Using
+ memset should be safer and possibly faster.
+Author: Damyan Ivanov <dmn at debian.org>
+Bug-Debian: https://bugs.debian.org/758216
+
+--- a/lib/MusicBrainz/DiscID.xs
++++ b/lib/MusicBrainz/DiscID.xs
+@@ -127,8 +127,8 @@ discid_put( disc, first_track, sectors,
+   PREINIT:
+ 	  int i, last_track, offsets[100];
+   CODE:
+-	  for (i=0;i<100;i++);
+-	      offsets[i] = 0;
++    if (items > 102 ) croak("Maximum of 99 offsets exceeded");
++    memset(offsets, 0, sizeof(offsets));
+     for (i=3; i<items; i++) {
+         offsets[i-2] = (int)SvIV(ST(i));
+     }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libmusicbrainz-discid-perl.git

More information about the Pkg-perl-cvs-commits mailing list