[Pkg-running-devel] Bug#819410: garmin-forerunner-tools: missing prototypes will cause segfaults on 64-bit archs

Mon Mar 28 06:12:55 UTC 2016

Package: garmin-forerunner-tools
Version: 0.10repacked-7
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu xenial ubuntu-patch

Hi folks,

The Ubuntu autobuilders have detected a problem with your package on 64-bit
architectures.  The code is using various standard C functions without
including the headers necessary to declare them.  Implicit declarations are
treated as returning an int, which means for any of these functions that
return a pointer the return value will be truncated on 64-bit architectures,
typically resulting in a segfault.

The attached patch fixes the various missing function declarations, which
should eliminate various bugs - including segfaults on 64-bit architectures
- and allow the package to build in Ubuntu, where this is treated as a build
failure.

In the process, I've also identified some issues in debian/rules that
prevent the package from cleanly building in place more than once.  Please
find the patch for all of these issues attached.  It has been uploaded to
Ubuntu with the following changelog:

  * debian/patches/missing-prototypes: include missing headers to ensure
    proper declarations.
  * fix debian/rules dependencies to not make config.status depend on
    'configure' target, a file that will be removed in debian/rules clean.
  * fix clean target to not fail.

As an aside, I had a brief look at bug #816314 to see if it was related.  It
wasn't; the crashing function was unaffected by this bug, and the crash was
reported on i386, a 32-bit architecture.  But what I saw of the code in the
process leaves me concerned about the overall code quality in this package. 
In particular, this construction in garmin_open():

  if ( garmin->usb.handle == NULL ) {
    if ( ctx == NULL ) {
[...]
      if ( err ) {
[...]
        return ( garmin->usb.handle != NULL );
      }
    }
[...]
  }

So obviously, garmin->usb.handle is NULL at this point...?

The build log also reports that libgarmintools is not linked against the
libusb library that it depends on, which could cause bugs later if libusb
ever started using symbol versioning.

Hopefully this patch will help with this package's utility, but it looks to
me like some deeper maintenance might be in order.

Thanks for considering,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: garmin-forerunner-tools_0.10repacked-7ubuntu1.debdiff
Type: text/x-diff
Size: 5186 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-running-devel/attachments/20160327/651509e7/attachment.diff>