Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, [ please Cc me on replies, I'm not subscribed to -release ] I would like to upload to sid a bug fix against libisoburn/1.2.2-1, which we would like to further have in wheezy as well. I'm now waiting for a green light to upload to sid. Full debdiff, along with explanations, is attached. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
diff -Nru libisoburn-1.2.2/debian/changelog libisoburn-1.2.2/debian/changelog --- libisoburn-1.2.2/debian/changelog 2012-04-03 21:27:52.000000000 +0200 +++ libisoburn-1.2.2/debian/changelog 2012-07-30 09:34:57.000000000 +0200 @@ -1,3 +1,12 @@ +libisoburn (1.2.2-2) unstable; urgency=low + + * Bug fix patch: SIGSEGV-by-uninitialized-local-variable + Prevent a SIGSEGV due to usage of uninitialized local variable + with -check_media patch_lba0="on" option. Regression introduced + by version 1.0.6 (Closes: #683248) + + -- George Danchev <danc...@spnet.net> Fri, 27 Jul 2012 10:26:57 +0200 + libisoburn (1.2.2-1) unstable; urgency=low * New upstream release diff -Nru libisoburn-1.2.2/debian/patches/series libisoburn-1.2.2/debian/patches/series --- libisoburn-1.2.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libisoburn-1.2.2/debian/patches/series 2012-07-30 09:34:57.000000000 +0200 @@ -0,0 +1 @@ +SIGSEGV-by-uninitialized-local-variable diff -Nru libisoburn-1.2.2/debian/patches/SIGSEGV-by-uninitialized-local-variable libisoburn-1.2.2/debian/patches/SIGSEGV-by-uninitialized-local-variable --- libisoburn-1.2.2/debian/patches/SIGSEGV-by-uninitialized-local-variable 1970-01-01 01:00:00.000000000 +0100 +++ libisoburn-1.2.2/debian/patches/SIGSEGV-by-uninitialized-local-variable 2012-07-30 09:34:57.000000000 +0200 @@ -0,0 +1,57 @@ +Description: SIGSEGV by uninitialized local variable with -check_media patch_lba0="on" + The fix is worthwhile, because the bug is nasty albeit rarely occuring. + I encountered a SIGSEGV by dereferring NULL, but it could have been any + other random stack value instead. So the bug has some potential. + The risk of introducing regressions is low. +Author: Thomas Schmitt <scdbac...@gmx.net> +Origin: upstream, http://libburnia-project.org/changeset/4809 +Bug-Debian: http://bugs.debian.org/683248 +Forwarded: not-needed +Reviewed-By: George Danchev <danc...@spnet.net> +Last-Update: 2012-30-07 + +--- libisoburn-1.2.2.orig/xorriso/write_run.c ++++ libisoburn-1.2.2/xorriso/write_run.c +@@ -2357,7 +2357,7 @@ int Xorriso_update_iso_lba0(struct Xorri + int ret, full_size, i; + char *headpt; + struct burn_drive_info *dinfo; +- struct burn_drive *drive; ++ struct burn_drive *drive = NULL; + off_t seek_ret, to_write; + int tag_type; + uint32_t pos, range_start, range_size, next_tag; +@@ -2387,8 +2387,9 @@ int Xorriso_update_iso_lba0(struct Xorri + + if(!(flag & 2)) { + /* head_buffer was not filled yet. Read it from output media. */ +- if(burn_drive_get_drive_role(drive) == 5) /* write-only */ +- return(2); ++ if(drive != NULL) ++ if(burn_drive_get_drive_role(drive) == 5) /* write-only */ ++ return(2); + if(job != NULL && job->data_to_fd >= 0) { + if((flag & 8) && job->sector_map != NULL) { + ret= Sectorbitmap_bytes_are_set(job->sector_map, +@@ -2416,16 +2417,18 @@ int Xorriso_update_iso_lba0(struct Xorri + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, errno, "FAILURE",0); + return(0); + } +- ret= isoburn_read_iso_head(drive, 0, &isosize, head_buffer, 1 << 13); ++ ret= isoburn_read_iso_head(NULL, 0, &isosize, head_buffer, 1 << 13); + if(ret<=0) { + Xorriso_process_msg_queues(xorriso,0); + sprintf(xorriso->info_text, +- "Alleged session start does not like ISO 9660."); ++ "Alleged session start does not look like ISO 9660."); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, errno, "FAILURE",0); + return(0); + } + } else { +- ret= isoburn_read_iso_head(drive, iso_lba, &isosize, head_buffer, 2); ++ ret= 0; ++ if(drive != NULL) ++ ret= isoburn_read_iso_head(drive, iso_lba, &isosize, head_buffer, 2); + if(ret<=0) { + Xorriso_process_msg_queues(xorriso,0); + sprintf(xorriso->info_text,
