Bug#980881: marked as done (courier unicode cone lib bugfix)

Thu, 27 Feb 2025 16:43:36 -0800 

Your message dated Thu, 27 Feb 2025 17:14:47 -0700
with message-id <7136212.18pcnM708K@soren-desktop>
and subject line courier unicode cone lib bugfix
has caused the Debian Bug report #980881,
regarding courier unicode cone lib bugfix
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
980881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: src:courier-unicode
Version: 2.1-3
Severity: important
Tags: buster
Usertags: cone

backport important bug agains cone in stable current release: Fix bug
triggered by cone. Parameters to memmove were reversed.  len is the
size of the buffer. len-pos-cnt characters were copied in error  to
position pos+cnt. As such this did not overflow. I.e. if len was 8
(eight chars), pos was 1 and cnt was 2, then 8-2-1=5 characters were
copied  to offset 3, right at the end of the buffer. This was just
plain wrong.

Origin: upstream,
https://github.com/svarshavchik/courier-libs/commit/b89f5f8dc09431bb345308b3a0ffd5f7d22cdfb2#diff-2fcf76a4c3c75b1fb5288d83d62dd114dc556d16fba206ab35d38bfe294a2857

--- courier-unicode-2.1.orig/unicodebuf.c
+++ courier-unicode-2.1/unicodebuf.c
@@ -89,7 +89,7 @@ void unicode_buf_remove(struct unicode_b
  cnt=p->len-pos;

  if (cnt)
- memmove(p->ptr+pos+cnt, p->ptr+pos, p->len-pos-cnt);
+ memmove(p->ptr+pos, p->ptr+pos+cnt, (p->len-pos-cnt) * sizeof(char32_t));
  p->len -= cnt;
 }

--- courier-unicode-2.1.orig/unicodetest.c
+++ courier-unicode-2.1/unicodetest.c
@@ -123,11 +123,30 @@ static void test2()
  exit(1);
 }

+void testunicodebuf()
+{
+ struct unicode_buf buf;
+
+ unicode_buf_init(&buf, -1);
+ unicode_buf_append_char(&buf, "01234567", 8);
+ unicode_buf_remove(&buf, 1, 6);
+
+ if (unicode_buf_len(&buf) != 2 ||
+     unicode_buf_ptr(&buf)[0] != '0' ||
+     unicode_buf_ptr(&buf)[1] != '7')
+ {
+ fprintf(stderr, "unicode_buf_remove failed\n");
+ exit(1);
+ }
+ unicode_buf_deinit(&buf);
+}
+
 int main(int argc, char **argv)
 {
  const char *chset=unicode_x_imap_modutf7;
  int argn=1;

+ testunicodebuf();
  if (argn < argc && strcmp(argv[argn], "--smap") == 0)
  {
  chset=unicode_x_imap_modutf7 " ./~:";


Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

--- End Message ---
--- Begin Message --- 
I am closing this bug as it is no longer possible to 
target fixes to bullseye.

-- 
Soren Stoutner
so...@debian.org

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---

Reply via email to