Your message dated Fri, 11 Jul 2025 20:55:17 +0000
with message-id <e1uakm5-00ftuw...@respighi.debian.org>
and subject line unblock htop
has caused the Debian Bug report #1109094,
regarding unblock: htop/3.4.1-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1109094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109094
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: h...@packages.debian.org
Control: affects -1 + src:htop
Please unblock package htop
I have backported a fix against a segfault happening in parsing the
Command line of processes from upstream commit
https://github.com/htop-dev/htop/commit/d2617e25081a1573081f165c9baae28f87970639
.
[ Reason ]
User triggerable segfault
[ Impact ]
htop can segfault when parameters of viewed process lines start with a blank
[ Tests ]
none
[ Risks ]
none, very small targeted fix
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock htop/3.4.1-5
# debdiff htop_3.4.1-4.dsc htop_3.4.1-5.dsc
diff -Nru htop-3.4.1/debian/changelog htop-3.4.1/debian/changelog
--- htop-3.4.1/debian/changelog 2025-04-25 22:56:00.000000000 +0200
+++ htop-3.4.1/debian/changelog 2025-07-11 10:48:00.000000000 +0200
@@ -1,3 +1,9 @@
+htop (3.4.1-5) unstable; urgency=medium
+
+ * Fix stack buffer overflow in CommandScreen
+
+ -- Daniel Lange <dla...@debian.org> Fri, 11 Jul 2025 10:48:00 +0200
+
htop (3.4.1-4) unstable; urgency=medium
* Fix temperature reading on older Intel CPUs
diff -Nru htop-3.4.1/debian/patches/003-fix-stack-buffer-overflow.patch
htop-3.4.1/debian/patches/003-fix-stack-buffer-overflow.patch
--- htop-3.4.1/debian/patches/003-fix-stack-buffer-overflow.patch
1970-01-01 01:00:00.000000000 +0100
+++ htop-3.4.1/debian/patches/003-fix-stack-buffer-overflow.patch
2025-07-11 10:46:04.000000000 +0200
@@ -0,0 +1,36 @@
+From d2617e25081a1573081f165c9baae28f87970639 Mon Sep 17 00:00:00 2001
+From: Benny Baumann <be...@geshi.org>
+Date: Fri, 11 Jul 2025 01:13:13 +0200
+Subject: [PATCH] Avoid stack buffer overflow in CommandScreen
+
+This can be triggered by leading whitespace in the arguments of a process.
+
+Fixes: #1737
+
+Co-authored-by: Enzo Saracen <enzosara...@gmail.com>
+---
+ CommandScreen.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/CommandScreen.c b/CommandScreen.c
+index 465e4c2f1..1a3bf80d3 100644
+--- a/CommandScreen.c
++++ b/CommandScreen.c
+@@ -26,7 +26,7 @@ static void CommandScreen_scan(InfoScreen* this) {
+
+ const char* p = Process_getCommand(this->process);
+ char line[COLS + 1];
+- int line_offset = 0, last_spc = -1, len;
++ int line_offset = 0, last_spc = -1;
+ for (; *p != '\0'; p++, line_offset++) {
+ assert(line_offset >= 0 && (size_t)line_offset < sizeof(line));
+ line[line_offset] = *p;
+@@ -35,7 +35,7 @@ static void CommandScreen_scan(InfoScreen* this) {
+ }
+
+ if (line_offset == COLS) {
+- len = (last_spc == -1) ? line_offset : last_spc;
++ int len = last_spc <= 0 ? line_offset : last_spc;
+ line[len] = '\0';
+ InfoScreen_addLine(this, line);
+
diff -Nru htop-3.4.1/debian/patches/series htop-3.4.1/debian/patches/series
--- htop-3.4.1/debian/patches/series 2025-04-25 22:55:18.000000000 +0200
+++ htop-3.4.1/debian/patches/series 2025-07-11 10:47:16.000000000 +0200
@@ -1,2 +1,3 @@
001-fix-follow-scroll.patch
002-fix-temp-reading-on-older-Intel-CPUs.patch
+003-fix-stack-buffer-overflow.patch
--- End Message ---
--- Begin Message ---
Unblocked htop.
--- End Message ---
