Bug#925936: release.debian.org: Would v4l-utils 1.16.5 match unblocking criteria?

Sun, 14 Apr 2019 05:45:35 -0700 

Control: tags -1 - moreinfo

Hello,
A new patch turned up and I decided to only cherry-pick the three most important patches from the stable-1.16 tree. 

Debdiff is attached.

If you agree on the changes I will upload via unstable.

Thanks,
Gregor

diff -Nru v4l-utils-1.16.3/debian/changelog v4l-utils-1.16.3/debian/changelog
--- v4l-utils-1.16.3/debian/changelog   2018-12-15 19:34:33.000000000 +0100
+++ v4l-utils-1.16.3/debian/changelog   2019-04-14 14:30:26.000000000 +0200
@@ -1,3 +1,9 @@
+v4l-utils (1.16.3-2) unstable; urgency=medium
+
+  * Fix double-free and uninitailized memory issue. LP: #1819650
+
+ -- Gregor Jasny <gja...@googlemail.com>  Sun, 14 Apr 2019 14:30:26 +0200
+
 v4l-utils (1.16.3-1) unstable; urgency=medium
 
   * Imported Upstream version 1.16.3
diff -Nru v4l-utils-1.16.3/debian/gbp.conf v4l-utils-1.16.3/debian/gbp.conf
--- v4l-utils-1.16.3/debian/gbp.conf    2018-10-06 13:53:55.000000000 +0200
+++ v4l-utils-1.16.3/debian/gbp.conf    2019-04-14 14:23:39.000000000 +0200
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch = upstream
-debian-branch = master
+debian-branch = buster
 upstream-tag = upstream/%(version)s
 debian-tag = debian/%(version)s
 pristine-tar = True
diff -Nru 
v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
 
v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
--- 
v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
     1970-01-01 01:00:00.000000000 +0100
+++ 
v4l-utils-1.16.3/debian/patches/0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
     2019-04-14 14:28:27.000000000 +0200
@@ -0,0 +1,50 @@
+Subject: dvbv5-tools: be sure to zero struct arguments
+Author: Mauro Carvalho Chehab <mchehab+sams...@kernel.org>
+Origin: upstream, 
https://git.linuxtv.org/v4l-utils.git/commit/?h=stable-1.16&id=faef148b1b67bd17f8aaaa79fd71746532c86e90
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1819650
+
+From 23e5056b0487acdaa56e5569952b5a8f344cf49b Mon Sep 17 00:00:00 2001
+Date: Thu, 14 Mar 2019 19:23:38 -0300
+
+Let's not let the arguments struct with some random value.
+
+Signed-off-by: Mauro Carvalho Chehab <mchehab+sams...@kernel.org>
+---
+ utils/dvb/dvb-format-convert.c | 2 +-
+ utils/dvb/dvbv5-scan.c         | 2 +-
+ utils/dvb/dvbv5-zap.c          | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/utils/dvb/dvb-format-convert.c
++++ b/utils/dvb/dvb-format-convert.c
+@@ -123,7 +123,7 @@
+ 
+ int main(int argc, char **argv)
+ {
+-      struct arguments args;
++      struct arguments args = {};
+       int idx = -1, missing = 0;
+       const struct argp argp = {
+               .options = options,
+--- a/utils/dvb/dvbv5-scan.c
++++ b/utils/dvb/dvbv5-scan.c
+@@ -450,7 +450,7 @@
+ 
+ int main(int argc, char **argv)
+ {
+-      struct arguments args;
++      struct arguments args = {};
+       int err, lnb = -1,idx = -1;
+       struct dvb_device *dvb;
+       struct dvb_dev_list *dvb_dev;
+--- a/utils/dvb/dvbv5-zap.c
++++ b/utils/dvb/dvbv5-zap.c
+@@ -1018,7 +1018,7 @@
+ 
+ int main(int argc, char **argv)
+ {
+-      struct arguments args;
++      struct arguments args = {};
+       char *homedir = getenv("HOME");
+       char *channel = NULL;
+       int lnb = -1, idx = -1;
diff -Nru 
v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
 
v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
--- 
v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
      1970-01-01 01:00:00.000000000 +0100
+++ 
v4l-utils-1.16.3/debian/patches/0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
      2019-04-14 14:28:25.000000000 +0200
@@ -0,0 +1,93 @@
+Subject: libdvbv5: leaks and double free in dvb_fe_open_fname()
+Author: Sean Young <s...@mess.org>
+Origin: upstream, 
https://git.linuxtv.org/v4l-utils.git/commit/?h=stable-1.16&id=c82608ca1595427c2bdbd4abb9aca9163e1df60a
+Bug-Ubuntu: https://bugs.launchpad.net/raspbian/+bug/1819650
+
+dvb_fe_open_fname() takes ownership of fname if the function succeeds, but
+also in two of the error paths (e.g. if the ioctl FE_GET_PROPERTY fails).
+
+Adjust dvb_fe_open_fname() so it copies fname rather than taking ownership
+(and passing that to params). This makes the code cleaner.
+
+Signed-off-by: Sean Young <s...@mess.org>
+---
+ lib/libdvbv5/dvb-dev-local.c |  2 +-
+ lib/libdvbv5/dvb-fe.c        | 18 ++++++++----------
+ 2 files changed, 9 insertions(+), 11 deletions(-)
+
+--- a/lib/libdvbv5/dvb-dev-local.c
++++ b/lib/libdvbv5/dvb-dev-local.c
+@@ -467,7 +467,7 @@
+                       flags &= ~O_NONBLOCK;
+               }
+ 
+-              ret = dvb_fe_open_fname(parms, strdup(dev->path), flags);
++              ret = dvb_fe_open_fname(parms, dev->path, flags);
+               if (ret) {
+                       free(open_dev);
+                       return NULL;
+--- a/lib/libdvbv5/dvb-fe.c
++++ b/lib/libdvbv5/dvb-fe.c
+@@ -133,7 +133,6 @@
+                                         int flags)
+ {
+       int ret;
+-      char *fname;
+       struct dvb_device *dvb;
+       struct dvb_dev_list *dvb_dev;
+       struct dvb_v5_fe_parms_priv *parms = NULL;
+@@ -153,7 +152,6 @@
+               dvb_dev_free(dvb);
+               return NULL;
+       }
+-      fname = strdup(dvb_dev->path);
+ 
+       if (!strcmp(dvb_dev->bus_addr, "platform:dvbloopback")) {
+               logfunc(LOG_WARNING, _("Detected dvbloopback"));
+@@ -161,14 +159,10 @@
+       }
+ 
+       dvb_dev_free(dvb);
+-      if (!fname) {
+-              logfunc(LOG_ERR, _("fname calloc: %s"), strerror(errno));
+-              return NULL;
+-      }
++
+       parms = calloc(sizeof(*parms), 1);
+       if (!parms) {
+               logfunc(LOG_ERR, _("parms calloc: %s"), strerror(errno));
+-              free(fname);
+               return NULL;
+       }
+       parms->p.verbose = verbose;
+@@ -183,7 +177,7 @@
+       if (use_legacy_call)
+               parms->p.legacy_fe = 1;
+ 
+-      ret = dvb_fe_open_fname(parms, fname, flags);
++      ret = dvb_fe_open_fname(parms, dvb_dev->path, flags);
+       if (ret < 0) {
+               free(parms);
+               return NULL;
+@@ -203,7 +197,6 @@
+       fd = open(fname, flags, 0);
+       if (fd == -1) {
+               dvb_logerr(_("%s while opening %s"), strerror(errno), fname);
+-              free(fname);
+               return -errno;
+       }
+ 
+@@ -226,7 +219,12 @@
+               }
+       }
+ 
+-      parms->fname = fname;
++      parms->fname = strdup(fname);
++      if (!parms->fname) {
++              dvb_logerr(_("fname calloc: %s"), strerror(errno));
++              return -errno;
++      }
++
+       parms->fd = fd;
+       parms->fe_flags = flags;
+       parms->dvb_prop[0].cmd = DTV_API_VERSION;
diff -Nru 
v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch
 
v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch
--- 
v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch
    1970-01-01 01:00:00.000000000 +0100
+++ 
v4l-utils-1.16.3/debian/patches/0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch
    2019-04-14 14:28:20.000000000 +0200
@@ -0,0 +1,59 @@
+Subject: libdvbv5: fix double free in dvb_fe_open_fname
+Author: Andre Roth <neol...@gmail.com>
+Origin: upstream, 
https://git.linuxtv.org/v4l-utils.git/commit/?h=stable-1.16&id=78057aaa784a922b4ac6af9f323b828f7a834581
+Bug-Ubuntu: https://bugs.launchpad.net/raspbian/+bug/1819650
+
+Since parms and fname is allocated outside of the function, do not free it.
+Use dvb_v5_free for freeing parms, it will free fname if required.
+
+Signed-off-by: Andre Roth <neol...@gmail.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+sams...@kernel.org>
+---
+ lib/libdvbv5/dvb-fe.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/lib/libdvbv5/dvb-fe.c
++++ b/lib/libdvbv5/dvb-fe.c
+@@ -179,7 +179,7 @@
+ 
+       ret = dvb_fe_open_fname(parms, dvb_dev->path, flags);
+       if (ret < 0) {
+-              free(parms);
++              dvb_v5_free(parms);
+               return NULL;
+       }
+ 
+@@ -202,9 +202,7 @@
+ 
+       if (xioctl(fd, FE_GET_INFO, &parms->p.info) == -1) {
+               dvb_perror("FE_GET_INFO");
+-              dvb_v5_free(parms);
+               close(fd);
+-              free(fname);
+               return -errno;
+       }
+ 
+@@ -291,7 +289,6 @@
+               }
+               if (!parms->p.num_systems) {
+                       dvb_logerr(_("delivery system not detected"));
+-                      dvb_v5_free(parms);
+                       close(fd);
+                       return -EINVAL;
+               }
+@@ -302,7 +299,6 @@
+               dtv_prop.props = parms->dvb_prop;
+               if (xioctl(fd, FE_GET_PROPERTY, &dtv_prop) == -1) {
+                       dvb_perror("FE_GET_PROPERTY");
+-                      dvb_v5_free(parms);
+                       close(fd);
+                       return -errno;
+               }
+@@ -312,7 +308,6 @@
+ 
+               if (parms->p.num_systems == 0) {
+                       dvb_logerr(_("driver returned 0 supported delivery 
systems!"));
+-                      dvb_v5_free(parms);
+                       close(fd);
+                       return -EINVAL;
+               }
diff -Nru v4l-utils-1.16.3/debian/patches/series 
v4l-utils-1.16.3/debian/patches/series
--- v4l-utils-1.16.3/debian/patches/series      2018-12-15 19:34:33.000000000 
+0100
+++ v4l-utils-1.16.3/debian/patches/series      2019-04-14 14:24:59.000000000 
+0200
@@ -1 +1,4 @@
 dont-gererate-treeview.diff
+0003-dvbv5-tools-be-sure-to-zero-struct-arguments.patch
+0005-libdvbv5-leaks-and-double-free-in-dvb_fe_open_fname.patch
+0008-libdvbv5-fix-double-free-in-dvb_fe_open_fname.patch

Reply via email to