Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
Hi,
I'd like to patch a use-after-free bug in newsboat. It was reported in debian
in #898559[1] and fixed upstream[2]. While I haven't been able to reproduce a
crash with it it's clear that it's there and I have received feedback that it
indeed fixes the linked issue.
Debdiff attached
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898559
[2] https://github.com/newsboat/newsboat/pull/603
diff -Nru newsboat-2.13/debian/changelog newsboat-2.13/debian/changelog
--- newsboat-2.13/debian/changelog 2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/changelog 2019-08-17 21:10:38.000000000 +0300
@@ -1,3 +1,10 @@
+newsboat (2.13-1+deb10u1) buster; urgency=medium
+
+ [ Nikos Tsipinakis ]
+ * Patch use after free in itemlist (Closes: #898559)
+
+ -- Nikos Tsipinakis <ni...@tsipinakis.com> Sat, 17 Aug 2019 21:10:38 +0300
+
newsboat (2.13-1) unstable; urgency=medium
* New upstream release
diff -Nru newsboat-2.13/debian/patches/02-fix-use-after-free.patch
newsboat-2.13/debian/patches/02-fix-use-after-free.patch
--- newsboat-2.13/debian/patches/02-fix-use-after-free.patch 1970-01-01
02:00:00.000000000 +0200
+++ newsboat-2.13/debian/patches/02-fix-use-after-free.patch 2019-08-17
21:10:22.000000000 +0300
@@ -0,0 +1,33 @@
+From a44a72ffa5c66a1de21476d23a8523001eecfc23 Mon Sep 17 00:00:00 2001
+From: Juho Pohjala <juho.pohj...@gmail.com>
+Date: Tue, 13 Aug 2019 16:10:16 +0300
+Subject: [PATCH] Crash when opening a url (#189)
+
+Caused by heap-use-after-free in ItemListFormAction::prepare().
+
+The complete invalidation mode repopulates the listfmt vector, thus it's
+not enough to clear the invalidated_itempos only in case of partial
+invalidation mode. The fix is to clear the invalidated_itempos vector
+also in case of complete invalidation mode.
+---
+ src/itemlistformaction.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/itemlist_formaction.cpp
++++ b/src/itemlist_formaction.cpp
+@@ -930,7 +930,6 @@
+ datetime_format);
+ listfmt.set_line(itempos, line, item.second);
+ }
+- invalidated_itempos.clear();
+ } else {
+ LOG(level::ERROR,
+ "invalidation_mode is neither COMPLETE nor "
+@@ -942,6 +941,7 @@
+ listfmt.format_list(rxman, "articlelist"));
+ }
+
++ invalidated_itempos.clear();
+ invalidated = false;
+
+ set_head(feed->title(),
diff -Nru newsboat-2.13/debian/patches/series
newsboat-2.13/debian/patches/series
--- newsboat-2.13/debian/patches/series 2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/patches/series 2019-08-17 21:10:22.000000000 +0300
@@ -1 +1,2 @@
01-use-policy-compliant-perl-hashbang.patch
+02-fix-use-after-free.patch
