Source: atftp Version: 0.8.0-4 Severity: important Tags: patch User: debian-gl...@lists.debian.org Usertags: glibc2.39
Dear maintainer, atftp autopkgtest fails to run when running against glibc 2.39 (currently in experimental): https://ci.debian.net/packages/a/atftp/unstable/amd64/47816426/ After investigation, it appears to be due to the "to" variable in tftpd_receive_request() to contain uninitialized values, as a consequence of removing the initialization in #613582. When using glibc 2.39, the values on the stack from which the "to" variable is allocated seems to have different values. The issue also seems to have been triggered by #1070683, and not reproducible with version 0.8.0-3. The following patch fixes the issue, but it might just be a workaround, and the real problem might be deeper: --- atftp-0.8.0.orig/tftpd.c +++ atftp-0.8.0/tftpd.c @@ -643,6 +643,9 @@ void *tftpd_receive_request(void *arg) socklen_t len = sizeof(to); char addr_str[SOCKADDR_PRINT_ADDR_LEN]; + + /* Do not rely on uninitialized data following the https://bugs.debian.org/613582 fix */ + memset(&to, 0, sizeof(to)); /* Detach ourself. That way the main thread does not have to * wait for us with pthread_join. */ Regards Aurelien
