Your message dated Thu, 13 Jun 2019 19:18:47 +0000 with message-id <e1hbvfh-000dst...@fasolo.debian.org> and subject line Bug#930463: fixed in mednafen 1.22.1+dfsg-2 has caused the Debian Bug report #930463, regarding mednafen: potential unchecked memory access in the Lynx emulator to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mednafen Version: 0.9.41+dfsg-2+b1 Severity: serious Tags: patch security Justification: security Dear Maintainer, (Note for the security team: this has been published in the 1.22.2 upstream release. I’m not aware of any exploit for this issue. This is qualified as a potential security issue by upstream, hence the “serious” severity rather than grave. The patch applies to both the Stretch and Buster versions.) Upstream fixed a potential unchecked memory access in the Lynx emulator in the latest release of Mednafen; the attached patch fixes it. Regards, Stephen -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (100, 'unstable-debug'), (100, 'testing-debug'), (100, 'unstable'), (100, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-9-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mednafen depends on: ii libasound2 1.1.3-5 ii libc6 2.24-11+deb9u4 ii libgcc1 1:6.3.0-18+deb9u1 ii libjack-jackd2-0 [libjack-0.125] 1.9.10+20150825git1ed50c92~dfsg-5 ii libmpcdec6 2:0.1~r495-1+b1 ii libsdl1.2debian 1.2.15+dfsg1-4 ii libsndfile1 1.0.27-3 ii libstdc++6 6.3.0-18+deb9u1 ii libtrio2 1.16+dfsg1-3+b2 ii libvorbisidec1 1.0.2+svn18153-1+deb9u1 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages mednafen recommends: ii mednaffe 0.8.4-1+b1 mednafen suggests no packages. -- no debconf informationdiff -rupN 1.22.1/src/lynx/ram.h 1.22.2/src/lynx/ram.h --- 1.22.1/src/lynx/ram.h 2019-01-27 22:52:37.000000000 -0800 +++ 1.22.2/src/lynx/ram.h 2019-04-23 14:54:58.000000000 -0700 @@ -65,8 +65,8 @@ class CRam : public CLynxBase void Reset(void) MDFN_COLD; - void Poke(uint32 addr, uint8 data){ mRamData[addr]=data;}; - uint8 Peek(uint32 addr){ return(mRamData[addr]);}; + void Poke(uint32 addr, uint8 data){ mRamData[(uint16)addr]=data;}; + uint8 Peek(uint32 addr){ return(mRamData[(uint16)addr]);}; uint32 ReadCycle(void) {return 5;}; uint32 WriteCycle(void) {return 5;}; uint32 ObjectSize(void) {return RAM_SIZE;}; diff -rupN 1.22.1/src/lynx/susie.cpp 1.22.2/src/lynx/susie.cpp --- 1.22.1/src/lynx/susie.cpp 2019-01-27 22:52:37.000000000 -0800 +++ 1.22.2/src/lynx/susie.cpp 2019-04-23 14:54:58.000000000 -0700 @@ -58,13 +58,9 @@ // wa can access this directly without the hassle of // going through the system object, much faster // -//#define RAM_PEEK(m) (mSystem.Peek_RAM((m))) -//#define RAM_POKE(m1,m2) (mSystem.Poke_RAM((m1),(m2))) -//#define RAM_PEEKW(m) (mSystem.PeekW_RAM((m))) - -#define RAM_PEEK(m) (mRamPointer[(m)]) -#define RAM_PEEKW(m) (mRamPointer[(m)]+(mRamPointer[(m)+1]<<8)) -#define RAM_POKE(m1,m2) {mRamPointer[(m1)]=(m2);} +#define RAM_PEEK(m) (mRamPointer[(uint16)(m)]) +#define RAM_PEEKW(m) (mRamPointer[(uint16)(m)]+(mRamPointer[(uint16)((m)+1)]<<8)) +#define RAM_POKE(m1,m2) {mRamPointer[(uint16)(m1)]=(m2);} uint32 cycles_used=0; @@ -838,7 +834,7 @@ uint32 CSusie::PaintSprites(void) INLINE void CSusie::WritePixel(uint32 hoff,uint32 pixel) { - uint32 scr_addr=mLineBaseAddress+(hoff/2); + const uint16 scr_addr=mLineBaseAddress+(hoff/2); uint8 dest=RAM_PEEK(scr_addr); if(!(hoff&0x01)) @@ -861,7 +857,7 @@ INLINE void CSusie::WritePixel(uint32 ho INLINE uint32 CSusie::ReadPixel(uint32 hoff) { - uint32 scr_addr=mLineBaseAddress+(hoff/2); + const uint16 scr_addr=mLineBaseAddress+(hoff/2); uint32 data=RAM_PEEK(scr_addr); if(!(hoff&0x01)) @@ -883,7 +879,7 @@ INLINE uint32 CSusie::ReadPixel(uint32 h INLINE void CSusie::WriteCollision(uint32 hoff,uint32 pixel) { - uint32 col_addr=mLineCollisionAddress+(hoff/2); + const uint16 col_addr=mLineCollisionAddress+(hoff/2); uint8 dest=RAM_PEEK(col_addr); if(!(hoff&0x01)) @@ -906,7 +902,7 @@ INLINE void CSusie::WriteCollision(uint3 INLINE uint32 CSusie::ReadCollision(uint32 hoff) { - uint32 col_addr=mLineCollisionAddress+(hoff/2); + const uint16 col_addr=mLineCollisionAddress+(hoff/2); uint32 data=RAM_PEEK(col_addr); if(!(hoff&0x01)) diff -rupN 1.22.1/src/lynx/sysbase.h 1.22.2/src/lynx/sysbase.h --- 1.22.1/src/lynx/sysbase.h 2019-01-27 22:52:37.000000000 -0800 +++ 1.22.2/src/lynx/sysbase.h 2019-04-23 14:54:58.000000000 -0700 @@ -61,11 +61,6 @@ class CSystemBase virtual void PokeW_CPU(uint32 addr,uint16 data)=0; virtual uint16 PeekW_CPU(uint32 addr)=0; - virtual void Poke_RAM(uint32 addr,uint8 data)=0; - virtual uint8 Peek_RAM(uint32 addr)=0; - virtual void PokeW_RAM(uint32 addr,uint16 data)=0; - virtual uint16 PeekW_RAM(uint32 addr)=0; - virtual uint8* GetRamPointer(void)=0; }; diff -rupN 1.22.1/src/lynx/system.h 1.22.2/src/lynx/system.h --- 1.22.1/src/lynx/system.h 2019-01-27 22:52:37.000000000 -0800 +++ 1.22.2/src/lynx/system.h 2019-04-23 14:54:58.000000000 -0700 @@ -158,14 +158,6 @@ class CSystem : public CSystemBase inline void PokeW_CPU(uint32 addr,uint16 data) { mMemoryHandlers[addr]->Poke(addr,data&0xff);addr++;mMemoryHandlers[addr]->Poke(addr,data>>8);}; inline uint16 PeekW_CPU(uint32 addr) {return ((mMemoryHandlers[addr]->Peek(addr))+(mMemoryHandlers[addr]->Peek(addr+1)<<8));}; - // - // RAM - // - inline void Poke_RAM(uint32 addr, uint8 data) { mRam->Poke(addr,data);}; - inline uint8 Peek_RAM(uint32 addr) { return mRam->Peek(addr);}; - inline void PokeW_RAM(uint32 addr,uint16 data) { mRam->Poke(addr,data&0xff);addr++;mRam->Poke(addr,data>>8);}; - inline uint16 PeekW_RAM(uint32 addr) {return ((mRam->Peek(addr))+(mRam->Peek(addr+1)<<8));}; - // High level cart access for debug etc inline void Poke_CART(uint32 addr, uint8 data) {mCart->Poke(addr,data);};
--- End Message ---
--- Begin Message ---Source: mednafen Source-Version: 1.22.1+dfsg-2 We believe that the bug you reported is fixed in the latest version of mednafen, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 930...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Kitt <sk...@debian.org> (supplier of updated mednafen package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2019 21:06:02 +0200 Source: mednafen Binary: mednafen Architecture: source Version: 1.22.1+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org> Changed-By: Stephen Kitt <sk...@debian.org> Description: mednafen - multi-platform emulator, including NES, GB/A, Lynx, PC Engine Closes: 930463 930464 Changes: mednafen (1.22.1+dfsg-2) unstable; urgency=medium . * Apply upstream patch to fix unchecked memory accesses in the Lynx emulator. Closes: #930463. * Apply upstream patch to fix a regression in the PlayStation emulator, which rendered games such as SimCity 2000 and Rise 2 unplayable. Closes: #930464. Checksums-Sha1: 6f50753b4140d8696c4c4fe1a297a800d72f87b4 2212 mednafen_1.22.1+dfsg-2.dsc 6fc9bea2f0f3e91e0e1afbf92d91f258b00d2e24 13724 mednafen_1.22.1+dfsg-2.debian.tar.xz 427c42f98450331fe473a2e65311e4c32c5d8b85 12060 mednafen_1.22.1+dfsg-2_source.buildinfo Checksums-Sha256: 0a0476bb8f4132d36726763662b5e479bf61ad068bee51192f410605c5327d87 2212 mednafen_1.22.1+dfsg-2.dsc 255602a9dcf0fe1115c8de8502aa654d5f926310cffda77b6abcbdc3500a31d3 13724 mednafen_1.22.1+dfsg-2.debian.tar.xz 96d505e1522221660ecedc5abd58f3659f64ec2d8292b845f5cf39c70e5d8420 12060 mednafen_1.22.1+dfsg-2_source.buildinfo Files: 7211aec3a84839ad4c5804c58ca07c86 2212 games optional mednafen_1.22.1+dfsg-2.dsc 8ac15d10b716192b8d3a072b5109f9e6 13724 games optional mednafen_1.22.1+dfsg-2.debian.tar.xz a5355e4bcea307f0fc476d5f8f91f76a 12060 games optional mednafen_1.22.1+dfsg-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAl0CnqwACgkQgNMC9Yht g5yDIA//b4tjVW2nC0xILN7rsNdCoSj2AO1n6vvHsjfJTM2RQm0qibjoB9tznZQU QdgW39hQS4kcA22oo4iSndf70zUjDcXIh93e1BWU5/yeG8/F4FS/SPXQyLpaeVVL cuMtZ7RsXt1KO7/eu2HVVpYnhxfjrHhGea7pmc4hapxwtTDszLwaP4D2e99nPt8f hlZw1s7kK0vzmRodNtSje1i7fIi6ytQGBURGHm5aWAbxKQlz4TFb4IBbTbNwKIae usxu//xYGagZKGVbewFABu8tXfISTp3JqxY+KGlMnV0j8P7rUXaErCtHc2OC6kAz N3HorHcfpn9M7Vi0LuwI6FVsl/ub1D8VUHZdlzb0lOtBMX1cT7gioRZzBXIROidm MEYtIlRImukPZjjn2tNQBz/bAFkGDB31HXMTP0ZuBzX3BuvcFWaZYUQfeDvdQrYC mWlYKWibkiwJ9jO6Aik1pSJY/O6ftEeR9maSFsdHksPmcn3N3z7eXDbZHLXUiO2V Pqwg07uS6yStaFnMUOJodJVeYvKfNkbd+lrrwb+kWTTjYOUhP8pRqE9ZnhG4l8yQ ncHkANfQ+hstipEn7Ea69/yUuW6/Hc2KeSzEiJYA4D0DU3610MWRA2T4Nu39R0XP 1WkPXGM5M6wPY1xY8YWuws1l0Arnz0xYErDMT0RmBINGENsKkKU= =J1Qx -----END PGP SIGNATURE-----
--- End Message ---
