On Thu, Oct 17, 2024 at 11:29:40AM +0200, Paul Gevers wrote: > Source: fuzzel > Version: 1.10.2-1 > Severity: serious > Control: close -1 1.11.1+ds-1 > Tags: sid trixie > User: release.debian....@packages.debian.org > Usertags: out-of-sync … > Migration status for fuzzel (1.10.2-1 to 1.11.1+ds-1): BLOCKED: Maybe > temporary, maybe blocked but Britney is missing information (check below) > Issues preventing migration: > ∙ ∙ missing build on mips64el > ∙ ∙ missing build on ppc64el > ∙ ∙ missing build on riscv64 > ∙ ∙ missing build on s390x
fuzzel 1.11.1 fails to build on some non-x86 archs, e.g., https://buildd.debian.org/status/fetch.php?pkg=fuzzel&arch=riscv64&ver=1.11.1%2Bds-1&stamp=1726441493&raw=0 Toolchain package versions: binutils_2.43.1-4 dpkg-dev_1.22.11 g++-14_14.2.0-3 gcc-14_14.2.0-3 libc6-dev_2.40-2 libstdc++-14-dev_14.2.0-3 libstdc++6_14.2.0-3 linux-libc-dev_6.10.9-1 [46/52] cc -Ifuzzel.p -I. -I.. -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/harfbuzz -I/usr/include/glib-2.0 -I/usr/lib/riscv64-linux-gnu/glib-2.0/include -I/usr/include/sysprof-6 -fdiagnostics-color=always -DNDEBUG -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=c18 -D_GNU_SOURCE -fno-asynchronous-unwind-tables -DMEMFD_CREATE -fmacro-prefix-map=../= -DFUZZEL_ENABLE_CAIRO=1 -DFUZZEL_ENABLE_PNG_LIBPNG=1 -DFUZZEL_ENABLE_SVG_NANOSVG=1 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -pthread -DUTF8PROC_EXPORTS -MD -MQ fuzzel.p/match.c.o -MF fuzzel.p/match.c.o.d -o fuzzel.p/match.c.o -c ../match.c FAILED: fuzzel.p/match.c.o cc -Ifuzzel.p -I. -I.. -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/harfbuzz -I/usr/include/glib-2.0 -I/usr/lib/riscv64-linux-gnu/glib-2.0/include -I/usr/include/sysprof-6 -fdiagnostics-color=always -DNDEBUG -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=c18 -D_GNU_SOURCE -fno-asynchronous-unwind-tables -DMEMFD_CREATE -fmacro-prefix-map=../= -DFUZZEL_ENABLE_CAIRO=1 -DFUZZEL_ENABLE_PNG_LIBPNG=1 -DFUZZEL_ENABLE_SVG_NANOSVG=1 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -pthread -DUTF8PROC_EXPORTS -MD -MQ fuzzel.p/match.c.o -MF fuzzel.p/match.c.o.d -o fuzzel.p/match.c.o -c ../match.c ../match.c: In function ‘matches_update_internal’: ../match.c:1487:21: error: pointer ‘tokens’ may be used after ‘reallocarray’ [-Werror=use-after-free] 1487 | free(tokens); | ^~~~~~~~~~~~ ../match.c:1478:37: note: call to ‘reallocarray’ here 1478 | char32_t **new_tokens = reallocarray( | ^~~~~~~~~~~~~ 1479 | tokens, tok_count, sizeof(tokens[0])); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../match.c:1491:21: error: pointer ‘tok_lengths’ may be used after ‘reallocarray’ [-Werror=use-after-free] 1491 | free(tok_lengths); | ^~~~~~~~~~~~~~~~~ ../match.c:1480:39: note: call to ‘reallocarray’ here 1480 | size_t *new_tok_lengths = reallocarray( | ^~~~~~~~~~~~~ 1481 | tok_lengths, tok_count, sizeof(tok_lengths[0])); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors 1478 char32_t **new_tokens = reallocarray( 1479 tokens, tok_count, sizeof(tokens[0])); 1480 size_t *new_tok_lengths = reallocarray( 1481 tok_lengths, tok_count, sizeof(tok_lengths[0])); 1482 1483 if (new_tokens == NULL || new_tok_lengths == NULL) { 1484 if (new_tokens != NULL) 1485 free(new_tokens); 1486 else 1487 free(tokens); 1488 if (new_tok_lengths != NULL) 1489 free(new_tok_lengths); 1490 else 1491 free(tok_lengths); 1492 free(copy); 1493 goto unlock_and_return; 1494 } >From reallocarray(3): > The realloc() and reallocarray() functions… If these functions fail, > the original block is left untouched; it is not freed or moved. free(new_tokens) is only called if new_tokens is NULL due to reallocarray() having failed; same for free(tok_lengths) and new_tok_lengths. The use-after-free errors are false positives. Peter
