On Thu, Sep 15, 2016 at 1:12 PM, Dan Horák <dan@xxxxxxxx> wrote: > On Wed, 14 Sep 2016 20:50:49 +0100 > Richard Hughes <hughsient@xxxxxxxxx> wrote: > >> Can we get somebody to revert >> https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. >> The update was built to fix CVE-2015-5203 which fixes a double free >> when opening corrupt JPEG-2000 files but in doing-so breaks quite a >> few apps in the desktop spin causing them to exit with an assert deep >> in libjasper. >> >> In the update the function jas_stream_memopen has been changed: >> >> -jas_stream_t *jas_stream_memopen(char *buf, int bufsize); >> +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize); >> >> Unless I'm misunderstood things dramatically, size_t is basically >> *unsigned* long integer, but this function offers a feature where if >> the bufsize is -1 the buffer is realloc'd as needed. gdk-pixbuf2 uses >> this feature for JPEG-2000 files. However, as size_t represents only >> positive numbers, a conversion takes place to some very high number >> and the allocation fails. > > one more case for enabling libabigail tests in bodhi ... Indeed, I can clearly see that there are incompatible ABI changes [1] with this update on running libabigail tool. Right now, abichecks run [2] only on sub-set of packages but testers and developers can use libabigail tools [3] locally to see possible ABI changes which may occur with the package update. After reviewing ABI changes, action can be taken accordingly. [1] https://paste.fedoraproject.org/428310/ [2] https://taskotron.fedoraproject.org/resultsdb/results?testcase_name=dist.abicheck [3] https://sourceware.org/libabigail/manual/libabigail-tools.html#tools-manuals -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
