Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Sep 15, 2016 at 4:20 PM, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote:
> On Thu, Sep 15, 2016 at 3:42 AM, Dan Horák <dan@xxxxxxxx> wrote:
>> On Wed, 14 Sep 2016 20:50:49 +0100
>> Richard Hughes <hughsient@xxxxxxxxx> wrote:
>>
>>> Can we get somebody to revert
>>> https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please.
>>> The update was built to fix CVE-2015-5203 which fixes a double free
>>> when opening corrupt JPEG-2000 files but in doing-so breaks quite a
>>> few apps in the desktop spin causing them to exit with an assert deep
>>> in libjasper.
>>>
>>> In the update the function jas_stream_memopen has been changed:
>>>
>>> -jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
>>> +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
>>>
>>> Unless I'm misunderstood things dramatically, size_t is basically
>>> *unsigned* long integer, but this function offers a feature where if
>>> the bufsize is -1 the buffer is realloc'd as needed. gdk-pixbuf2 uses
>>> this feature for JPEG-2000 files. However, as size_t represents only
>>> positive numbers, a conversion takes place to some very high number
>>> and the allocation fails.
>>
>> one more case for enabling libabigail tests in bodhi ...
>
> I agree.  This would have been caught by libabigail/abicheck as far as I know.

Yes, see my previous comment for more detail.

> Does anyone know what the blockers are for enabling it in production?

Right now abichecks already run in production on set of packages which are
listed in critpath[1] and can be viewed [2] or subscribed[3] to. For initial
phase, it has been kept as informational and no packages get blocked if
incompatible ABI changes found. There is already ticket [4] for
enabling abicheck
on all c/c++ package updates which I believe will be worked on soon.

[1] https://admin.fedoraproject.org/pkgdb/api/critpath
[2] https://taskotron.fedoraproject.org/resultsdb/results?testcase_name=dist.abicheck
[3] https://apps.fedoraproject.org/notifications/
[4] https://phab.qadevel.cloud.fedoraproject.org/T823
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux