Debian Bug report logs - #594185
exuberant-ctags: invalid paths in tags file

version graph

Package: exuberant-ctags; Maintainer for exuberant-ctags is Colin Watson <cjwatson@debian.org>; Source for exuberant-ctags is src:exuberant-ctags.

Reported by: Nikolay Mitev <face@hmel.org>

Date: Tue, 24 Aug 2010 12:30:01 UTC

Severity: important

Tags: sid, squeeze, upstream, wheezy

Found in version exuberant-ctags/1:5.8-3

Fixed in versions exuberant-ctags/1:5.8-4, exuberant-ctags/1:5.8-3squeeze1

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, face@hmel.org, Colin Watson <cjwatson@debian.org>:
Bug#594185; Package exuberant-ctags. (Tue, 24 Aug 2010 12:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nikolay Mitev <face@hmel.org>:
New Bug report received and forwarded. Copy sent to face@hmel.org, Colin Watson <cjwatson@debian.org>. (Tue, 24 Aug 2010 12:30:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nikolay Mitev <face@hmel.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exuberant-ctags: invalid paths in tags file
Date: Tue, 24 Aug 2010 15:24:03 -0400
Package: exuberant-ctags
Version: 1:5.8-3
Severity: important
Tags: squeeze sid upstream

strcpy called with overlapping strings which causes wrong paths to be present
in the tags file, rendering it unusable. This bug is filed upstream at
http://sourceforge.net/tracker/?func=detail&aid=3033717&group_id=6556&atid=106556
and has a patch. It manifests itself when the filenames to parse have embedded
"/./" or "/../../" in them.



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exuberant-ctags depends on:
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib

exuberant-ctags recommends no packages.

Versions of packages exuberant-ctags suggests:
ii  emacs23 [ema 23.1+1-5                    The GNU Emacs editor (with GTK+ us
ii  vim          2:7.2.445+hg~cb94c42c0e1a-1 Vi IMproved - enhanced vi editor




Added tag(s) wheezy. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Wed, 16 Feb 2011 19:04:35 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#594185; Package exuberant-ctags. (Thu, 17 Feb 2011 14:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. (Thu, 17 Feb 2011 14:15:03 GMT) Full text and rfc822 format available.

Message #12 received at 594185@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: debian-release@lists.debian.org
Cc: 594185@bugs.debian.org
Subject: exuberant-ctags #594185 -> squeeze?
Date: Thu, 17 Feb 2011 14:12:05 +0000
Hi,

A friend reminded me about #594185, which I'd overlooked.  I can't get
it to break on i386, but apparently it renders the package "completely
broken" on amd64.  I've uploaded a fix to unstable, and I'd like to
upload this patch to stable - would that be OK?

diff -Nru exuberant-ctags-5.8/debian/changelog exuberant-ctags-5.8/debian/changelog
--- exuberant-ctags-5.8/debian/changelog	2010-07-12 10:12:15.000000000 +0100
+++ exuberant-ctags-5.8/debian/changelog	2011-02-17 14:09:38.000000000 +0000
@@ -1,3 +1,10 @@
+exuberant-ctags (1:5.8-3squeeze1) stable; urgency=low
+
+  * Apply patch from Ben Spencer to use memmove rather than strcpy on
+    overlapping strings (closes: #594185).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 17 Feb 2011 14:09:34 +0000
+
 exuberant-ctags (1:5.8-3) unstable; urgency=low
 
   * Compile with -D_FILE_OFFSET_BITS=64 in order to support 64-bit inode
diff -Nru exuberant-ctags-5.8/debian/patches/memmove.patch exuberant-ctags-5.8/debian/patches/memmove.patch
--- exuberant-ctags-5.8/debian/patches/memmove.patch	1970-01-01 01:00:00.000000000 +0100
+++ exuberant-ctags-5.8/debian/patches/memmove.patch	2011-02-17 14:08:58.000000000 +0000
@@ -0,0 +1,28 @@
+Description: Use memmove on overlapping strings
+ strcpy is not guaranteed to work on overlapping strings, and this can lead
+ to broken paths appearing in tag files.  Use memmove instead.
+Author: Ben Spencer
+Origin: other, http://sourceforge.net/tracker/?func=detail&aid=3034816&group_id=6556&atid=306556
+Forwarded: yes
+Last-Update: 2011-02-17
+
+Index: b/routines.c
+===================================================================
+--- a/routines.c
++++ b/routines.c
+@@ -757,13 +757,13 @@
+ 				else if (cp [0] != PATH_SEPARATOR)
+ 					cp = slashp;
+ #endif
+-				strcpy (cp, slashp + 3);
++				memmove (cp, slashp + 3, strlen(slashp + 3) + 1);
+ 				slashp = cp;
+ 				continue;
+ 			}
+ 			else if (slashp [2] == PATH_SEPARATOR  ||  slashp [2] == '\0')
+ 			{
+-				strcpy (slashp, slashp + 2);
++				memmove (slashp, slashp + 2, strlen(slashp + 2) + 1);
+ 				continue;
+ 			}
+ 		}
diff -Nru exuberant-ctags-5.8/debian/patches/series exuberant-ctags-5.8/debian/patches/series
--- exuberant-ctags-5.8/debian/patches/series	2010-02-26 23:09:37.000000000 +0000
+++ exuberant-ctags-5.8/debian/patches/series	2011-02-17 14:08:58.000000000 +0000
@@ -1,2 +1,3 @@
 make-match-loop.patch
 php-ignore-keywords-in-comments.patch
+memmove.patch

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]




Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Thu, 17 Feb 2011 14:54:12 GMT) Full text and rfc822 format available.

Notification sent to Nikolay Mitev <face@hmel.org>:
Bug acknowledged by developer. (Thu, 17 Feb 2011 14:54:12 GMT) Full text and rfc822 format available.

Message #17 received at 594185-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 594185-close@bugs.debian.org
Subject: Bug#594185: fixed in exuberant-ctags 1:5.8-4
Date: Thu, 17 Feb 2011 14:49:56 +0000
Source: exuberant-ctags
Source-Version: 1:5.8-4

We believe that the bug you reported is fixed in the latest version of
exuberant-ctags, which is due to be installed in the Debian FTP archive:

exuberant-ctags_5.8-4.debian.tar.gz
  to main/e/exuberant-ctags/exuberant-ctags_5.8-4.debian.tar.gz
exuberant-ctags_5.8-4.dsc
  to main/e/exuberant-ctags/exuberant-ctags_5.8-4.dsc
exuberant-ctags_5.8-4_i386.deb
  to main/e/exuberant-ctags/exuberant-ctags_5.8-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594185@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated exuberant-ctags package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Feb 2011 13:47:11 +0000
Source: exuberant-ctags
Binary: exuberant-ctags
Architecture: source i386
Version: 1:5.8-4
Distribution: unstable
Urgency: low
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 exuberant-ctags - build tag file indexes of source code definitions
Closes: 594185
Changes: 
 exuberant-ctags (1:5.8-4) unstable; urgency=low
 .
   * Apply patch from Ben Spencer to use memmove rather than strcpy on
     overlapping strings (closes: #594185).
Checksums-Sha1: 
 05197226853727fbe490f345aaa5cfec20f5d1e5 1722 exuberant-ctags_5.8-4.dsc
 605e7365014a867e65740c7ad5656010f46c4b35 6853 exuberant-ctags_5.8-4.debian.tar.gz
 2269419240e36637e86f57feb6ccad499d36888c 132102 exuberant-ctags_5.8-4_i386.deb
Checksums-Sha256: 
 7f53089a63165142a1cd31c5f44eca1c199d21fd36f163a2086d2d851d4c6464 1722 exuberant-ctags_5.8-4.dsc
 ce8daf0de963bd7e436d7cf749fbbf2a2a880f6a7d431612a4ee5bf24a8d4fc1 6853 exuberant-ctags_5.8-4.debian.tar.gz
 28dc72b48ba83033baa8a9dc169d5cac50fd33cb93b00910cf29681f21728233 132102 exuberant-ctags_5.8-4_i386.deb
Files: 
 cb4ecc8218eda34590937907c053af49 1722 editors optional exuberant-ctags_5.8-4.dsc
 7f35b1e1f8845a1596c92bbfa1ce9d60 6853 editors optional exuberant-ctags_5.8-4.debian.tar.gz
 12f4de174985fa01e31cc7f9d5934857 132102 editors optional exuberant-ctags_5.8-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBTV0nsTk1h9l9hlALAQjcnBAAryHjeWhkX8xHaGgQT+CA2RjbgjYk7jOX
+hPH3vezkctDXpS1hy7ELSJ68IfCWZ+6mlcTeAufyfresgWOCWKjEnNawgnctFXD
ZOtW5bdjCfdKXKGDg0i+4+1IKX1HXhcq0o/G3PAGuG4Gt/7DYP44wOw4Vcpg3xLc
ak/sw5YrlU4uuK9ecXiNz5svn9EHZIKKc8fleHSjBEiZXv2FGauWZngUPmrIqm+l
PiBwcVN4ZUAlOe5Hk/uWeKL2fnzTesaslhb/uqGcV6lgFTR2Tg9aJy9vO0vCO4AK
7zX+VXLMDLMaPe02YYUI90b5z/KCr44vc9yksXXFbvuG1xsrWxm6t0KpK+Il1Mn9
Cbb3nNF4l3Dz62mFfAQeNGKKTbqww5OoaAND/mabu9CW5aIzp05aGkr2JF9DbtaQ
Ad5hbEBPGUM5RIvG9qbZTNhEOApKRma/8Ro7b5kdrHrg+X0ZoKDnIBTEG/+LfYHC
zqpsDJdHDRk1bSCUMHer2f/1RVcfQvjmwKWNpOFVKStzPv3dvAkAJw6JEPHBDeBw
+LMGzQiIjTT1CQPeUOlpETH12HDAX66abNOfDC0n+gKyVf2dxn5fB3wAQp3Cfh+t
NPD3Piq3IS7NyU+p7CIbBRYQsj9mrmhf3FY2jYxyxSLpIHzgNMxzmhwXXlrr7GzZ
qFgOKMST2TU=
=PrSc
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>:
Bug#594185; Package exuberant-ctags. (Thu, 17 Feb 2011 19:57:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Colin Watson <cjwatson@debian.org>. (Thu, 17 Feb 2011 19:57:10 GMT) Full text and rfc822 format available.

Message #22 received at 594185@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Colin Watson <cjwatson@debian.org>
Cc: debian-release@lists.debian.org, 594185@bugs.debian.org
Subject: Re: exuberant-ctags #594185 -> squeeze?
Date: Thu, 17 Feb 2011 19:51:49 +0000
On Thu, 2011-02-17 at 14:12 +0000, Colin Watson wrote:
> A friend reminded me about #594185, which I'd overlooked.  I can't get
> it to break on i386, but apparently it renders the package "completely
> broken" on amd64.  I've uploaded a fix to unstable, and I'd like to
> upload this patch to stable - would that be OK?

Yes, please go ahead.

Regards,

Adam





Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sun, 20 Feb 2011 01:57:14 GMT) Full text and rfc822 format available.

Notification sent to Nikolay Mitev <face@hmel.org>:
Bug acknowledged by developer. (Sun, 20 Feb 2011 01:57:14 GMT) Full text and rfc822 format available.

Message #27 received at 594185-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 594185-close@bugs.debian.org
Subject: Bug#594185: fixed in exuberant-ctags 1:5.8-3squeeze1
Date: Sun, 20 Feb 2011 01:54:49 +0000
Source: exuberant-ctags
Source-Version: 1:5.8-3squeeze1

We believe that the bug you reported is fixed in the latest version of
exuberant-ctags, which is due to be installed in the Debian FTP archive:

exuberant-ctags_5.8-3squeeze1.debian.tar.gz
  to main/e/exuberant-ctags/exuberant-ctags_5.8-3squeeze1.debian.tar.gz
exuberant-ctags_5.8-3squeeze1.dsc
  to main/e/exuberant-ctags/exuberant-ctags_5.8-3squeeze1.dsc
exuberant-ctags_5.8-3squeeze1_i386.deb
  to main/e/exuberant-ctags/exuberant-ctags_5.8-3squeeze1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594185@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated exuberant-ctags package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Feb 2011 14:09:34 +0000
Source: exuberant-ctags
Binary: exuberant-ctags
Architecture: source i386
Version: 1:5.8-3squeeze1
Distribution: stable
Urgency: low
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 exuberant-ctags - build tag file indexes of source code definitions
Closes: 594185
Changes: 
 exuberant-ctags (1:5.8-3squeeze1) stable; urgency=low
 .
   * Apply patch from Ben Spencer to use memmove rather than strcpy on
     overlapping strings (closes: #594185).
Checksums-Sha1: 
 ca2d851c51cd1d4ab55cfd9fb6a681c0e69a131e 1754 exuberant-ctags_5.8-3squeeze1.dsc
 dfedeed5cb3bad1bad48dc2f805435cf15edb3ff 6765 exuberant-ctags_5.8-3squeeze1.debian.tar.gz
 1b8f560e5d4a9dd308ddf35141c68011b48761a3 132098 exuberant-ctags_5.8-3squeeze1_i386.deb
Checksums-Sha256: 
 9607db040ebf1ef348c01d283fce85362138a22b2336dd900be5f062853a8ce0 1754 exuberant-ctags_5.8-3squeeze1.dsc
 7d0166a34a45252b294f7ec643880d8dc0fea16a9a8cde9ab504baf5c4073b02 6765 exuberant-ctags_5.8-3squeeze1.debian.tar.gz
 15b2715b7ec47635d314cf9d5f6b6c0e0fbe1e5a9d35f03186c262270a7384ba 132098 exuberant-ctags_5.8-3squeeze1_i386.deb
Files: 
 648963ccab602e4cf71e973d58af4f5c 1754 editors optional exuberant-ctags_5.8-3squeeze1.dsc
 06d3ad84882b13934d23e378348cdb05 6765 editors optional exuberant-ctags_5.8-3squeeze1.debian.tar.gz
 45a3f0072a575ca228e30bd59ddf01c2 132098 editors optional exuberant-ctags_5.8-3squeeze1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBTV/7tTk1h9l9hlALAQhX7xAAkn02bHm33Hf9Vs3GgTKBBINLvyTPV55E
v6XEzUlTQWL3C9wh2nHKyAISvGL+Tk2qyYgXcMu7DQDvW0TXj+9xeAQLoxwE8ar/
3ZZ/4l80IvXnonBPfLLKeT2Nf2OLqo42Tr+6r9wGISwMniqXbGmIK6Nut8T49XId
IMhSET08tYBNrIo5WFxcz5PvRMVjHHJHwgkGejbGDoyLAVzxSPvPGz1hhhukZS5+
3bX5rM17S1r6DDdaamC4Uc8k3A2prb3Uan8XfRcpY1++PSjMCRMQsyPU+ggVdfdj
DaiQIwR+RydaseRZUFfseMnY2v3nDP1jcoGRwq3WfrfNRBWIujOpEAbBwnxQ4Ppe
lPEP7Nyz34UVVBHdFf8M6f2ozeZGsmw3MSfy58C2hOASYHPXRu1TAXGxqyZrR74X
48BYHKwvwJbov86upbH+QyoGt+O8Vg5gIP9Idhug9L9F/1O/5SW5cT41JFOUIlNA
hZsBgnTis167YMK1syydhsM2lxsUEcFQTFGRwY3hwD1mj8jmEvIoAR+qkisVpfbQ
vWozgowdCWNS83j2to5CeAmuinpjdhpJkvB91LtcrDBUdzgZCX5bCAz+ZCtY814f
lxDBzlvuMJBcyZGq/4A//2mt1Vk8m6xPbdJNxSWU5RMq7S3mzphGjF0bP0985TDT
Ju9rkYPebfA=
=8+fq
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 28 Mar 2011 07:46:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:26:31 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.