Debian Bug report logs - #819410
garmin-forerunner-tools: missing prototypes will cause segfaults on 64-bit archs

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <steve.langasek@canonical.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: garmin-forerunner-tools: missing prototypes will cause segfaults on 64-bit archs

Date: Sun, 27 Mar 2016 23:12:55 -0700

[Message part 1 (text/plain, inline)]

Package: garmin-forerunner-tools
Version: 0.10repacked-7
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu xenial ubuntu-patch

Hi folks,

The Ubuntu autobuilders have detected a problem with your package on 64-bit
architectures.  The code is using various standard C functions without
including the headers necessary to declare them.  Implicit declarations are
treated as returning an int, which means for any of these functions that
return a pointer the return value will be truncated on 64-bit architectures,
typically resulting in a segfault.

The attached patch fixes the various missing function declarations, which
should eliminate various bugs - including segfaults on 64-bit architectures
- and allow the package to build in Ubuntu, where this is treated as a build
failure.

In the process, I've also identified some issues in debian/rules that
prevent the package from cleanly building in place more than once.  Please
find the patch for all of these issues attached.  It has been uploaded to
Ubuntu with the following changelog:

  * debian/patches/missing-prototypes: include missing headers to ensure
    proper declarations.
  * fix debian/rules dependencies to not make config.status depend on
    'configure' target, a file that will be removed in debian/rules clean.
  * fix clean target to not fail.

As an aside, I had a brief look at bug #816314 to see if it was related.  It
wasn't; the crashing function was unaffected by this bug, and the crash was
reported on i386, a 32-bit architecture.  But what I saw of the code in the
process leaves me concerned about the overall code quality in this package. 
In particular, this construction in garmin_open():

  if ( garmin->usb.handle == NULL ) {
    if ( ctx == NULL ) {
[...]
      if ( err ) {
[...]
        return ( garmin->usb.handle != NULL );
      }
    }
[...]
  }

So obviously, garmin->usb.handle is NULL at this point...?

The build log also reports that libgarmintools is not linked against the
libusb library that it depends on, which could cause bugs later if libusb
ever started using symbol versioning.

Hopefully this patch will help with this package's utility, but it looks to
me like some deeper maintenance might be in order.

Thanks for considering,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

[garmin-forerunner-tools_0.10repacked-7ubuntu1.debdiff (text/x-diff, attachment)]

Message #10 received at 819410-close@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>

To: 819410-close@bugs.debian.org

Subject: Bug#819410: fixed in garmin-forerunner-tools 0.10repacked-8

Date: Tue, 29 Mar 2016 21:50:40 +0000

Source: garmin-forerunner-tools
Source-Version: 0.10repacked-8

We believe that the bug you reported is fixed in the latest version of
garmin-forerunner-tools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 819410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated garmin-forerunner-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 29 Mar 2016 21:28:19 +0200
Source: garmin-forerunner-tools
Binary: garmin-forerunner-tools
Architecture: source i386
Version: 0.10repacked-8
Distribution: unstable
Urgency: medium
Maintainer: Debian running develpment group <pkg-running-devel@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description:
 garmin-forerunner-tools - retrieve data from Garmin Forerunner/Edge GPS devices
Closes: 819410
Changes:
 garmin-forerunner-tools (0.10repacked-8) unstable; urgency=medium
 .
   * Include Ubuntu patches to avoid segfaults on 64-bit architectures
     Thanks to Steve Langasek. Closes: #819410
     * debian/patches/missing-prototypes: include missing headers to ensure
       proper declarations.
     * fix debian/rules dependencies to not make config.status depend on
       'configure' target, a file that will be removed in debian/rules
       clean.
     * fix clean target to not fail.*
   * Add gbp.conf to specify gz as upstream tarball compression type
   * Bump debhelper compatibility to 9
   * Drop "dh_clean -k" call in favor of dh_prep
   * Bump Standards to 3.9.7 (checked)
   * Update upstream URL to github location
   * Drop obsolete debian/watch file. There are no releases on github so
     we cannot point there.
Checksums-Sha1:
 373ac0e97293c3645e0540c5a8f4c1943abd3ef5 2254 garmin-forerunner-tools_0.10repacked-8.dsc
 5ec35c8c06146ef69761bc407ac9de90ebe47153 15964 garmin-forerunner-tools_0.10repacked-8.debian.tar.xz
 83716ed8b5087b0389b13d162bee5c5f78d738bf 193442 garmin-forerunner-tools-dbgsym_0.10repacked-8_i386.deb
 7d57d81bf7a283353731af52a695239fbcfb7cf1 118878 garmin-forerunner-tools_0.10repacked-8_i386.deb
Checksums-Sha256:
 52285af5e13eefeceac6099cd767b309a54eb6f3470a7a39603cb37e46cbc9c4 2254 garmin-forerunner-tools_0.10repacked-8.dsc
 565abb119232dc11afe1eb0c95fb594d7b9b552dc911999359f281aa6db8419f 15964 garmin-forerunner-tools_0.10repacked-8.debian.tar.xz
 a51cb60a46ce32a42ae46a63f8600656f2959d2cfaac694090885464a1da81a5 193442 garmin-forerunner-tools-dbgsym_0.10repacked-8_i386.deb
 17ec15a9a8cb944d77fd3bedf4fce78b122303a991ed66b89f09ca76399b50b5 118878 garmin-forerunner-tools_0.10repacked-8_i386.deb
Files:
 e83063f860d2f7b1b8c773bbc30f856d 2254 utils extra garmin-forerunner-tools_0.10repacked-8.dsc
 e224920a944b11a6525acd29f53d067a 15964 utils extra garmin-forerunner-tools_0.10repacked-8.debian.tar.xz
 e840bf0886ab99d3dd20e00ff68a3e3a 193442 debug extra garmin-forerunner-tools-dbgsym_0.10repacked-8_i386.deb
 6ccb3a72ee2284ca92dc1d14aad94486 118878 utils extra garmin-forerunner-tools_0.10repacked-8_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW+uMHAAoJEIcvcCxNbiWoyk0P/0JpFYYxFTVVzheP9QPZPdyd
6tKAwLIKr0mjkADebmHh292e4PxRLmJtTAUJ7TXutZMIPzyN6lmi1LdBtQaqaP5R
LqQ6KZEoARUhWWeZZcH+igjqkvld9+HYy6/qrxMIU5kxWxNR8QkhyZ89wDGB4WU8
SKA9DxsJm8JNY3TZ2nzldT32eSf6Rw3LfCxbYl+JCIXMZ4yUMBJIdxAqwRcD8bI1
86MSd3uJPn34Z5I48hAHLIS83jCC+gzjI2CNos6Mb0AAK0lPicxT4RXHl7eoPN0d
23lu7ruAwRG6s7Q3w4/xa9apMz3OKS5MTxPlS/yVDd1HW8AC5fAGES4cRN7dY5Tw
gDYSqaTyQyYxGuQ7eQ0MFkKDVx2Ld94QgHtIHJNBAoRhLPCpXVhzbtPz5HhRftEc
QRN1ZBwKmME8A2cpygajTwu6zBjz2wmOWWKcGMr7FbpjT93E7s0w08Ht/Zyva+bI
KKDHE4N6Rj1j9swsP2USGaiIf/1sgr1x15WIIlpSR7oVVLw3CsREoGZpNBrSVbBX
BGfkWWPy6xYtJldm1tMSWsD5g0BZ6KTR4UxrVwF1fqk4dDOOmugweZeKVPGB6BqG
O8v2F1sjim3jqpVwUUKuvh9CsFCT1dRBim+oTZJZqeRIdoOHaxuMUP1WzPY3cbIE
qw2xHhZRappy2qzRVwuL
=pxUp
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.