Debian Bug report logs -
#858389
Memcpy parameter overlap in docbook-to-man
Reported by: Yuri Gribov <tetra2005@gmail.com>
Date: Tue, 21 Mar 2017 20:30:01 UTC
Severity: normal
Found in version docbook-to-man/1:2.0.0-34
Fixed in version docbook-to-man/1:2.0.0-36
Done: Chris Lamb <lamby@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#858389; Package docbook-to-man.
(Tue, 21 Mar 2017 20:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Yuri Gribov <tetra2005@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>.
(Tue, 21 Mar 2017 20:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: docbook-to-man
Version: 1:2.0.0-34
Hi,
ReadESIS function in Instant/main.c triggers undefined behavior via
memcpy's source and destination buffers overlap:
memcpy(&buf[1], &buf[2], strlen(buf)-1);
As far as I can see, the issue is still present in 1:2.0.0-35. The
simplest fix is probly to replace with memmove.
The issue was found by Valgrind when testing flac package in
debian_pkg_test framework (https://github.com/yugr/debian_pkg_test).
Valgrind report:
==7111== Memcheck, a memory error detector
==7111== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==7111== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==7111== Command: /usr/bin/instant -croff.cmap -sroff.sdata
-tdocbook-to-man.ts -d
==7111== Parent PID: 7109
==7111==
==7111== Source and destination overlap in memcpy_chk(0x586f051, 0x586f052, 5)
==7111== at 0x4C353D7: __memcpy_chk (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7111== by 0x10B2EF: ??? (in /usr/bin/instant)
==7111== by 0x10B157: ??? (in /usr/bin/instant)
==7111== by 0x10B157: ??? (in /usr/bin/instant)
==7111== by 0x10A796: ??? (in /usr/bin/instant)
==7111== by 0x526C82F: (below main)
(/build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291)
-Yuri
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#858389; Package docbook-to-man.
(Fri, 12 May 2017 09:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>.
(Fri, 12 May 2017 09:09:05 GMT) (full text, mbox, link).
Message #10 received at 858389@bugs.debian.org (full text, mbox, reply):
tags 858389 + pending
tags 842635 + pending
thanks
> Re: Incorrect output on i386 due to UB
Applied & uploaded; many thanks! :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Added tag(s) pending.
Request was from Chris Lamb <lamby@debian.org>
to control@bugs.debian.org.
(Fri, 12 May 2017 09:09:08 GMT) (full text, mbox, link).
Reply sent
to Chris Lamb <lamby@debian.org>:
You have taken responsibility.
(Fri, 12 May 2017 09:27:08 GMT) (full text, mbox, link).
Notification sent
to Yuri Gribov <tetra2005@gmail.com>:
Bug acknowledged by developer.
(Fri, 12 May 2017 09:27:08 GMT) (full text, mbox, link).
Message #17 received at 858389-close@bugs.debian.org (full text, mbox, reply):
Source: docbook-to-man
Source-Version: 1:2.0.0-36
We believe that the bug you reported is fixed in the latest version of
docbook-to-man, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 858389@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated docbook-to-man package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 12 May 2017 11:02:11 +0200
Source: docbook-to-man
Binary: docbook-to-man
Architecture: source
Version: 1:2.0.0-36
Distribution: unstable
Urgency: medium
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
docbook-to-man - converter from DocBook SGML into roff man macros
Closes: 842635 858389
Changes:
docbook-to-man (1:2.0.0-36) unstable; urgency=medium
.
* Adopt package.
* Prevent undefined behaviour in memcpy parameter overlap; docbook-to-man
can insert random characters into the output. e.g. it will sometimes
generate an "I" instead of a literal tab. Thanks to Chris West
<solo-debianbugs@goeswhere.com> and Yuri Gribov <tetra2005@gmail.com>
(Closes: #842635, #858389)
* Update Vcs-{Git,Browser}.
* Tidy debian/rules.
* Bump Standards-Version to 3.9.8>
* Bump Debhelper compatibility level to 10.
* Refresh all patches with `pq import` -> `pq export`.
* Add myself to debian/copyright.
.
Debian-Bugs: #842635 #858389
Checksums-Sha1:
253c76894c124ffb1fb585a09356b76633c52ca6 1890 docbook-to-man_2.0.0-36.dsc
46e477ec1dad712153728e594807ff32ffcd025b 21828 docbook-to-man_2.0.0-36.debian.tar.xz
f9aecde2b4d5cda86de357beba6259b5bab3938b 5644 docbook-to-man_2.0.0-36_amd64.buildinfo
Checksums-Sha256:
1ff6e5c22512e75bb9d51b527bab5df23d955491d23cc221ff22d3bbed315041 1890 docbook-to-man_2.0.0-36.dsc
6ea7a4ce491c6629090c2e3d6f19cfd88d66ea63c74601e754b21cb45596a5b5 21828 docbook-to-man_2.0.0-36.debian.tar.xz
f6017c6b1f37ee73854cc19ab8fd07593b617cbb64d496d547e485ecd38a44d0 5644 docbook-to-man_2.0.0-36_amd64.buildinfo
Files:
12bfa07458262fe9c22a655e93c44ac5 1890 text optional docbook-to-man_2.0.0-36.dsc
83d41cf01ad8a79baff03963396a0490 21828 text optional docbook-to-man_2.0.0-36.debian.tar.xz
f559c7f664fc2bb86fdfc876400d66aa 5644 text optional docbook-to-man_2.0.0-36_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkVejEACgkQHpU+J9Qx
HliLxg//an01IIb7RW+gbGwlN+USf/S3+TsCziFB1B9B/YzqiBo28LLiOTssmYnA
LPnapkJMtBoGFQYhc82Jvh4Xi63IW3AQQDSa03fdzdpBqLgFK1ymUC5X5Io4GJ/d
ucHNRjAjxMnzf609TVfdIgkgWME+S9uwGCUxFzkhbuyx/RMIRGoQHyDhLNXw+ZM5
v0yX7AFRYFEV32+loiRQnYetKjJdeT0LvwXjMjUv8C/TOBTWsbiHrxVmmleYlqAl
OzCLYivOTilK06wfqR+I2XcuQFbrPNGJ/GVSq1SYPcXqlXjwReRGo0ELrqaDiWu9
V5EMsq8MpqnexoLSWBUkqxV1LJi7s9C2MruSLSJ+UAep21RVIMlub0FEoLfgEhOI
5RM6qj7cQol4cUG4KpzSrSzoI5WRRld48JHaFEYZeHI+4D+FoykBmraQl1SmR4JJ
6ppl9aryLtLeNIMk4LmX3+ZvPzJQ+94OxIoeID1iiKIAfQoM7u0wH5cxnmM2ERiD
cdDBIlCL63XeZ6QWF1wbZPJk1wJtG61cuyPOq7cC0ack6KWR4pohw5uZH3YfzodG
OUEH4MsyhqvAG9x+jQ+OJgDfEZ7BVgLOh4EMUzUDkeiDCXbQTXwHdfZI+UvxdN+9
QqUK91ZmLQgpKY2HWggbatclE5rIeonYj0hdKbzRUWVORUFhd50=
=ctA6
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 18 Jul 2017 07:48:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 14:06:41 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.