Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:lp-1871830-fix-potential-off-by-one into ubuntu/+source/qemu:ubuntu/focal-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. lp-1871830-fix-potential-off-by-one
  4. Merge into ubuntu/focal-devel
Proposed by Christian Ehrhardt 
Status: Rejected
Rejected by: Christian Ehrhardt 
Proposed branch: ~paelzer/ubuntu/+source/qemu:lp-1871830-fix-potential-off-by-one
Merge into: ubuntu/+source/qemu:ubuntu/focal-devel
Diff against target: 55 lines (+33/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lp-1871830-fix-potential-off-by-one.patch (+25/-0)
Reviewer Review Type Date Requested Status
Rafael David Tinoco (community) Approve
Canonical Server Pending
Review via email: mp+382001@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

# checklist for fixes
----------------------------

 [.] changelog entry correct, targeted to correct codename
 [.] update-maintainer has been run previously
 ----
 [-] changes forwarded upstream/debian (if appropriate)
 [.] patches match what was proposed upstream
 ----
 [.] patches correctly included in debian/patches/series?
 [.] patches have correct DEP3 metadata
 ----
 [-] verified dpkg-buildpackage -S and -b
 [.] autopkgtest against PPA or built package passes
 ----
 [-] testcase provided
 [-] was able to reproduce
 [-] fix solved provided testcase

----------------------------
 [.] = ok
 [x] = not ok
 [?] = question
 [!] = note
 [-] = n/a

+1 from me. PPA still building arm binaries.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This is superseded by wider changes including riscv and some CVEs.
Thanks, marking this one rejected

Unmerged commits

2b429c5... by Christian Ehrhardt 

changelog: avoid a crash if using env QEMU_MODULE_DIR (LP: #1871830)

Signed-off-by: Christian Ehrhardt <email address hidden>

ca4164e... by Christian Ehrhardt 

d/p/ubuntu/lp-1871830-fix-potential-off-by-one.patch: avoid a crash if using env QEMU_MODULE_DIR (LP: #1871830)

Signed-off-by: Christian Ehrhardt <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 4338791..aaf05b9 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+qemu (1:4.2-3ubuntu5) focal; urgency=medium
7+
8+ * d/p/ubuntu/lp-1871830-fix-potential-off-by-one.patch: avoid a crash if
9+ using env QEMU_MODULE_DIR (LP: #1871830)
10+
11+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 09 Apr 2020 13:42:40 +0200
12+
13 qemu (1:4.2-3ubuntu4) focal; urgency=medium
14
15 * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
16diff --git a/debian/patches/series b/debian/patches/series
17index a2a7a54..5c64305 100644
18--- a/debian/patches/series
19+++ b/debian/patches/series
20@@ -77,3 +77,4 @@ ubuntu/lp-1835546-s390x-protvirt-Move-IO-control-structures-over-SIDA.patch
21 ubuntu/lp-1835546-s390x-protvirt-Handle-SIGP-store-status-correctly.patch
22 ubuntu/lp-1835546-s390x-Add-unpack-facility-feature-to-GA1.patch
23 ubuntu/lp-1835546-s390x-protvirt-Fix-stray-error_report_err.patch
24+ubuntu/lp-1871830-fix-potential-off-by-one.patch
25diff --git a/debian/patches/ubuntu/lp-1871830-fix-potential-off-by-one.patch b/debian/patches/ubuntu/lp-1871830-fix-potential-off-by-one.patch
26new file mode 100644
27index 0000000..e261d69
28--- /dev/null
29+++ b/debian/patches/ubuntu/lp-1871830-fix-potential-off-by-one.patch
30@@ -0,0 +1,25 @@
31+Description: fix potential grow out of array
32+ Since bd83c86 "modules: load modules from versioned /var/run dir"
33+ we could exceed the "dirs" array if using CONFIG_MODULE_UPGRADES
34+ and at the same time env QEMU_MODULE_DIR.
35+ Increase the dirs array in that case to reflect the new max size.
36+Forwarded: no
37+X-Not-Forwarded-Reason: experiemental for now
38+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
39+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1871830
40+Last-Update: 2020-04-09
41+--- a/util/module.c
42++++ b/util/module.c
43+@@ -168,9 +168,11 @@ bool module_load_one(const char *prefix,
44+ char *exec_dir;
45+ #ifdef CONFIG_MODULE_UPGRADES
46+ char *version_dir;
47++ char *dirs[5];
48++#else
49++ char *dirs[4];
50+ #endif
51+ const char *search_dir;
52+- char *dirs[4];
53+ char *module_name;
54+ int i = 0, n_dirs = 0;
55+ int ret;

Subscribers

People subscribed via source and target branches