Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#78116 - [cdrdao] reading of uninitialized variables with read-toc and copy
Attached to Project:
Arch Linux
Opened by Cebtenzzre (cebtenzzre) - Tuesday, 04 April 2023, 21:52 GMT
Last edited by Antonio Rojas (arojas) - Monday, 10 July 2023, 19:12 GMT
Opened by Cebtenzzre (cebtenzzre) - Tuesday, 04 April 2023, 21:52 GMT
Last edited by Antonio Rojas (arojas) - Monday, 10 July 2023, 19:12 GMT
|
DetailsDescription:
Since cdrdao 1.2.5, there are some changes to a way the DaoCommandLine class is initialized. Some forgotten NULL assignments mean that uninitialized stack memory is read in two cases: - when using `cdrdao read-toc test.toc`, there are FILE lines in the TOC with garbage values (often invalid UTF-8, which causes whipper to fail) - when using `cdrdao copy`, it segfaults when comparing sourceScsiDevice to NULL Those are the results that I got, but of course there may be different results sometimes since it's a form of undefined behavior. I have attached a simple patch that fixes the issue. Additional info: * cdrdao version 1.2.5-1 * Upstream issue https://github.com/cdrdao/cdrdao/issues/22 * Pull request https://github.com/cdrdao/cdrdao/pull/21 * whipper issue https://github.com/whipper-team/whipper/issues/591 Steps to reproduce: |
This task depends upon
Closed by Antonio Rojas (arojas)
Monday, 10 July 2023, 19:12 GMT
Reason for closing: Fixed
Additional comments about closing: cdrdao 1.2.5-2
Monday, 10 July 2023, 19:12 GMT
Reason for closing: Fixed
Additional comments about closing: cdrdao 1.2.5-2

Orphaned pkg (i.e. no maintainer). @arojas was the last to kindly update it. Should probably wait for upstream's response to the issue.

Same bug here. If there is no arch maintainer to add the provided patch, instead of waiting for upstream, can someone downgrade the arch package to 1.2.4?