Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#78116 - [cdrdao] reading of uninitialized variables with read-toc and copy
Attached to Project:
Arch Linux
Opened by Cebtenzzre (cebtenzzre) - Tuesday, 04 April 2023, 21:52 GMT
Last edited by Antonio Rojas (arojas) - Monday, 10 July 2023, 19:12 GMT
Opened by Cebtenzzre (cebtenzzre) - Tuesday, 04 April 2023, 21:52 GMT
Last edited by Antonio Rojas (arojas) - Monday, 10 July 2023, 19:12 GMT
|
DetailsDescription:
Since cdrdao 1.2.5, there are some changes to a way the DaoCommandLine class is initialized. Some forgotten NULL assignments mean that uninitialized stack memory is read in two cases: - when using `cdrdao read-toc test.toc`, there are FILE lines in the TOC with garbage values (often invalid UTF-8, which causes whipper to fail) - when using `cdrdao copy`, it segfaults when comparing sourceScsiDevice to NULL Those are the results that I got, but of course there may be different results sometimes since it's a form of undefined behavior. I have attached a simple patch that fixes the issue. Additional info: * cdrdao version 1.2.5-1 * Upstream issue https://github.com/cdrdao/cdrdao/issues/22 * Pull request https://github.com/cdrdao/cdrdao/pull/21 * whipper issue https://github.com/whipper-team/whipper/issues/591 Steps to reproduce: 
0001-fix-uninitialized-variab...
(0.7 KiB)
|
This task depends upon
Closed by Antonio Rojas (arojas)
Monday, 10 July 2023, 19:12 GMT
Reason for closing: Fixed
Additional comments about closing: cdrdao 1.2.5-2
Monday, 10 July 2023, 19:12 GMT
Reason for closing: Fixed
Additional comments about closing: cdrdao 1.2.5-2
Comment by Toolybird (Toolybird) -
Tuesday, 04 April 2023, 22:13 GMT
Orphaned pkg (i.e. no maintainer). @arojas was the last to kindly update it. Should probably wait for upstream's response to the issue.
Comment by Michael Ortmann (mortmann) -
Monday, 03 July 2023, 04:55 GMT
Same bug here. If there is no arch maintainer to add the provided patch, instead of waiting for upstream, can someone downgrade the arch package to 1.2.4?