From 5c62b4e3fd991ab2b6f916ecd3a83e2a2afb93bd Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Tue, 15 May 2018 15:55:48 +0200 Subject: [PATCH] debian/patches: Add 0001_nsc-context-free-must-not-access-uninit-fields.patch. Fixes segfault in Vinagre when user mistypes the password. (Closes: #898448). --- ...t-free-must-not-access-uninit-fields.patch | 122 ++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 123 insertions(+) create mode 100644 debian/patches/0001_nsc-context-free-must-not-access-uninit-fields.patch create mode 100644 debian/patches/series diff --git a/debian/patches/0001_nsc-context-free-must-not-access-uninit-fields.patch b/debian/patches/0001_nsc-context-free-must-not-access-uninit-fields.patch new file mode 100644 index 0000000..b2e4e24 --- /dev/null +++ b/debian/patches/0001_nsc-context-free-must-not-access-uninit-fields.patch @@ -0,0 +1,122 @@ +From ae765430e980ff2a1daafcb8a3d28930c9e162ac Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Tue, 15 May 2018 09:13:00 +0200 +Subject: [PATCH] Fixed #4647: nsc_context_free must not access possibly + uninitialized fields. + +--- + libfreerdp/codec/nsc.c | 47 ++++++++++++++++++++++----------------------- + libfreerdp/utils/profiler.c | 7 ++++--- + 2 files changed, 27 insertions(+), 27 deletions(-) + +--- a/libfreerdp/codec/nsc.c ++++ b/libfreerdp/codec/nsc.c +@@ -248,13 +248,13 @@ + return TRUE; + } + +-static void nsc_profiler_print(NSC_CONTEXT* context) ++static void nsc_profiler_print(NSC_CONTEXT_PRIV* priv) + { + PROFILER_PRINT_HEADER +- PROFILER_PRINT(context->priv->prof_nsc_rle_decompress_data) +- PROFILER_PRINT(context->priv->prof_nsc_decode) +- PROFILER_PRINT(context->priv->prof_nsc_rle_compress_data) +- PROFILER_PRINT(context->priv->prof_nsc_encode) ++ PROFILER_PRINT(priv->prof_nsc_rle_decompress_data) ++ PROFILER_PRINT(priv->prof_nsc_decode) ++ PROFILER_PRINT(priv->prof_nsc_rle_compress_data) ++ PROFILER_PRINT(priv->prof_nsc_encode) + PROFILER_PRINT_FOOTER + } + +@@ -279,7 +279,7 @@ + context->priv = (NSC_CONTEXT_PRIV*) calloc(1, sizeof(NSC_CONTEXT_PRIV)); + + if (!context->priv) +- goto error_priv; ++ goto error; + + context->priv->log = WLog_Get("com.freerdp.codec.nsc"); + WLog_OpenAppender(context->priv->log); +@@ -289,7 +289,7 @@ + context->priv->PlanePool = BufferPool_New(TRUE, 0, 16); + + if (!context->priv->PlanePool) +- goto error_PlanePool; ++ goto error; + + PROFILER_CREATE(context->priv->prof_nsc_rle_decompress_data, + "nsc_rle_decompress_data") +@@ -303,34 +303,33 @@ + /* init optimized methods */ + NSC_INIT_SIMD(context); + return context; +-error_PlanePool: +- free(context->priv); +-error_priv: +- free(context); ++error: ++ nsc_context_free(context); + return NULL; + } + + void nsc_context_free(NSC_CONTEXT* context) + { +- int i; ++ size_t i; ++ ++ if (!context) ++ return; + +- for (i = 0; i < 4; i++) ++ if (context->priv) + { +- if (context->priv->PlaneBuffers[i]) +- { ++ for (i = 0; i < 4; i++) + free(context->priv->PlaneBuffers[i]); +- context->priv->PlaneBuffers[i] = NULL; +- } ++ ++ BufferPool_Free(context->priv->PlanePool); ++ nsc_profiler_print(context->priv); ++ PROFILER_FREE(context->priv->prof_nsc_rle_decompress_data) ++ PROFILER_FREE(context->priv->prof_nsc_decode) ++ PROFILER_FREE(context->priv->prof_nsc_rle_compress_data) ++ PROFILER_FREE(context->priv->prof_nsc_encode) ++ free(context->priv); + } + + free(context->BitmapData); +- BufferPool_Free(context->priv->PlanePool); +- nsc_profiler_print(context); +- PROFILER_FREE(context->priv->prof_nsc_rle_decompress_data) +- PROFILER_FREE(context->priv->prof_nsc_decode) +- PROFILER_FREE(context->priv->prof_nsc_rle_compress_data) +- PROFILER_FREE(context->priv->prof_nsc_encode) +- free(context->priv); + free(context); + } + +--- a/libfreerdp/utils/profiler.c ++++ b/libfreerdp/utils/profiler.c +@@ -51,7 +51,9 @@ + + void profiler_free(PROFILER* profiler) + { +- stopwatch_free(profiler->stopwatch); ++ if (profiler) ++ stopwatch_free(profiler->stopwatch); ++ + free(profiler); + } + +@@ -76,7 +78,6 @@ + { + double s = stopwatch_get_elapsed_time_in_seconds(profiler->stopwatch); + double avg = profiler->stopwatch->count == 0 ? 0 : s / profiler->stopwatch->count; +- + WLog_INFO(TAG, "%-30s | %10u | %10.4fs | %8.6fs | %6.0f", + profiler->name, profiler->stopwatch->count, s, avg, profiler->stopwatch->count / s); + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..53bdebc --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001_nsc-context-free-must-not-access-uninit-fields.patch