[med-svn] [Git][med-team/fermi-lite][master] 2 commits: Ensure that our variable checking for >= 0 is signed

Andreas Tille gitlab at salsa.debian.org
Sat Mar 28 18:36:57 GMT 2020 


Andreas Tille pushed to branch master at Debian Med / fermi-lite


Commits:
d48f314f by Andreas Tille at 2020-03-28T19:32:47+01:00
Ensure that our variable checking for >= 0 is signed

- - - - -
e6ad3623 by Andreas Tille at 2020-03-28T19:34:34+01:00
routine-update: Ready to upload to unstable

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/ensure-signed-comparison.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+fermi-lite (0.1-11) unstable; urgency=medium
+
+  [ Steve Langasek ]
+  * Ensure that our variable checking for >= 0 is signed
+    Closes: #954127
+
+ -- Andreas Tille <tille at debian.org>  Sat, 28 Mar 2020 19:33:46 +0100
+
 fermi-lite (0.1-10) unstable; urgency=medium
 
   * Team upload.


=====================================
debian/patches/ensure-signed-comparison.patch
=====================================
@@ -0,0 +1,22 @@
+Description: Ensure that our variable checking for >= 0 is signed
+ The type of v->n is size_t, which is an unsigned type, and we are assigning
+ v->n - 1 to i and looping while this is >= 0.  If v->n == 0, on some
+ architectures (armhf) this results in i being set to a positive value
+ (specifically, UINT32_MAX).
+Author: Steve Langasek <steve.langasek at ubuntu.com>
+Last-Update: 2020-03-17
+Bug-Debian: https://bugs.debian.org/954127
+
+Index: fermi-lite-0.1/mag.c
+===================================================================
+--- fermi-lite-0.1.orig/mag.c
++++ fermi-lite-0.1/mag.c
+@@ -506,7 +506,7 @@
+ 
+ 	for (j = 0; j < 2; ++j) {
+ 		sum_n = sum_l = 0;
+-		for (i = v->n - 1; i >= 0; --i) {
++		for (i = (int64_t)v->n - 1; i >= 0; --i) {
+ 			const magv_t *p = &v->a[srt[i]<<32>>32];
+ 			int tmp1, tmp2;
+ 			tmp1 = tmp2 = 0;


=====================================
debian/patches/series
=====================================
@@ -3,4 +3,5 @@ hardening
 rename_bseq1_t.patch
 bcf_seqlib.patch
 simde
+ensure-signed-comparison.patch
 # sync_instead_of_atomic



View it on GitLab: https://salsa.debian.org/med-team/fermi-lite/-/compare/ce658f8f9f2e9fc65fe68297ab03acb1e80d9d24...e6ad3623bea78984a8c9013f027d29132008e2e6

-- 
View it on GitLab: https://salsa.debian.org/med-team/fermi-lite/-/compare/ce658f8f9f2e9fc65fe68297ab03acb1e80d9d24...e6ad3623bea78984a8c9013f027d29132008e2e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20200328/bfe44c8d/attachment-0001.html>

More information about the debian-med-commit mailing list