[Debian-med-packaging] Bug#703076: Missing argument in calls to amitk_color_table_menu_new
Andreas Loening
loening at stanford.edu
Tue Mar 19 14:52:46 UTC 2013
Hi Andreas,
I think "simply waiting for the fixed version" is the best strategy. The
bug was something picked up as a warning by a research compiler as a
hypothetical concern, and does not actually cause a problem in real life.
Andy
On 3/19/13 3:22 AM, Andreas Tille wrote:
> Hi Andy,
>
> thanks for your helpful reply. Do you have any time estimation for
> 1.0.5? Please do not consider this question as nagging - I just want to
> be able to decide whether "simply waiting for the fixed version" is the
> proper strategy or whether we should apply a patch to 1.0.4 for the
> Debian package meanwhile.
>
> Many thanks
>
> Andreas.
>
> On Mon, Mar 18, 2013 at 11:24:01PM -0700, Andy Loening wrote:
>> Hi Andreas,
>>
>> Thanks for the note, this will be corrected in 1.0.5.
>>
>> The error doesn't actually trigger any problems because the variable
>> "color_table" is never used, so it won't be a problem even if it's
>> not fixed.
>>
>> Thanks,
>> Andy
>>
>>
>> On 03/15/2013 02:50 AM, Andreas Tille wrote:
>>> Hi Andy,
>>>
>>> due to some QA checks in Debian the Amide package received a bug report
>>> which I would like to inform you about. I admit we are lagging behind
>>> your latest upstream version (because of Debian freeze for the next
>>> release we hesitate to introduce other versions than currently beeing in
>>> freeze) and the problem might be fixed or not but I would like to make
>>> you aware of it in any case.
>>>
>>> It would be great if you could issue some statement like
>>>
>>> - Is fixed in 1.0.4 or
>>> - Will be fixed in 1.0.5 or
>>> - Please be more verbose / provide a patch or
>>> - Something else
>>>
>>> Kind regards and thanks for providing Amide as Free Software
>>>
>>> Andreas.
>>>
>>> On Thu, Mar 14, 2013 at 11:33:16PM +0000, Michael Tautschnig wrote:
>>>> Package: amide
>>>> Version: 1.0.1-1
>>>> Usertags: goto-cc
>>>>
>>>> Building and type-checking the linked results using our research compiler
>>>> infrastructure showed the following wrong uses of amitk_color_table_menu_new:
>>>>
>>>> ./src/amitk_threshold.c: threshold->color_table_menu[i_view_mode] = amitk_color_table_menu_new();
>>>> ./src/ui_preferences_dialog.c: menu = amitk_color_table_menu_new();
>>>> ./src/ui_render_dialog.c: menu = amitk_color_table_menu_new();
>>>>
>>>> This conflicts with the actual definition of amitk_color_table_menu_new:
>>>>
>>>> ./src/amitk_color_table_menu.c:GtkWidget * amitk_color_table_menu_new(AmitkColorTable color_table) {
>>>>
>>>> The result will necessarily cause a stack underflow, with entirely undefined
>>>> consequences (for any application with elevated privileges this is a possibly
>>>> security issue).
>>>>
>>>> Best,
>>>> Michael
>>>>
>>>> PS.: It may be wise to also adjust the declaration of
>>>> amitk_color_table_menu_new:
>>>>
>>>> ./src/amitk_color_table_menu.h:GtkWidget* amitk_color_table_menu_new ();
>>>>
>>>> (but this is actually entirely covered by the C standard and not necessarily a
>>>> bug - it just stops the compiler from producing proper diagnostics).
>>>>
>>>
>>>
>>>
>>>> _______________________________________________
>>>> Debian-med-packaging mailing list
>>>> Debian-med-packaging at lists.alioth.debian.org
>>>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging
>>>
>>>
>>
>> _______________________________________________
>> Debian-med-packaging mailing list
>> Debian-med-packaging at lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging
>>
>
More information about the Debian-med-packaging
mailing list