Bug#772005: libdevice-cdio-perl: Debian patch causes Perl crashes in Device::Cdio::ISO9660::IFS's readdir: "Error in `/usr/bin/perl': realloc(): invalid next size: 0x0000000001f05850"

intrigeri at debian.org intrigeri at debian.org
Thu Dec 4 10:08:38 UTC 2014 

Package: libdevice-cdio-perl
Version: 0.3.0-2+b2
Severity: serious
X-Debbugs-Cc: tincho at debian.org

Hi,

(Tentatively flagging as RC as this regression breaks Tails software
that worked just fine on Wheezy. If other team members disagree, then
feel free to downgrade severity.)

The reproducer script that follows, when passed the path to Tails'
1.2.1 ISO (http://dl.amnesia.boum.org/tails/stable/tails-i386-1.2.1/tails-i386-1.2.1.iso), 
reliably crashes the interpreter with:

  before readdir EFI
  after readdir EFI
  before readdir live
  after readdir live
  before readdir syslinux
  after readdir syslinux
  before readdir tails
  after readdir tails
  before readdir utils
  after readdir utils
  before readdir isolinux
  *** Error in `/usr/bin/perl': realloc(): invalid next size: 0x0000000001f05850 ***

Same with debian-7.2.0-amd64-i386-netinst.iso and
debian-jessie-DI-b1-amd64-netinst.iso.

If I drop 04_wrong_handling_of_output_parameters.patch, then it works
fine for me. That patch was introduced in 2007 by Tincho. I suspect
the upstream bugs it was meant to fix have been fixed in other ways
since then. Tincho, thoughts? Do you have reproducers for these bugs?

<script>
#!/usr/bin/perl

use strict;
use warnings FATAL => 'all';
use 5.10.1;

use Device::Cdio::ISO9660;
use Device::Cdio::ISO9660::IFS;

my $iso_obj = Device::Cdio::ISO9660::IFS->new(-source => shift);

for my $dir (qw{EFI live syslinux tails utils isolinux}) {
    say STDERR "before readdir $dir";
    my @readdir = $iso_obj->readdir($dir);
    say STDERR "after readdir $dir";
    my @content = map {
        Device::Cdio::ISO9660::name_translate($_->{filename});
    } @readdir;
}
</script>


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libdevice-cdio-perl depends on:
ii  libc6                       2.19-13
ii  libcdio13                   0.83-4.2
ii  libiso9660-8                0.83-4.2
ii  perl                        5.20.1-3
ii  perl-base [perlapi-5.20.0]  5.20.1-3

libdevice-cdio-perl recommends no packages.

libdevice-cdio-perl suggests no packages.

-- no debconf information

--
intrigeri

More information about the pkg-perl-maintainers mailing list