Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Joël Krähemann-2
Package: lv2-dev
Version: 1.14.0~dfsg1-1
Severity: important

Dear Maintainer,

The following header makes use of smallest possible pointer in LV2_Event_Buffer struct's data field.

lv2/lv2plug.in/ns/ext/event/event.h

Please change it to biggest possible pointer. It should be definitely void* type because the memory
pointed by data shall contain another struct LV2_Event.

This describes an integer overflow. There shouldn't be any overflow.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-rt-amd64 (SMP w/24 CPU cores; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

James Cowgill
Hi,

On 10/08/17 08:31, Joël Krähemann wrote:

> Package: lv2-dev
> Version: 1.14.0~dfsg1-1
> Severity: important
>
> Dear Maintainer,
>
> The following header makes use of smallest possible pointer in LV2_Event_Buffer struct's data field.
>
> lv2/lv2plug.in/ns/ext/event/event.h
>
> Please change it to biggest possible pointer. It should be definitely void* type because the memory
> pointed by data shall contain another struct LV2_Event.
>
> This describes an integer overflow. There shouldn't be any overflow.
I'm afraid I don't see what the problem is here, or where the integer
overflow is. The data field is casted to an appropriate pointer type
whenever it is used and doing that is portable if you're careful.

Thanks,
James


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Joël Krähemann-2
Hi James,

It is common that you use for storing uint8_t an entire word.
The use of a uint8_t pointer confused me as you are pointing
to a struct.

Bests,
Joël


On Thu, Aug 10, 2017 at 4:10 PM, James Cowgill <[hidden email]> wrote:

> Hi,
>
> On 10/08/17 08:31, Joël Krähemann wrote:
>> Package: lv2-dev
>> Version: 1.14.0~dfsg1-1
>> Severity: important
>>
>> Dear Maintainer,
>>
>> The following header makes use of smallest possible pointer in LV2_Event_Buffer struct's data field.
>>
>> lv2/lv2plug.in/ns/ext/event/event.h
>>
>> Please change it to biggest possible pointer. It should be definitely void* type because the memory
>> pointed by data shall contain another struct LV2_Event.
>>
>> This describes an integer overflow. There shouldn't be any overflow.
>
> I'm afraid I don't see what the problem is here, or where the integer
> overflow is. The data field is casted to an appropriate pointer type
> whenever it is used and doing that is portable if you're careful.
>
> Thanks,
> James
>

Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Jaromír Mikeš-2


2017-08-10 16:23 GMT+02:00 Joël Krähemann <[hidden email]>:
Hi James,

It is common that you use for storing uint8_t an entire word.
The use of a uint8_t pointer confused me as you are pointing
to a struct.

Bests,
Joël


On Thu, Aug 10, 2017 at 4:10 PM, James Cowgill <[hidden email]> wrote:
> Hi,
>
> On 10/08/17 08:31, Joël Krähemann wrote:
>> Package: lv2-dev
>> Version: 1.14.0~dfsg1-1
>> Severity: important
>>
>> Dear Maintainer,
>>
>> The following header makes use of smallest possible pointer in LV2_Event_Buffer struct's data field.
>>
>> lv2/lv2plug.in/ns/ext/event/event.h
>>
>> Please change it to biggest possible pointer. It should be definitely void* type because the memory
>> pointed by data shall contain another struct LV2_Event.
>>
>> This describes an integer overflow. There shouldn't be any overflow.
>
> I'm afraid I don't see what the problem is here, or where the integer
> overflow is. The data field is casted to an appropriate pointer type
> whenever it is used and doing that is portable if you're careful.


Hi Joel,

You still think it is a bug?
Did you contacted upstream author about this issue already?

best regards

mira

Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Joël Krähemann-2
Hi

For sure you can cast any pointer. But feels somehow wrong. The
opinion was the specs
are always correct.

Bests,
Joël


On Fri, Aug 11, 2017 at 8:12 PM, Jaromír Mikeš <[hidden email]> wrote:

>
>
> 2017-08-10 16:23 GMT+02:00 Joël Krähemann <[hidden email]>:
>>
>> Hi James,
>>
>> It is common that you use for storing uint8_t an entire word.
>> The use of a uint8_t pointer confused me as you are pointing
>> to a struct.
>>
>> Bests,
>> Joël
>>
>>
>> On Thu, Aug 10, 2017 at 4:10 PM, James Cowgill <[hidden email]>
>> wrote:
>> > Hi,
>> >
>> > On 10/08/17 08:31, Joël Krähemann wrote:
>> >> Package: lv2-dev
>> >> Version: 1.14.0~dfsg1-1
>> >> Severity: important
>> >>
>> >> Dear Maintainer,
>> >>
>> >> The following header makes use of smallest possible pointer in
>> >> LV2_Event_Buffer struct's data field.
>> >>
>> >> lv2/lv2plug.in/ns/ext/event/event.h
>> >>
>> >> Please change it to biggest possible pointer. It should be definitely
>> >> void* type because the memory
>> >> pointed by data shall contain another struct LV2_Event.
>> >>
>> >> This describes an integer overflow. There shouldn't be any overflow.
>> >
>> > I'm afraid I don't see what the problem is here, or where the integer
>> > overflow is. The data field is casted to an appropriate pointer type
>> > whenever it is used and doing that is portable if you're careful.
>>
>
> Hi Joel,
>
> You still think it is a bug?
> Did you contacted upstream author about this issue already?
>
> best regards
>
> mira
>

Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Jaromír Mikeš-2


2017-08-11 20:20 GMT+02:00 Joël Krähemann <[hidden email]>:
Hi

For sure you can cast any pointer. But feels somehow wrong. The
opinion was the specs
are always correct.

Bests,
Joël


On Fri, Aug 11, 2017 at 8:12 PM, Jaromír Mikeš <[hidden email]> wrote:
>
>
> 2017-08-10 16:23 GMT+02:00 Joël Krähemann <[hidden email]>:
>>
>> Hi James,
>>
>> It is common that you use for storing uint8_t an entire word.
>> The use of a uint8_t pointer confused me as you are pointing
>> to a struct.
>>
>> Bests,
>> Joël
>>
>>
>> On Thu, Aug 10, 2017 at 4:10 PM, James Cowgill <[hidden email]>
>> wrote:
>> > Hi,
>> >
>> > On 10/08/17 08:31, Joël Krähemann wrote:
>> >> Package: lv2-dev
>> >> Version: 1.14.0~dfsg1-1
>> >> Severity: important
>> >>
>> >> Dear Maintainer,
>> >>
>> >> The following header makes use of smallest possible pointer in
>> >> LV2_Event_Buffer struct's data field.
>> >>
>> >> lv2/lv2plug.in/ns/ext/event/event.h
>> >>
>> >> Please change it to biggest possible pointer. It should be definitely
>> >> void* type because the memory
>> >> pointed by data shall contain another struct LV2_Event.
>> >>
>> >> This describes an integer overflow. There shouldn't be any overflow.
>> >
>> > I'm afraid I don't see what the problem is here, or where the integer
>> > overflow is. The data field is casted to an appropriate pointer type
>> > whenever it is used and doing that is portable if you're careful.
>>
>
> Hi Joel,
>
> You still think it is a bug?
> Did you contacted upstream author about this issue already?
>
> best regards
>
> mira
>

@ Joel as you didn't my second question I'm assuming you didn't contacted upstream author yet.

Hi David,

can you please comment on this bug which we have opened in debian against lv2-dev package?
I am not sure what to do with it.

best regards

mira
Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Robin Gareus
In reply to this post by Joël Krähemann-2
Note that the LV2 event extension was deprecated years ago
and the last plugins which were using it were /killed/ in 2014.

http://lists.lv2plug.in/pipermail/devel-lv2plug.in/2014-January/000642.html


As for the bug report itself, changing plugin API specifications
post-factum is never a good idea. So uint8_t it is, besides the
documentation in event.h makes it clear:

/**
The contents of the event buffer. This may or may not reside in the
same block of memory as this header, plugins must not assume either.
The host guarantees this points to at least capacity bytes of allocated
memory (though only size bytes of that are valid events).
*/
uint8_t* data;


not a bug.

On 08/11/2017 08:20 PM, Joël Krähemann wrote:
> Hi
>
> For sure you can cast any pointer. But feels somehow wrong. The
> opinion was the specs
> are always correct.
>
> Bests,
> Joël
>

Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Joël Krähemann-2
Hi

Might be just a programming error. But it is important that you don't point
uint8_t pointer to a struct.

Might be some language basics missing?

It is the same for atoms. Just use void pointers, please.

Bests,
Joël


On Fri, Aug 11, 2017 at 8:52 PM, Robin Gareus <[hidden email]> wrote:

> Note that the LV2 event extension was deprecated years ago
> and the last plugins which were using it were /killed/ in 2014.
>
> http://lists.lv2plug.in/pipermail/devel-lv2plug.in/2014-January/000642.html
>
>
> As for the bug report itself, changing plugin API specifications
> post-factum is never a good idea. So uint8_t it is, besides the
> documentation in event.h makes it clear:
>
> /**
> The contents of the event buffer. This may or may not reside in the
> same block of memory as this header, plugins must not assume either.
> The host guarantees this points to at least capacity bytes of allocated
> memory (though only size bytes of that are valid events).
> */
> uint8_t* data;
>
>
> not a bug.
>
> On 08/11/2017 08:20 PM, Joël Krähemann wrote:
>> Hi
>>
>> For sure you can cast any pointer. But feels somehow wrong. The
>> opinion was the specs
>> are always correct.
>>
>> Bests,
>> Joël
>>
>
> _______________________________________________
> pkg-multimedia-maintainers mailing list
> [hidden email]
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Reply | Threaded
Open this post in threaded view
|

Bug#871649: lv2-dev: abuse of non portable pointer of uint8_t type

Joël Krähemann-2
Hi

Code like this might destabilize the operating system and compromise debian.
There is a good reason why glib-2.0 uses void pointers.

Bests,
Joël


On Fri, Aug 11, 2017 at 9:23 PM, Joël Krähemann <[hidden email]> wrote:

> Hi
>
> Might be just a programming error. But it is important that you don't point
> uint8_t pointer to a struct.
>
> Might be some language basics missing?
>
> It is the same for atoms. Just use void pointers, please.
>
> Bests,
> Joël
>
>
> On Fri, Aug 11, 2017 at 8:52 PM, Robin Gareus <[hidden email]> wrote:
>> Note that the LV2 event extension was deprecated years ago
>> and the last plugins which were using it were /killed/ in 2014.
>>
>> http://lists.lv2plug.in/pipermail/devel-lv2plug.in/2014-January/000642.html
>>
>>
>> As for the bug report itself, changing plugin API specifications
>> post-factum is never a good idea. So uint8_t it is, besides the
>> documentation in event.h makes it clear:
>>
>> /**
>> The contents of the event buffer. This may or may not reside in the
>> same block of memory as this header, plugins must not assume either.
>> The host guarantees this points to at least capacity bytes of allocated
>> memory (though only size bytes of that are valid events).
>> */
>> uint8_t* data;
>>
>>
>> not a bug.
>>
>> On 08/11/2017 08:20 PM, Joël Krähemann wrote:
>>> Hi
>>>
>>> For sure you can cast any pointer. But feels somehow wrong. The
>>> opinion was the specs
>>> are always correct.
>>>
>>> Bests,
>>> Joël
>>>
>>
>> _______________________________________________
>> pkg-multimedia-maintainers mailing list
>> [hidden email]
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers