bugbot adjusting priority

code seems to be in sles-11-sp2 php53.

it seems not to be in the sle11 php5

It is in the Web Scripting 12 module.


  <binary project="SUSE:Updates:SLE-Module-Web-Scripting:12:ppc64le" 
repository="update" name="php5-enchant" version="5.5.14" release="15.1" arch="ppc64le"/>

bash:
function ibs_maintained {
        osci api "/search/released/binary/id?match=@name=\"$1\"+and+obsolete[not(@time)]";
}

ibs_maintained php5-enchant

(In reply to Marcus Meissner from comment #4)
>         osci api
> "/search/released/binary/id?match=@name=\"$1\"+and+obsolete[not(@time)]";

Thanks!

Testcase (from https://bugs.php.net/bug.php?id=68552) gives for second pass trough enchant_broker_request_dict():

554  pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt);
(gdb) p pbroker->dictcnt
$10 = 1
(gdb) n
555  pos = pbroker->dictcnt++;
(gdb) n
562  dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict));
(gdb) p pos
$11 = 1

So only memory for one enchant_dict structure is allocated for pbroker->dict, but written is pbroker->dict[1].

As Marcus said, php 5.3 and above is affected.

(Except factory, 5.6.6 contains the fix yet.)

The fix is like this:

 pos = pbroker->dictcnt++;
 if (pbroker->dictcnt) {
    pbroker->dict = 
      (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * 
                                               pbroker->dictcnt);
 } else {
    pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *));
    pos = 0;
 }

Am I blind or the if condition is always true?
I am not saying it is not working as pbroker->dict seems to be NULL in the first pass (at least for the provided testcase) and I guess erealloc will do the same as emalloc?

you are correct.

fortunately erealloc will probably handle NULL input pointers

the else branch could be removed

Okay, not always true ;).

I have sent email to author of the patch.

I would check pos for zero instead of pbroker->dictcnt.

Created attachment 627611 [details]
Modified testcase to segfault on sle12 too.

QA: 

1. install php5(3), php5(3)-enchant and aspell-en.
2. invoke
$ php test.php

Segmentation fault

Created attachment 627615 [details]
Modified upstream patch, see comment 11.

This patch fixed the issue for me on 11sp3 and 12.

Please review my submit requests.

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-04-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61384

openSUSE-SU-2015:0644-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 922022,922451,922452,922894,923946
CVE References: CVE-2014-9705,CVE-2014-9709,CVE-2015-2301,CVE-2015-2305,CVE-2015-2331
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-15.1
openSUSE 13.1 (src):    php5-5.4.20-45.1

SUSE-SU-2015:0868-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 922022,922451,922452,923946,924970,924972,925109,928408,928506,928511
CVE References: CVE-2014-9705,CVE-2014-9709,CVE-2015-2301,CVE-2015-2305,CVE-2015-2348,CVE-2015-2783,CVE-2015-2787,CVE-2015-3329,CVE-2015-3330
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    php5-5.5.14-22.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-22.1

SUSE-SU-2015:1018-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 922022,922451,922452,923946,924972,925109,928506,928511,931421,931769,931772,931776
CVE References: CVE-2014-9705,CVE-2014-9709,CVE-2015-2301,CVE-2015-2305,CVE-2015-2783,CVE-2015-2787,CVE-2015-3329,CVE-2015-4021,CVE-2015-4022,CVE-2015-4024,CVE-2015-4026
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    php53-5.3.17-0.41.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    php53-5.3.17-0.41.1
SUSE Linux Enterprise Server 11 SP3 (src):    php53-5.3.17-0.41.1

released

SUSE-SU-2016:1638-1: An update that fixes 85 vulnerabilities is now available.

Category: security (important)
Bug References: 884986,884987,884989,884990,884991,884992,885961,886059,886060,893849,893853,902357,902360,902368,910659,914690,917150,918768,919080,921950,922451,922452,923945,924972,925109,928506,928511,931421,931769,931772,931776,933227,935074,935224,935226,935227,935229,935232,935234,935274,935275,938719,938721,942291,942296,945412,945428,949961,968284,969821,971611,971612,971912,973351,973792,976996,976997,977003,977005,977991,977994,978827,978828,978829,978830,980366,980373,980375,981050,982010,982011,982012,982013,982162
CVE References: CVE-2004-1019,CVE-2006-7243,CVE-2014-0207,CVE-2014-3478,CVE-2014-3479,CVE-2014-3480,CVE-2014-3487,CVE-2014-3515,CVE-2014-3597,CVE-2014-3668,CVE-2014-3669,CVE-2014-3670,CVE-2014-4049,CVE-2014-4670,CVE-2014-4698,CVE-2014-4721,CVE-2014-5459,CVE-2014-8142,CVE-2014-9652,CVE-2014-9705,CVE-2014-9709,CVE-2014-9767,CVE-2015-0231,CVE-2015-0232,CVE-2015-0273,CVE-2015-1352,CVE-2015-2301,CVE-2015-2305,CVE-2015-2783,CVE-2015-2787,CVE-2015-3152,CVE-2015-3329,CVE-2015-3411,CVE-2015-3412,CVE-2015-4021,CVE-2015-4022,CVE-2015-4024,CVE-2015-4026,CVE-2015-4116,CVE-2015-4148,CVE-2015-4598,CVE-2015-4599,CVE-2015-4600,CVE-2015-4601,CVE-2015-4602,CVE-2015-4603,CVE-2015-4643,CVE-2015-4644,CVE-2015-5161,CVE-2015-5589,CVE-2015-5590,CVE-2015-6831,CVE-2015-6833,CVE-2015-6836,CVE-2015-6837,CVE-2015-6838,CVE-2015-7803,CVE-2015-8835,CVE-2015-8838,CVE-2015-8866,CVE-2015-8867,CVE-2015-8873,CVE-2015-8874,CVE-2015-8879,CVE-2016-2554,CVE-2016-3141,CVE-2016-3142,CVE-2016-3185,CVE-2016-4070,CVE-2016-4073,CVE-2016-4342,CVE-2016-4346,CVE-2016-4537,CVE-2016-4538,CVE-2016-4539,CVE-2016-4540,CVE-2016-4541,CVE-2016-4542,CVE-2016-4543,CVE-2016-4544,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096,CVE-2016-5114
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php53-5.3.17-47.1