[Bug 1259656] Re: bc uses uninitialized memory

[Brian Murray]

Hello Kees, or anyone else affected,

Accepted bc into precise-proposed. The package will build now and be
available at http://launchpad.net/ubuntu/+source/bc/1.06.95-2ubuntu1 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: bc (Ubuntu Precise)
       Status: New => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bc in Ubuntu.
https://bugs.launchpad.net/bugs/1259656

Title:
  bc uses uninitialized memory

Status in “bc” package in Ubuntu:
  Fix Released
Status in “bc” source package in Precise:
  Fix Committed
Status in “bc” package in Debian:
  Fix Released

Bug description:
  This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608255 fixed
  in later package versions:

  bc depends on uninitialized mem:

  echo "e(1)" | MALLOC_PERTURB_=1 bc -l
  echo "e(1)" | MALLOC_PERTURB_=0 bc -l
  2.71828182845904523536

  This fixes it:

  --- storage.c.orig      2010-12-21 19:43:14.663540110 +0000
  +++ storage.c   2010-12-21 19:42:01.392540111 +0000
  @@ -99,6 +99,7 @@
      {
         f = &functions[indx];
         f->f_defined = FALSE;
  +      f->f_void = FALSE;
         f->f_body = (char *) bc_malloc (BC_START_SIZE);
         f->f_body_size = BC_START_SIZE;
         f->f_code_size = 0;

  
  IMPACT:
  "bc" mathlib routines fail when running under the MALLOC_PERTURB_ environment used by some paranoid people.

  TEST CASE:
  The command 'echo "e(1)" | MALLOC_PERTURB_=1 bc -l' should return '2.71828182845904523536' instead of nothing.

  REGRESSION POTENTIAL:
  Extremely low -- this fix is included in later package versions and fixes the problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1259656/+subscriptions