Re: upstream and bugfixes

[Jan Stary <hans@stare.cz>]

On Feb 07 14:20:42, mans@mansr.com wrote:
> Jan Stary <hans@stare.cz> writes:
> 
> > Hi Mans,
> >
> > just to clear it up for myself:
> > https://sourceforge.net/p/sox/code/ci/master/tree/
> > is still the ultimate upstream, right?
> 
> Yes, that is the most current code.
> 
> > For reference: there is also
> > https://github.com/cbagwell/sox (last commit 2015, 4 issues, 2 PRs)
> > https://github.com/mansr/sox (forked, last 2017, 1PR, no issue tracker)
> > (and a bunch of nobody's forks of these of course, such as mine).
> >
> > These can be ignored when packaging downstream, right?
> 
> Right, packagers should ignore those.
> 
> > Are the commits in your GH fork included in the SF git?
> 
> Some, not all.  There are some things there of a more experimental
> nature that I'm not comfortable making official.
> 
> > What is currently the right way to report bugs and propose fixes?
> > Are diffs to this devel list the preffered way?
> 
> This list or the SF trackers are both fine by me.

OK, thanks for clearing that up.

> > Last commit to the SF git is May 2021; where should current fixes
> > such as https://marc.info/?l=oss-security&m=167546008232629&w=2 be sent?
> 
> I detest so-called security people and the way they handle their
> so-called vulnerabilities.  If they cared about anything other than
> their own egos, they'd try to engage constructively with the code
> authors/maintainers rather than filing CVE entries without asking or
> understanding, then sending menacing emails in private.

Well, the purpose of my message is precisely to engage constructively
about these patches. The original diffs (by Helmut Grohne)
https://marc.info/?t=167546017100001&r=1&w=2
were prepared against the Debian fork and do not apply to
the SF git master. They are then tweaked by Steffen Nurpmeso
to apply to the last commit of Sun May 9 21:17:32 2021
(which is what the OpenBSD audio/sox port is).

That seems like a good opportunity to get them in.
As a first attempt, here is the simplest of them:
when failing an open_read(), sox does not deallocate the comments.

diff --git a/src/formats.c b/src/formats.c
index 3fcf4382..5eda5e36 100644
--- a/src/formats.c
+++ b/src/formats.c
@@ -627,6 +627,7 @@ error:
   free(ft->priv);
   free(ft->filename);
   free(ft->filetype);
+  sox_delete_comments(&ft->oob.comments);
   free(ft);
   return NULL;
 }


	Jan



_______________________________________________
SoX-devel mailing list
SoX-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sox-devel