Mark H Weaver <m...@netris.org> writes:
> Mark H Weaver <m...@netris.org> writes:
>
>> Mark H Weaver <m...@netris.org> writes:
>>
>>> It turns out there's an obfuscated self-reference to fontconfig's store
>>> directory. Here's an excerpt of the output of "hexdump -C
>>> libfontconfig.so.1.9.0":
>>>
>>> 0000cca0 00 48 b9 2f 67 6e 75 2f 73 74 6f c6 40 48 00 45
>>> |.H./gnu/sto.@H.E|
>>> 0000ccb0 31 e4 48 89 08 48 b9 72 65 2f 62 34 38 34 6e 48
>>> |1.H..H.re/b484nH|
>>> 0000ccc0 89 48 08 48 b9 76 6e 39 6e 6e 72 33 64 48 89 48
>>> |.H.H.vn9nnr3dH.H|
>>> 0000ccd0 10 48 b9 64 63 6c 70 7a 32 66 6d 48 89 48 18 48
>>> |.H.dclpz2fmH.H.H|
>>> 0000cce0 b9 61 39 79 78 6d 69 6d 67 48 89 48 20 48 b9 32 |.a9yxmimgH.H
>>> H.2|
>>> 0000ccf0 6a 6a 2d 66 6f 6e 74 48 89 48 28 48 b9 63 6f 6e
>>> |jj-fontH.H(H.con|
>>> 0000cd00 66 69 67 2d 32 48 89 48 30 48 b9 2e 31 31 2e 39
>>> |fig-2H.H0H..11.9|
>>> 0000cd10 34 2f 65 48 89 48 38 48 b9 74 63 2f 66 6f 6e 74
>>> |4/eH.H8H.tc/font|
>>> 0000cd20 73 48 89 48 40 48 8b 04 24 48 8b 18 48 89 c5 48
>>> |sH.H@H..$H..H..H|
>>
>> It turns out that this is part of the compiled x86_64 code for
>> 'FcConfigFilename' in src/fccfg.c, which copies a compile-time string
>> constant, 8 bytes at a time, into a buffer:
>>
>> $ objdump -d libfontconfig.so.1.9.0 | grep -B1 -A35 '48 b9 2f 67 6e 75 2f'
>> cc9b: 0f 84 3f 01 00 00 je cde0 <FcConfigFilename+0x2d0>
>> cca1: 48 b9 2f 67 6e 75 2f movabs $0x6f74732f756e672f,%rcx
>> cca8: 73 74 6f
>> ccab: c6 40 48 00 movb $0x0,0x48(%rax)
>> ccaf: 45 31 e4 xor %r12d,%r12d
>> ccb2: 48 89 08 mov %rcx,(%rax)
>> ccb5: 48 b9 72 65 2f 62 34 movabs $0x6e343834622f6572,%rcx
>> ccbc: 38 34 6e
>> ccbf: 48 89 48 08 mov %rcx,0x8(%rax)
>> ccc3: 48 b9 76 6e 39 6e 6e movabs $0x6433726e6e396e76,%rcx
>> ccca: 72 33 64
>> cccd: 48 89 48 10 mov %rcx,0x10(%rax)
>> ccd1: 48 b9 64 63 6c 70 7a movabs $0x6d66327a706c6364,%rcx
>> ccd8: 32 66 6d
>> ccdb: 48 89 48 18 mov %rcx,0x18(%rax)
>> ccdf: 48 b9 61 39 79 78 6d movabs $0x676d696d78793961,%rcx
>> cce6: 69 6d 67
>> cce9: 48 89 48 20 mov %rcx,0x20(%rax)
>> cced: 48 b9 32 6a 6a 2d 66 movabs $0x746e6f662d6a6a32,%rcx
>> ccf4: 6f 6e 74
>> ccf7: 48 89 48 28 mov %rcx,0x28(%rax)
>> ccfb: 48 b9 63 6f 6e 66 69 movabs $0x322d6769666e6f63,%rcx
>> cd02: 67 2d 32
>> cd05: 48 89 48 30 mov %rcx,0x30(%rax)
>> cd09: 48 b9 2e 31 31 2e 39 movabs $0x652f34392e31312e,%rcx
>> cd10: 34 2f 65
>> cd13: 48 89 48 38 mov %rcx,0x38(%rax)
>> cd17: 48 b9 74 63 2f 66 6f movabs $0x73746e6f662f6374,%rcx
>> cd1e: 6e 74 73
>> cd21: 48 89 48 40 mov %rcx,0x40(%rax)
>> cd25: 48 8b 04 24 mov (%rsp),%rax
>> cd29: 48 8b 18 mov (%rax),%rbx
>> cd2c: 48 89 c5 mov %rax,%rbp
>> cd2f: 48 85 db test %rbx,%rbx
>> cd32: 48 89 df mov %rbx,%rdi
>> cd35: 75 16 jne cd4d <FcConfigFilename+0x23d>
>> cd37: eb 44 jmp cd7d <FcConfigFilename+0x26d>
>>
>> So far, I've not been able to find any evidence of the fontconfig code
>> doing anything strange here. I strongly suspect that GCC is generating
>> this code, most likely due to an inlinable string/memory copy function
>> where the source is a string literal.
>
> I've confirmed this. After building this package manually, "objdump -d
> --source src/.libs/fccfg.o" reveals that the corresponding source code
> is:
>
> dir = (FcChar8 *) FONTCONFIG_PATH;
> path[i] = malloc (strlen ((char *) dir) + 1);
> if (!path[i])
> goto bail1;
> strcpy ((char *) path[i], (const char *) dir);
>
> It is part of 'FcConfigGetPath', inlined into 'FcConfigFilename', in
> src/fccfg.c. -DFONTCONFIG_PATH='"$(BASECONFIGDIR)"' is one of the flags
> passed to GCC, via AM_CPPFLAGS in src/Makefile.am.
>
>> Obviously, this could be a serious problem for Guix (and Nix), since it
>> suggests that we may not be able to continue with our simplistic
>> assumption that references to the store in compiled code will be easy to
>> find and replace.
To get an idea of how widespread this problem is, I searched for
occurrences of /gnu/sto[^r] on my GNOME/Xfce desktop system:
$ LC_ALL=C grep '/gnu/sto[^r]' --recursive /gnu/store/
[.../gnu/store/.links hits removed...]
Binary file
/gnu/store/0010wvgs40kdq8chzsh403qm7la9jxq7-bash-static-4.3.42/bin/bash matches
Binary file /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/sbin/sln
matches
Binary file
/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libc-2.23.so matches
Binary file /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libc.a
matches
Binary file /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/bin/locale
matches
Binary file
/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/bin/localedef matches
Binary file
/gnu/store/4fs8dg5jhf99xl3ikl093dn1va4wlv79-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file
/gnu/store/b484nvn9nnr3ddclpz2fma9yxmimg2jj-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file
/gnu/store/80m11l8km7bwi9iljfyr82hmscaq4xk2-unixodbc-2.3.4/lib/libodbcinst.so.2.0.0
matches
Binary file
/gnu/store/80m11l8km7bwi9iljfyr82hmscaq4xk2-unixodbc-2.3.4/lib/libodbc.so.2.0.0
matches
Binary file
/gnu/store/ld16jy012l3jpkj6azynzmldxn28cspw-ncurses-6.0/lib/libncursesw.so.6.0
matches
Binary file
/gnu/store/ld16jy012l3jpkj6azynzmldxn28cspw-ncurses-6.0/lib/libncursesw.a
matches
Binary file
/gnu/store/lxv20br9ic8abvqd7fipszbs4mg8hkjv-ncurses-6.0/lib/libncursesw.so.6.0
matches
Binary file
/gnu/store/lxv20br9ic8abvqd7fipszbs4mg8hkjv-ncurses-6.0/lib/libncursesw.a
matches
Binary file /gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/gcc
matches
Binary file
/gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-gcc-4.9.3
matches
Binary file
/gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-c++
matches
Binary file
/gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-gcc
matches
Binary file /gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/g++
matches
Binary file
/gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-g++
matches
Binary file /gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/cpp
matches
Binary file /gnu/store/frrj3bfbmg5vrd0flh9cf8j64h7cr2v4-gcc-4.9.3/bin/c++
matches
Binary file
/gnu/store/sxa3b6l28ckcnyg3g7f4brvl2rdpncy1-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/2jvvwqz16hj2c5ws0xa46x98fvl9m90m-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file
/gnu/store/bxy1hwriqzdw6xk7bl28qfsw4s1s5xdq-bash-static-4.3.48/bin/bash matches
Binary file
/gnu/store/3chnjjkazbv0fqbshrwahq7c3zfg42s8-ncurses-6.0/lib/libncursesw.so.6.0
matches
Binary file
/gnu/store/3chnjjkazbv0fqbshrwahq7c3zfg42s8-ncurses-6.0/lib/libncursesw.a
matches
Binary file
/gnu/store/my7f7fq2ca5rqq4wyyrg20cw2bjrj2l4-ncurses-6.0/lib/libncursesw.so.6.0
matches
Binary file
/gnu/store/my7f7fq2ca5rqq4wyyrg20cw2bjrj2l4-ncurses-6.0/lib/libncursesw.a
matches
Binary file /gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/gcc
matches
Binary file
/gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-gcc-4.9.3
matches
Binary file
/gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-c++
matches
Binary file
/gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-gcc
matches
Binary file /gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/g++
matches
Binary file
/gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-g++
matches
Binary file /gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/cpp
matches
Binary file /gnu/store/dmz9v8bmxd3davz77s4b10pmpmjnv98a-gcc-4.9.3/bin/c++
matches
Binary file
/gnu/store/fjsaprcdmdn39pk39jrhbby1jl5i8rp5-xorg-server-1.18.1/bin/Xorg matches
Binary file /gnu/store/mz301kb7wqvyl9kxil4bpn8ng99ikgqy-glibc-2.23/sbin/sln
matches
Binary file
/gnu/store/mz301kb7wqvyl9kxil4bpn8ng99ikgqy-glibc-2.23/lib/libc-2.23.so matches
Binary file /gnu/store/mz301kb7wqvyl9kxil4bpn8ng99ikgqy-glibc-2.23/lib/libc.a
matches
Binary file /gnu/store/mz301kb7wqvyl9kxil4bpn8ng99ikgqy-glibc-2.23/bin/locale
matches
Binary file
/gnu/store/mz301kb7wqvyl9kxil4bpn8ng99ikgqy-glibc-2.23/bin/localedef matches
Binary file
/gnu/store/slhwk75g7d8bywpq2hifs7g9fxr6jx3d-bash-static-4.3.48/bin/bash matches
Binary file
/gnu/store/qjsmp5s85qrba18fxf319m5lv7f8awf8-graphviz-2.38.0/bin/lefty matches
Binary file
/gnu/store/6ddfp4pwlrxc5jdgf17ddh4m5wi1cldy-xorg-server-1.18.1/bin/Xorg matches
Binary file /gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/gcc
matches
Binary file
/gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-gcc-4.9.3
matches
Binary file
/gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-c++
matches
Binary file
/gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-gcc
matches
Binary file /gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/g++
matches
Binary file
/gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/x86_64-unknown-linux-gnu-g++
matches
Binary file /gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/cpp
matches
Binary file /gnu/store/zav1zqwmzzz5xk71v22i7n6qidwh49in-gcc-4.9.3/bin/c++
matches
Binary file
/gnu/store/xl19qrfzga52vrvp4ncccwjlnrjqwj95-ncurses-6.0/lib/libncursesw.so.6.0
matches
Binary file
/gnu/store/xl19qrfzga52vrvp4ncccwjlnrjqwj95-ncurses-6.0/lib/libncursesw.a
matches
Binary file
/gnu/store/kh3awka9xslyp52dldb3gma47rr0kp2x-xorg-server-1.18.1/bin/Xorg matches
Binary file
/gnu/store/121596cgx25s8zcl3yznyh2vh1f842ni-babl-0.1.18/lib/libbabl-0.1.so.0.117.1
matches
Binary file
/gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-gcc-6.2.0
matches
Binary file /gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/gcc
matches
Binary file
/gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-c++
matches
Binary file
/gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-gcc
matches
Binary file /gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/g++
matches
Binary file
/gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-g++
matches
Binary file /gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/cpp
matches
Binary file /gnu/store/srfjnfkmjkc4xcld311xsdvhng08mmpi-gcc-6.2.0/bin/c++
matches
Binary file
/gnu/store/j4q20kwzd5g1d3gv419692k66ghfzymz-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/mdc84lh0mfzw9n404cnzi9l1l8qr7a4r-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/8mj5yd1z936j64sdpx3hbqi3qkdif0c4-alsa-lib-1.0.27.1/lib/libasound.so.2.0.0
matches
Binary file
/gnu/store/ninvaqcyhm6s11yp97m17h2i1q3aj24s-recode-3.7.0.201402/lib/librecode.a
matches
Binary file
/gnu/store/ninvaqcyhm6s11yp97m17h2i1q3aj24s-recode-3.7.0.201402/lib/librecode.so.0.0.0
matches
Binary file
/gnu/store/kjybzn7az86n1qzxcm8zdz2gaypp4az6-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file
/gnu/store/cl2vwkvmk60s7vpamivpclzgyfxlb7wx-graphviz-2.38.0/bin/lefty matches
Binary file /gnu/store/qc8qg71k1b7gizqxa785c6ls71i8qk6d-units-2.13/bin/units
matches
Binary file
/gnu/store/sj8ygx2yz58hn1142yjjsb34sql4b9xr-unixodbc-2.3.4/lib/libodbcinst.so.2.0.0
matches
Binary file
/gnu/store/sj8ygx2yz58hn1142yjjsb34sql4b9xr-unixodbc-2.3.4/lib/libodbc.so.2.0.0
matches
Binary file
/gnu/store/571c58j8f06x8svykg4n5s0ip36kna5c-util-linux-2.27/lib/libuuid.so.1.3.0
matches
Binary file
/gnu/store/1i3xmm18dw9kq6wi46f6sj9nxy9pckjl-alsa-lib-1.0.27.1/lib/libasound.so.2.0.0
matches
Binary file
/gnu/store/x1kh4kkifc3f4gnlwvfgk53fm2zhfhmm-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/fnw55giyr1gnqyyw5yx4hf96mlrkp603-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/mj727bz0l8afmn97l8gsc5wh30jnql8s-babl-0.1.18/lib/libbabl-0.1.so.0.117.1
matches
Binary file
/gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-gcc-6.2.0
matches
Binary file /gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/gcc
matches
Binary file
/gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-c++
matches
Binary file
/gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-gcc
matches
Binary file /gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/g++
matches
Binary file
/gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/x86_64-unknown-linux-gnu-g++
matches
Binary file /gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/cpp
matches
Binary file /gnu/store/0m908gszml9bb6vkikbzdqpslah2a1db-gcc-6.2.0/bin/c++
matches
Binary file
/gnu/store/lqybibdq19q6ypm29p9p9s9ns0s66n0b-recode-3.7.0.201402/lib/librecode.a
matches
Binary file
/gnu/store/lqybibdq19q6ypm29p9p9s9ns0s66n0b-recode-3.7.0.201402/lib/librecode.so.0.0.0
matches
Binary file
/gnu/store/pxdl28wbikj2jy0jjldmii245gcsh5fq-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file /gnu/store/lhxgw5ynrccx9vvk9jx2k9pdsgq0yxm3-units-2.13/bin/units
matches
Binary file
/gnu/store/cji1mwp7n6zhdnpg73gighf3fvrh2gdi-ncurses-6.0/lib/libncursesw.so.6.0
matches
Binary file
/gnu/store/cji1mwp7n6zhdnpg73gighf3fvrh2gdi-ncurses-6.0/lib/libncursesw.a
matches
Binary file
/gnu/store/1rcsqn8h2xwmgdra3zr33xv73d44wf1s-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file
/gnu/store/iiakyhsw889rvv3ghk6jl3mfdrs1wfan-fontconfig-2.11.94/lib/libfontconfig.so.1.9.0
matches
Binary file
/gnu/store/zb3kh929v8yhkyg3sn8405zj4x49aza4-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/mkq7h60l1kx4hjclsrd0nbz8v4mnx4lv-gnuplot-5.0.4-1/bin/gnuplot matches
Binary file
/gnu/store/4vhgx5xkbx0x7gnph9fq3c581rnj5ynq-libgphoto2-2.5.2/lib/libgphoto2/2.5.2/konica.so
matches
Binary file
/gnu/store/r6kwxzban57ghxsy8p8dqjvym6vnb2nz-graphviz-2.38.0/bin/lefty matches
/gnu/store/lwxifldgdyyzd83510nzf1qffpzxbdyl-guix-0.11.0-1.4420/share/guile/site/2.0/gnu/packages/package-management.scm:
(uri (string-append "mirror://gnu/stow/stow-"
Binary file
/gnu/store/lwxifldgdyyzd83510nzf1qffpzxbdyl-guix-0.11.0-1.4420/share/guile/site/2.0/gnu/packages/package-management.go
matches
Binary file
/gnu/store/zslzcw2wg6xylwwr9hcx2sbal0bm6kjx-util-linux-2.27/lib/libuuid.so.1.3.0
matches
