Bug#1127766: marked as done (kalign: autopkgtest failure with glibc 2.43 due to out of bounds access)

[Debian Bug Tracking System]

Your message dated Fri, 27 Feb 2026 08:23:36 +0000
with message-id <e1vvt8k-0000000ep8b-3...@fasolo.debian.org>
and subject line Bug#1127766: fixed in kalign 1:3.5.1-1
has caused the Debian Bug report #1127766,
regarding kalign: autopkgtest failure with glibc 2.43 due to out of bounds 
access
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1127766: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127766
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: kalign
Version: 1:3.4.0-1
Severity: important
Tags: upstream
User: debian-gl...@lists.debian.org
Usertags: glibc-2.43

Dear maintainer,

kalign autopkgtest fails when run against libc 2.43, currently in
experimental. From the autopkgtest log:

| 16s autopkgtest [07:28:25]: test run-unit-test: [-----------------------
| 16s TEST 1: Passing sequences via stdin
| 16s TEST 3: Combining multiple input files
| 16s /usr/bin/kalign: line 7:  2006 Segmentation fault         "${cmd}" "$@"
| 16s autopkgtest [07:28:25]: test run-unit-test: -----------------------]

...

| 16s autopkgtest [07:28:25]: @@@@@@@@@@@@@@@@@@@@ summary
| 16s run-unit-test        FAIL non-zero exit status 139

The problem happens in the bpm_block function:

| #0  bpm_block (t=0x560378764ba0 
"\002\003\t\004\001\002\t\002\a\004\006\b\005\a\b\003\003\b\t\004\006\002\001\003",
 p=<optimized out>, n=<optimized out>, m=<optimized out>) at ./lib/src/bpm.c:490
| #1  0x00005603684f6d7a in calc_distance (seq_a=<optimized out>, 
seq_b=<optimized out>, len_a=<optimized out>, len_b=len_b@entry=1034) at 
./lib/src/sequence_distance.c:182
| #2  0x00005603684f6ec6 in d_estimation._omp_fn.0 () at 
./lib/src/sequence_distance.c:143
| #3  0x00007f203b48b226 in GOMP_parallel (fn=0x5603684f6d90 
<d_estimation._omp_fn.0>, data=0x7ffdb080daf0, num_threads=4, flags=0) at 
../../../src/libgomp/parallel.c:178
| #4  0x00005603684f70cd in d_estimation (msa=msa@entry=0x560378760930, 
samples=samples@entry=0x5603787585f0, num_samples=4, pair=pair@entry=0) at 
./lib/src/sequence_distance.c:131
| #5  0x00005603684f5dcc in build_tree_kmeans (msa=msa@entry=0x560378760930, 
tasks=tasks@entry=0x7ffdb080dc08) at ./lib/src/bisectingKmeans.c:106
| #6  0x00005603684e917e in kalign_run (msa=0x560378760930, n_threads=4, 
type=5, gpo=-1, gpe=-1, tgpe=-1) at ./lib/src/aln_wrap.c:88
| #7  0x00005603684dfc1f in run_kalign (param=<optimized out>) at 
./src/run_kalign.c:355
| #8  main (argc=<optimized out>, argv=0x7ffdb080dde8) at ./src/run_kalign.c:326

The full autopkgtest log is available there:
https://ci.debian.net/data/autopkgtest/unstable/amd64/k/kalign/68413772/log.gz

After investigation, it happens that glibc 2.43 had some changes in the
malloc code, which trigger this bug. But the problem is also
reproducible even with glibc 2.42 using the address sanitizer, ie by
rebuilding kalign with the following patch and using nocheck (as the
testsuite fails with that patch):

--- kalign-3.4.0/debian/rules
+++ kalign-3.4.0/debian/rules
@@ -4,8 +4,8 @@
 
 include /usr/share/dpkg/default.mk
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-export DEB_CFLAGS_MAINT_APPEND+=-DSIMDE_ENABLE_OPENMP -fopenmp-simd -O3
-export DEB_CXXFLAGS_MAINT_APPEND+=-DSIMDE_ENABLE_OPENMP -fopenmp-simd -O3
+export DEB_CFLAGS_MAINT_APPEND+=-DSIMDE_ENABLE_OPENMP -fopenmp-simd -O3 
-fsanitize=address,undefined
+export DEB_CXXFLAGS_MAINT_APPEND+=-DSIMDE_ENABLE_OPENMP -fopenmp-simd -O3 
-fsanitize=address,undefined
 OBJ_DIR=obj-$(DEB_HOST_GNU_TYPE)
 prefix=$(CURDIR)/debian/$(DEB_SOURCE)/usr
 libexecdir=$(prefix)/lib/$(DEB_SOURCE)

This detects the following issues:
| /home/aurel32/kalign/kalign-3.4.0$ cat debian/tests/data/seqs* | 
./obj-x86_64-linux-gnu/src/kalign > /dev/null
| /home/aurel32/kalign/kalign-3.4.0/lib/src/bpm.c:490:42: runtime error: index 
190 out of bounds for type 'uint64_t [13][16]'
| /home/aurel32/kalign/kalign-3.4.0/lib/src/bpm.c:490:34: runtime error: load 
of address 0x7b44d0ffa0c0 with insufficient space for an object of type 
'uint64_t'
| 0x7b44d0ffa0c0: note: pointer points here
|  00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 
00 00 00 00  00 00 00 00
|               ^ 
| =================================================================
| ==1359334==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x7c44d5be0730 at pc 0x561002d5311f bp 0x7ffd9e0209b0 sp 0x7ffd9e0209a8
| READ of size 8 at 0x7c44d5be0730 thread T0
|     #0 0x561002d5311e in make_profile_n lib/src/aln_setup.c:79
|     #1 0x561002d48e3e in do_align lib/src/aln_run.c:133
|     #2 0x561002d48e3e in recursive_aln lib/src/aln_run.c:110
|     #3 0x7f44d73e590a  (/usr/lib/x86_64-linux-gnu/libgomp.so.1+0x1b90a) 
(BuildId: dbeba738dce8fc1f671f7d46defae08f2c29dccd)
|     #4 0x7f44d73eed8b  (/usr/lib/x86_64-linux-gnu/libgomp.so.1+0x24d8b) 
(BuildId: dbeba738dce8fc1f671f7d46defae08f2c29dccd)
|     #5 0x7f44d73ed697  (/usr/lib/x86_64-linux-gnu/libgomp.so.1+0x23697) 
(BuildId: dbeba738dce8fc1f671f7d46defae08f2c29dccd)
|     #6 0x561002d4f872 in create_msa_tree lib/src/aln_run.c:59
|     #7 0x561002d3fb01 in kalign_run lib/src/aln_wrap.c:116
|     #8 0x561002d0fe14 in run_kalign src/run_kalign.c:355
|     #9 0x561002d0fe14 in main src/run_kalign.c:326
|     #10 0x7f44d6be7f74  (/usr/lib/x86_64-linux-gnu/libc.so.6+0x29f74) 
(BuildId: c9a199fd28ea54b305ea35a8b25500a79bfe684a)
|     #11 0x7f44d6be8026 in __libc_start_main 
(/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a026) (BuildId: 
c9a199fd28ea54b305ea35a8b25500a79bfe684a)
|     #12 0x561002d10fb0 in _start 
(/home/aurel32/kalign/kalign-3.4.0/obj-x86_64-linux-gnu/src/kalign+0x10cfb0) 
(BuildId: 15ac21c781ce24c12cfc2adf1b8f9b519d7d5866)
| 
| 0x7c44d5be0730 is located 1336 bytes after 184-byte region 
[0x7c44d5be0140,0x7c44d5be01f8)
| allocated by thread T0 here:
|     #0 0x7f44d76310ab in malloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:67
|     #1 0x561002d43ee8 in aln_param_init lib/src/aln_param.c:24
| 
| SUMMARY: AddressSanitizer: heap-buffer-overflow lib/src/aln_setup.c:79 in 
make_profile_n
| Shadow bytes around the buggy address:
|   0x7c44d5be0480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
| =>0x7c44d5be0700: fa fa fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|   0x7c44d5be0980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
| Shadow byte legend (one shadow byte represents 8 application bytes):
|   Addressable:           00
|   Partially addressable: 01 02 03 04 05 06 07 
|   Heap left redzone:       fa
|   Freed heap region:       fd
|   Stack left redzone:      f1
|   Stack mid redzone:       f2
|   Stack right redzone:     f3
|   Stack after return:      f5
|   Stack use after scope:   f8
|   Global redzone:          f9
|   Global init order:       f6
|   Poisoned by user:        f7
|   Container overflow:      fc
|   Array cookie:            ac
|   Intra object redzone:    bb
|   ASan internal:           fe
|   Left alloca redzone:     ca
|   Right alloca redzone:    cb
| ==1359334==ABORTING

Note how the out of bounds issue happens at the same code location than
the crash found by GDB with glibc 2.43. I therefore believe that the
problem is in kalign and not in glibc 2.43. If the crash persists after
fixing the bug, please feel free to report a bug against glibc.

Regards
Aurelien

--- End Message ---

--- Begin Message ---

Source: kalign
Source-Version: 1:3.5.1-1
Done: Charles Plessy <ple...@debian.org>

We believe that the bug you reported is fixed in the latest version of
kalign, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1127...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Charles Plessy <ple...@debian.org> (supplier of updated kalign package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Feb 2026 17:00:20 +0900
Source: kalign
Architecture: source
Version: 1:3.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 
<debian-med-packag...@lists.alioth.debian.org>
Changed-By: Charles Plessy <ple...@debian.org>
Closes: 1127766
Changes:
 kalign (1:3.5.1-1) unstable; urgency=medium
 .
   * New upstream version, Closes: #1127766.
     Relicensed to Apache 2.0
   * Standards-Version: 4.7.3 (routine-update)
   * Remove Priority field to comply with Debian Policy 4.7.3 (routine-
     update)
   * Set upstream metadata fields: Documentation.
Checksums-Sha1:
 b3f028ee8409dfc69605d19886a882a8176dcc0f 1990 kalign_3.5.1-1.dsc
 0a41ce59eec1694915c4df603e2ff0baeb12b1a6 1348723 kalign_3.5.1.orig.tar.gz
 0aebe0fa2a8c4f03a454af9b6eb306a75f5087e7 12684 kalign_3.5.1-1.debian.tar.xz
 bc5da6812f74fe1e7da27929de53f1b790075570 6952 kalign_3.5.1-1_amd64.buildinfo
Checksums-Sha256:
 9c48543df9cc547a4ed9701bc9a9342415f92119a9f2c9764c8ecb938fb59ccb 1990 
kalign_3.5.1-1.dsc
 983bfd7da76010d59c3de3bae3d977cac78642c5eb061009dd12b11b9db5190d 1348723 
kalign_3.5.1.orig.tar.gz
 e33c1b13c89345fbfbe5657eaef496536f86484a31fdcf2d3f8a9b87b66493a4 12684 
kalign_3.5.1-1.debian.tar.xz
 2e9fbdb812fde20e48c770d1157f8ec2b64ae58a98ba10391cb2ac8163eedf04 6952 
kalign_3.5.1-1_amd64.buildinfo
Files:
 84bb4701a479a3d301d18f5c4a4d93ff 1990 science optional kalign_3.5.1-1.dsc
 f4d965f45b2865f5d2891acb451f5157 1348723 science optional 
kalign_3.5.1.orig.tar.gz
 5a2c33dd57f173cdedd273121a4afc1f 12684 science optional 
kalign_3.5.1-1.debian.tar.xz
 738d96772b86c543fe70ad7ecf49b4a8 6952 science optional 
kalign_3.5.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEc0cUmcxg7Z7ugFlGxb1sjyKV1QIFAmmhUJ0SHHBsZXNzeUBk
ZWJpYW4ub3JnAAoJEMW9bI8ildUCs5kQAI0G+RturXXcJwyLG5UKC58wmWPGc9Zw
XIyf95QDxaXtygBlYR4rnyIFIyYxEFbSb66516uZIebZffw8Wq6WOeFpHu9ogOuP
lzbOd7wYmFgk2VTYIZSoKzYFMd1g96QD0OqIFwvGd10YJOxaJ0gyATZuAvfLbYMj
smidUXXYEUWxrebf7wIhC7O3++2UkxrTRMmSZTHD6jlGh/xnOdUjQyFLjO2KsIjE
rhVs4u5c8nA1s5oBlWWYcQMoE3fYs3SCu2B6ZM0Jg9f34HJjsmuXRlv71VXQTvhf
zc6X7/UmX+IAKQWC8J1C+ZnCJAVTOpcYipXwm2RILxzmlLl2Hb4q3s2kA6Oa/nxm
qf8HSACjIj4SZVsLicXRoKB7X9/6dSyPxFW8AyavF/Vb8gxZ6YLOBc7oIeddnZcm
Xl2MQzDg9vHkzmQ5QcRGRckznwZL8pwEZHQHUOZA5q/jli4GryhZthd/I3YS+YXO
+dC0u5obzVr2kprf5s8LPwrw3gHKwHWmncZERn00Xd+SIIASj/ErsgFzsRd8oh2d
CtGbVN5Ta8X/fAVkM3HqAKVMJBChPnXXGeA3j4MUtDVCv5wFAdxBgGayEl0WEpot
weXSNUrIs6S2gzId3efWh3yI+2k+VmH5GpftT8qOKbzYJmJAKfusKC4wPIR0FUFY
B1ExRTqQaEtJ
=OY0S
-----END PGP SIGNATURE-----

pgpRigM0Fui7P.pgp
Description: PGP signature

--- End Message ---