Bug#860751: Bug#860695: win32-loader: FTBFS on i386: segmentation fault
On Thu, Apr 20, 2017 at 05:11:17PM +0200, Bernhard Übelacker wrote: > Hello, > this seems to be the same problem seen in #391051 for regular > expressions (collect_RE). > > In this bug we overrun the size limit of string_buff (tempbuff._string_buff) > in function collect_string. > > Attached patch adds a similar check like in #391051 to collect_string. hmm - upstream mawk makes 7 checks like this in scan.c start here: https://github.com/ThomasDickey/mawk-snapshots/blob/master/scan.c#L72 -- Thomas E. Dickeyhttp://invisible-island.net ftp://invisible-island.net signature.asc Description: Digital signature
Bug#860751: Bug#860695: win32-loader: FTBFS on i386: segmentation fault
Hello, this seems to be the same problem seen in #391051 for regular expressions (collect_RE). In this bug we overrun the size limit of string_buff (tempbuff._string_buff) in function collect_string. Attached patch adds a similar check like in #391051 to collect_string. With that applied the build of win32-loader would fail with this message: awk: line 1: regular expression /grub2 ... exceeds implementation size limit Kind regards, Bernhard (gdb) print sizeof(tempbuff._string_buff) $1 = 400 (gdb) watch tempbuff._string_buff[399] ... Hardware watchpoint 1: tempbuff._string_buff[399] Old value = 0 '\000' New value = 100 'd' 0x80004c60 in collect_string () at scan.c:985 985 switch (scan_code[*p++ = next()]) (gdb) bt #0 0x80004c60 in collect_string () at scan.c:985 #1 yylex () at scan.c:651 #2 0x80002088 in yyparse () at y.tab.c:1735 #3 0x80003f15 in parse () at parse.y:1368 #4 0x8000188c in main (argc=3, argv=0xb274) at main.c:63 From b7bea87e72ee6a72691e1fa54d2a4555c9698026 Mon Sep 17 00:00:00 2001 From: rootDate: Thu, 20 Apr 2017 16:54:05 +0200 Subject: Do not crash if argument is too long for our buffer This patch modifies collect_string and is a copy of the patch added to fix collect_RE in these bugs: https://bugs.launchpad.net/bug/23494 https://bugs.debian.org/391051 Bug-Debian: https://bugs.debian.org/860751 --- scan.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/scan.c b/scan.c index ef4df50..e343890 100644 --- a/scan.c +++ b/scan.c @@ -982,6 +982,15 @@ collect_string() int e_flag = 0 ; /* on if have an escape char */ while (1) + { + if (p >= string_buff + MIN_SPRINTF - 2) + { + compile_error( + "regular expression /%.10s ..." + " exceeds implementation size limit", + string_buff) ; + mawk_exit(2) ; + } switch (scan_code[*p++ = next()]) { case SC_DQUOTE: /* done */ @@ -1016,6 +1025,7 @@ collect_string() default: break ; } + } out: yylval.ptr = (PTR) new_STRING( -- 2.11.0
Bug#860695: win32-loader: FTBFS on i386: segmentation fault
Control: clone -1 -2 Control: reassign -2 mawk 1.3.3-17 Control: reopen -2 o...@debian.org Control: retitle -2 mawk: segfaults on i386 during win32-loader build Control: severity -2 serious Le mercredi, 19 avril 2017, 17.31:26 h CEST Didier 'OdyX' Raboud a écrit : > Le mercredi, 19 avril 2017, 15.44:00 h CEST Sven Joachim a écrit : > > >> Relevant part (hopefully): > > > Actually: > > >> > # Prepare the README file > > >> > awk > > >> > (…) > > >> > Segmentation fault > > > > > > `awk` segfaults here. This seems to be an awk bug, or problem. Is the > > > command- line for it too long, or is it something else? > > > > Possibly it's the same problem as #158481. A workaround is to use > > original-awk or gawk instead of awk (and build-depend on it, of course). > > > > I don't feel like debugging this issue, since mawk in Debian is > > unmaintained. :-( > > Thanks for the information; I've successfully reproduced the awk segfault in > a i386 porterbox, and I can confirm the gawk replacement fixes that. Hereby cloning, reopening and reassigning to mawk, with a severity: serious. Will see if I can reproduce with a simpler test-case. Cheers, OdyX signature.asc Description: This is a digitally signed message part.
Bug#860695: win32-loader: FTBFS on i386: segmentation fault
Control: tags -1 -moreinfo +pending Le mercredi, 19 avril 2017, 15.44:00 h CEST Sven Joachim a écrit : > >> Relevant part (hopefully): > > Actually: > >> > # Prepare the README file > >> > awk > >> > (…) > >> > Segmentation fault > > > > `awk` segfaults here. This seems to be an awk bug, or problem. Is the > > command- line for it too long, or is it something else? > > Possibly it's the same problem as #158481. A workaround is to use > original-awk or gawk instead of awk (and build-depend on it, of course). > > I don't feel like debugging this issue, since mawk in Debian is > unmaintained. :-( Thanks for the information; I've successfully reproduced the awk segfault in a i386 porterbox, and I can confirm the gawk replacement fixes that. I will upload a simple fix later today. -- OdyX signature.asc Description: This is a digitally signed message part.
Bug#860695: win32-loader: FTBFS on i386: segmentation fault
On 2017-04-19 13:32 +0200, Didier 'OdyX' Raboud wrote: > Control: tags -1 +moreinfo +help > > Le mercredi, 19 avril 2017, 09.28:30 h CEST Lucas Nussbaum a écrit : >> During a rebuild of all packages in stretch (in a stretch chroot, not a >> sid chroot), your package failed to build on i386. > > win32-loader is a arch:all package, and is "usually" built on amd64 buildds, > on which it builds fine. This i386-specific FTBFS has been visible through > the > reproducible builds infrastructure for a while: > > > https://tests.reproducible-builds.org/debian/rb-pkg/testing/i386/win32-loader.html > >> Relevant part (hopefully): > > Actually: > >> > # Prepare the README file >> > awk >> > '{sub(/@PACKAGES_LIST@/,"grub2 2.02~beta3-5 >> > http://ftp.debian.org/debian/pool/main/g/grub2\ncpio >> > 2.11+dfsg-6 http://ftp.debian.org/debian/pool/main/c/cpi >> > o\ngzip 1.6-5 http://ftp.debian.o >> > rg/debian/pool/main/g/gzip\ngnupg22.1.18-6 >> > http://ftp.debian.org/debian/pool/main/g/gnupg2\ndebian-archive-keyr >> > ing2014.3http://ftp.debian.org/debian/pool/main/d/ >> > debian-archive-keyring\nloadlin 1.6f-5 >> > http://ftp.debian.org/debian/pool/main/l/loadlin\nipxe >> > 1.0.0+git-20161027.b991c6 >> > http://ftp.debian.org/debian/pool/main/i/ipxe\nnsis >> > 2.51-1http://ftp.debian.org/debian/pool/main/n/nsis\nl >> > ibgcrypt20 1.7.6-1 http://ftp.debian.org/d >> > ebian/pool/main/l/libgcrypt20\nlibgpg-error 1.26-2 >> > http://ftp.debian.org/debian/pool/main/l/libgpg-error\n;)}1 \ >> > {sub(/@NSIS_VERSION@/,"2.51-1+b1")}1 \ >> > {sub(/@W32_VERSION@/,"0.8.2")}1' \ >> > debian/win32-loader_doc.txt > win32-loader_0.8.2_all.txt >> > Segmentation fault > > `awk` segfaults here. This seems to be an awk bug, or problem. Is the command- > line for it too long, or is it something else? Possibly it's the same problem as #158481. A workaround is to use original-awk or gawk instead of awk (and build-depend on it, of course). I don't feel like debugging this issue, since mawk in Debian is unmaintained. :-( Cheers, Sven
Bug#860695: win32-loader: FTBFS on i386: segmentation fault
Control: tags -1 +moreinfo +help Le mercredi, 19 avril 2017, 09.28:30 h CEST Lucas Nussbaum a écrit : > During a rebuild of all packages in stretch (in a stretch chroot, not a > sid chroot), your package failed to build on i386. win32-loader is a arch:all package, and is "usually" built on amd64 buildds, on which it builds fine. This i386-specific FTBFS has been visible through the reproducible builds infrastructure for a while: https://tests.reproducible-builds.org/debian/rb-pkg/testing/i386/win32-loader.html > Relevant part (hopefully): Actually: > > # Prepare the README file > > awk > > '{sub(/@PACKAGES_LIST@/,"grub2 2.02~beta3-5 > > http://ftp.debian.org/debian/pool/main/g/grub2\ncpio > > 2.11+dfsg-6 http://ftp.debian.org/debian/pool/main/c/cpi > > o\ngzip 1.6-5 http://ftp.debian.o > > rg/debian/pool/main/g/gzip\ngnupg22.1.18-6 > > http://ftp.debian.org/debian/pool/main/g/gnupg2\ndebian-archive-keyr > > ing2014.3http://ftp.debian.org/debian/pool/main/d/ > > debian-archive-keyring\nloadlin 1.6f-5 > > http://ftp.debian.org/debian/pool/main/l/loadlin\nipxe > > 1.0.0+git-20161027.b991c6 > > http://ftp.debian.org/debian/pool/main/i/ipxe\nnsis > > 2.51-1http://ftp.debian.org/debian/pool/main/n/nsis\nl > > ibgcrypt20 1.7.6-1 http://ftp.debian.org/d > > ebian/pool/main/l/libgcrypt20\nlibgpg-error 1.26-2 > > http://ftp.debian.org/debian/pool/main/l/libgpg-error\n;)}1 \ > > {sub(/@NSIS_VERSION@/,"2.51-1+b1")}1 \ > > {sub(/@W32_VERSION@/,"0.8.2")}1' \ > > debian/win32-loader_doc.txt > win32-loader_0.8.2_all.txt > > Segmentation fault `awk` segfaults here. This seems to be an awk bug, or problem. Is the command- line for it too long, or is it something else? Cheers, OdyX signature.asc Description: This is a digitally signed message part.
Bug#860695: win32-loader: FTBFS on i386: segmentation fault
Source: win32-loader Version: 0.8.2 Severity: serious Tags: stretch sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20170418-i386 qa-ftbfs Justification: FTBFS in stretch on i386 Hi, During a rebuild of all packages in stretch (in a stretch chroot, not a sid chroot), your package failed to build on i386. Relevant part (hopefully): > make[3]: Entering directory '/<>/l10n' > gcc -DTEXTDOMAINDIR=\"/<>/l10n/locale\" win32-loader.c -o > win32-loader > xgettext --msgid-bugs-address=win32-loa...@packages.debian.org > --from-code=utf-8 -ctranslate --keyword=_ win32-loader.sh win32-loader.c -o > po/messages.pot > mkdir -p templates locale/ar/LC_MESSAGES > msgmerge -U po/ar.po po/messages.pot > done. > msgfmt -c --statistics -o locale/ar/LC_MESSAGES/win32-loader.mo po/ar.po > 66 translated messages. > LANGUAGE=ar ./win32-loader.sh > templates/ar.nsh > mkdir -p templates locale/be/LC_MESSAGES > msgmerge -U po/be.po po/messages.pot > done. > msgfmt -c --statistics -o locale/be/LC_MESSAGES/win32-loader.mo po/be.po > po/be.po:9: warning: header field 'Language' still has the initial default > value > 66 translated messages. > LANGUAGE=be ./win32-loader.sh > templates/be.nsh > mkdir -p templates locale/bg/LC_MESSAGES > msgmerge -U po/bg.po po/messages.pot > ... done. > msgfmt -c --statistics -o locale/bg/LC_MESSAGES/win32-loader.mo po/bg.po > 66 translated messages. > LANGUAGE=bg ./win32-loader.sh > templates/bg.nsh > mkdir -p templates locale/bs/LC_MESSAGES > msgmerge -U po/bs.po po/messages.pot > done. > msgfmt -c --statistics -o locale/bs/LC_MESSAGES/win32-loader.mo po/bs.po > 66 translated messages. > LANGUAGE=bs ./win32-loader.sh > templates/bs.nsh > mkdir -p templates locale/ca/LC_MESSAGES > msgmerge -U po/ca.po po/messages.pot > done. > msgfmt -c --statistics -o locale/ca/LC_MESSAGES/win32-loader.mo po/ca.po > 66 translated messages. > LANGUAGE=ca ./win32-loader.sh > templates/ca.nsh > mkdir -p templates locale/cs/LC_MESSAGES > msgmerge -U po/cs.po po/messages.pot > done. > msgfmt -c --statistics -o locale/cs/LC_MESSAGES/win32-loader.mo po/cs.po > 66 translated messages. > LANGUAGE=cs ./win32-loader.sh > templates/cs.nsh > mkdir -p templates locale/da/LC_MESSAGES > msgmerge -U po/da.po po/messages.pot > done. > msgfmt -c --statistics -o locale/da/LC_MESSAGES/win32-loader.mo po/da.po > 66 translated messages. > LANGUAGE=da ./win32-loader.sh > templates/da.nsh > mkdir -p templates locale/de/LC_MESSAGES > msgmerge -U po/de.po po/messages.pot > ... done. > msgfmt -c --statistics -o locale/de/LC_MESSAGES/win32-loader.mo po/de.po > po/de.po:8: warning: header field 'Language' still has the initial default > value > 66 translated messages. > LANGUAGE=de ./win32-loader.sh > templates/de.nsh > mkdir -p templates locale/el/LC_MESSAGES > msgmerge -U po/el.po po/messages.pot > done. > msgfmt -c --statistics -o locale/el/LC_MESSAGES/win32-loader.mo po/el.po > 66 translated messages. > LANGUAGE=el ./win32-loader.sh > templates/el.nsh > mkdir -p templates > LANGUAGE=C ./win32-loader.sh > templates/en.nsh > mkdir -p templates locale/eo/LC_MESSAGES > msgmerge -U po/eo.po po/messages.pot > done. > msgfmt -c --statistics -o locale/eo/LC_MESSAGES/win32-loader.mo po/eo.po > 66 translated messages. > LANGUAGE=eo ./win32-loader.sh > templates/eo.nsh > mkdir -p templates locale/es/LC_MESSAGES > msgmerge -U po/es.po po/messages.pot > done. > msgfmt -c --statistics -o locale/es/LC_MESSAGES/win32-loader.mo po/es.po > po/es.po:36: warning: header field 'Language' still has the initial default > value > 66 translated messages. > LANGUAGE=es ./win32-loader.sh > templates/es.nsh > mkdir -p templates locale/eu/LC_MESSAGES > msgmerge -U po/eu.po po/messages.pot > done. > msgfmt -c --statistics -o locale/eu/LC_MESSAGES/win32-loader.mo po/eu.po > 43 translated messages, 13 fuzzy translations, 10 untranslated messages. > LANGUAGE=eu ./win32-loader.sh > templates/eu.nsh > mkdir -p templates locale/fa/LC_MESSAGES > msgmerge -U po/fa.po po/messages.pot > done. > msgfmt -c --statistics -o locale/fa/LC_MESSAGES/win32-loader.mo po/fa.po > 66 translated messages. > LANGUAGE=fa ./win32-loader.sh > templates/fa.nsh >