Package: pike7.8 Version: 7.8.700-7 Usertags: goto-cc During a rebuild of all Debian packages in a clean sid chroot (using cowbuilder and pbuilder) the build failed with the following error. Please note that we use our research compiler tool-chain (using tools from the cbmc package), which permits extended reporting on type inconsistencies at link time.
[...] #### Making dynamic: modules/_Image_JPEG Compiling modules/_Image_JPEG/image_jpeg.c Compiling modules/_Image_JPEG/transupp.c Linking _Image_JPEG error: conflicting function declarations "jpeg_set_colorspace" old definition in module image_jpeg file /usr/include/jpeglib.h line 968 void (struct jpeg_compress_struct *, int) new definition in module transupp file /usr/include/jpeglib.h line 968 void (struct jpeg_compress_struct *, int) reason for conflict at (*#this[0]->mem->alloc_small)[2] in types listed below (unsignedbv/unsignedbv): unsigned long int unsigned int Linking failed: /srv/jenkins-slave/workspace/sid-goto-cc-pike7.8/pike7.8-7.8.700/bin/smartlink gcc -shared -o module.so image_jpeg.o transupp.o -Wl,-z,relro -Wl,--as-needed -L/srv/jenkins-slave/workspace/sid-goto-cc-pike7.8/pike7.8-7.8.700/build/linux-3.2.0-4-amd64-x86_64/bundles/lib64 -L/srv/jenkins-slave/workspace/sid-goto-cc-pike7.8/pike7.8-7.8.700/build/linux-3.2.0-4-amd64-x86_64/bundles/lib/64 -L/srv/jenkins-slave/workspace/sid-goto-cc-pike7.8/pike7.8-7.8.700/build/linux-3.2.0-4-amd64-x86_64/bundles/lib/. -L/usr/lib/gcc/x86_64-linux-gnu/4.8 -R/usr/lib/gcc/x86_64-linux-gnu/4.8 -L/usr/lib/x86_64-linux-gnu -R/usr/lib/x86_64-linux-gnu -L/lib/x86_64-linux-gnu -R/lib/x86_64-linux-gnu -ldl -lrt -lnsl -lm -lpthread -lcrypt -ljpeg /usr/lib/gcc/x86_64-linux-gnu/4.8/libgcc.a -lc /usr/lib/gcc/x86_64-linux-gnu/4.8/libgcc.a Makefile:457: recipe for target 'module.so' failed make[7]: *** [module.so] Error 1 Makefile:108: recipe for target 'all' failed make[6]: *** [all] Error 2 Makefile:103: recipe for target '_Image_JPEG' failed make[5]: *** [_Image_JPEG] Error 1 Makefile:1190: recipe for target 'dynamic_module_objects' failed make[4]: *** [dynamic_module_objects] Error 1 Makefile:1210: recipe for target 'module_objects' failed make[3]: *** [module_objects] Error 2 Makefile:151: recipe for target '_make_in_builddir' failed make[2]: *** [_make_in_builddir] Error 2 Makefile:68: recipe for target 'compile' failed make[1]: *** [compile] Error 2 Let me give a brief explanation of the report: the second parameter of the alloc_small function pointer differs in its type, i.e., one declaration has unsigned long int whereas the other has unsigned int. This will lead to undefined behaviour when invoked from here: http://sources.debian.net/src/pike7.8/7.8.700-7/src/modules/_Image_JPEG/transupp.c?hl=1205#L1205 as several bytes of the argument then picked up by the implementation of alloc_small, which may be this one: http://sources.debian.net/src/libjpeg8/8d-2/jmemmgr.c?hl=258#L258 are undefined - and big endian systems will likely end up with a completely messed up value. Thus arbitrary amounts of memory will be allocated! The reason for this conflict lies in line 40 of transupp.c: http://sources.debian.net/src/pike7.8/7.8.700-7/src/modules/_Image_JPEG/transupp.c?hl=40#L40 This is an absolute no-go as it will mess up any function declaration using size_t for systems where size_t is not unsigned int, such as our presently most popular platform amd64, to cause undefined behaviour. Best, Michael
pgpt4NfPU5tB5.pgp
Description: PGP signature
