Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
* Geert Uytterhoeven[160328 10:33]: > > I really don't want to add another patch except for critical issues > > (and that are likely to be applied to 2.3) at this point - so ... No. > > "tail call overwriting the (non-existing) argument" sounds like a security > issue that may be exploitable, even on non-m68k. If you think this is a security issue, please talk to upstream and/or security@ to get a CVE assigned, so this is fixed not just in Debian. -- ,''`. Christian Hofstaedtler : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
Geert Uytterhoevenwrites: > "tail call overwriting the (non-existing) argument" sounds like a security > issue that may be exploitable, even on non-m68k. It's only a problem if the argument is passed on the stack. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
On 03/28/2016 01:18 AM, Christian Hofstaedtler wrote: >> The PTS says "LowNMU" for ruby2.3 which clearly means "Do an NMU without >> asking if you want to fix something" [1]. If that's not what you want, >> don't use that tag. > > You're mistaken. The "tag" is per-maintainer, and you need to look > up the exact policy the maintainer has expressed on the wiki page > you've linked to. Then this needs to be fixed. Having "LowNMU" on the PTS page of a package which is *not* LowNMU is highly misleading. But as Geert said, this might even be a security issue. Cheers, Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
On Mon, Mar 28, 2016 at 1:08 AM, Christian Hofstaedtlerwrote: > * John Paul Adrian Glaubitz [160327 23:00]: >> Here's an updated patch which contains the actual changes that upstream >> committed to the git repository to close the upstream bug 12118 [1]. >> >> Would be possible to cherry-pick this fix from upstream until the >> changes have been backported to ruby2.3? > > We're waiting for a whole list of more important issues to be > backported to the 2.3 branch (there haven't been any backports or > point releases so far). > > I really don't want to add another patch except for critical issues > (and that are likely to be applied to 2.3) at this point - so ... No. "tail call overwriting the (non-existing) argument" sounds like a security issue that may be exploitable, even on non-m68k. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
On 03/28/2016 01:08 AM, Christian Hofstaedtler wrote: > We're waiting for a whole list of more important issues to be > backported to the 2.3 branch (there haven't been any backports or > point releases so far). That's ok. > I really don't want to add another patch except for critical issues > (and that are likely to be applied to 2.3) at this point - so ... No. > > Please pursuade upstream into backporting this. I already did. >> I'd be happy to perform >> an NMU as well to fix the issue. I assume that should be okay since >> ruby2,3 is LowNMU? > > You're misreading what the PTS says and what the actual case is. The PTS says "LowNMU" for ruby2.3 which clearly means "Do an NMU without asking if you want to fix something" [1]. If that's not what you want, don't use that tag. Adrian > [1] https://wiki.debian.org/LowThresholdNmu -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
* John Paul Adrian Glaubitz[160328 01:16]: > >> I'd be happy to perform > >> an NMU as well to fix the issue. I assume that should be okay since > >> ruby2,3 is LowNMU? > > > > You're misreading what the PTS says and what the actual case is. > > The PTS says "LowNMU" for ruby2.3 which clearly means "Do an NMU without > asking if you want to fix something" [1]. If that's not what you want, > don't use that tag. You're mistaken. The "tag" is per-maintainer, and you need to look up the exact policy the maintainer has expressed on the wiki page you've linked to. > > [1] https://wiki.debian.org/LowThresholdNmu -- ,''`. Christian Hofstaedtler : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
* John Paul Adrian Glaubitz[160327 23:00]: > Here's an updated patch which contains the actual changes that upstream > committed to the git repository to close the upstream bug 12118 [1]. > > Would be possible to cherry-pick this fix from upstream until the > changes have been backported to ruby2.3? We're waiting for a whole list of more important issues to be backported to the 2.3 branch (there haven't been any backports or point releases so far). I really don't want to add another patch except for critical issues (and that are likely to be applied to 2.3) at this point - so ... No. Please pursuade upstream into backporting this. > I'd be happy to perform > an NMU as well to fix the issue. I assume that should be okay since > ruby2,3 is LowNMU? You're misreading what the PTS says and what the actual case is. > Attaching the updated and cleaned up patch in any case. Thanks. -- ,''`. Christian Hofstaedtler : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
Hi! Here's an updated patch which contains the actual changes that upstream committed to the git repository to close the upstream bug 12118 [1]. Would be possible to cherry-pick this fix from upstream until the changes have been backported to ruby2.3? I'd be happy to perform an NMU as well to fix the issue. I assume that should be okay since ruby2,3 is LowNMU? Attaching the updated and cleaned up patch in any case. Adrian > [1] https://bugs.ruby-lang.org/issues/12118 -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 Description: Cherry-picked updates for upstream bug 12118 Upstream has improved the stack allocator and fixed the function prototype for rb_locale_charmap_index in localeinit.c. Both changes are necessary to fix the build on m68k. Upstream bug: https://bugs.ruby-lang.org/issues/12118 Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816077 . --- ruby2.3-2.3.0.orig/localeinit.c +++ ruby2.3-2.3.0/localeinit.c @@ -89,7 +89,7 @@ enc_find_index(const char *name) } int -rb_locale_charmap_index(VALUE klass) +rb_locale_charmap_index(void) { return (int)locale_charmap(enc_find_index); } --- ruby2.3-2.3.0.orig/thread_pthread.c +++ ruby2.3-2.3.0/thread_pthread.c @@ -690,17 +690,31 @@ reserve_stack(volatile char *limit, size const volatile char *end = buf + sizeof(buf); limit += size; if (limit > end) { - size = limit - end; - limit = alloca(size); - limit[stack_check_margin+size-1] = 0; + /* |<-bottom (=limit(a)) top->| +* | .. |<-buf 256B |<-end | stack check | +* | 256B | =size= | margin (4KB)| +* | =size= limit(b)->| 256B | | +* || alloca(sz) || | +* | .. |<-buf |<-limit(c)[sz-1]->0> | | +*/ + size_t sz = limit - end; + limit = alloca(sz); + limit[sz-1] = 0; } } else { limit -= size; if (buf > limit) { - limit = alloca(buf - limit); - limit[0] = 0; /* ensure alloca is called */ - limit -= stack_check_margin; + /* |<-top (=limit(a)) bottom->| +* | .. | 256B buf->| | stack check | +* | 256B | =size= | margin (4KB)| +* | =size= limit(b)->| 256B | | +* || alloca(sz) || | +* | .. | buf->| limit(c)-><0> | | +*/ + size_t sz = buf - limit; + limit = alloca(sz); + limit[0] = 0; } } }
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
Control: tags -1 +patch Control: forwarded -1 https://bugs.ruby-lang.org/issues/12118 Hi! Andreas Schwab just provided an updated patch which actually fixes the problem, I was now able to build ruby2.3 successfully on m68k. Attaching the patch. Upstream has also implemented some changes to address the issue [1] but I haven't tested the upstream changes yet. Adrian > [1] https://bugs.ruby-lang.org/issues/12118 -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 Index: ruby-2.3.0/localeinit.c === --- ruby-2.3.0.orig/localeinit.c +++ ruby-2.3.0/localeinit.c @@ -89,7 +89,7 @@ enc_find_index(const char *name) } int -rb_locale_charmap_index(VALUE klass) +rb_locale_charmap_index(void) { return (int)locale_charmap(enc_find_index); } Index: ruby-2.3.0/thread_pthread.c === --- ruby-2.3.0.orig/thread_pthread.c +++ ruby-2.3.0/thread_pthread.c @@ -691,16 +691,15 @@ reserve_stack(volatile char *limit, size limit += size; if (limit > end) { size = limit - end; - limit = alloca(size); + limit = alloca(stack_check_margin+size); limit[stack_check_margin+size-1] = 0; } } else { limit -= size; if (buf > limit) { - limit = alloca(buf - limit); + limit = alloca(buf - limit + stack_check_margin); limit[0] = 0; /* ensure alloca is called */ - limit -= stack_check_margin; } } }
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
On 02/27/2016 09:52 AM, John Paul Adrian Glaubitz wrote: > I rememeber we had a similar issue on ruby2.2, so it might be possbible that > the patch suggested by Andreas Schwab back then [2] might help. Ok, this patch doesn't help for ruby2.3. The problem still persists. So, apparently, this is a different issue. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#816077: ruby2.3: FTBFS on m68k - Segmentation fault at 0x5f583332
Source: ruby2.3 Version: 2.3.0-2 Severity: normal User: debian-...@lists.debian.org Usertags: m68k Hi! ruby2.3 currently fails to build from source with a segmentation fault late in the build process while running 'make install' [1]: ./miniruby -I./lib -I. -I.ext/common ./tool/runruby.rb --extout=.ext -- --disable-gems -r./m68k-linux-gnu-fake ./tool/rbinstall.rb --make="/usr/bin/make" --dest-dir="/<>/debian/tmp" --extout=".ext" --mflags="-w" --make-flags="w -- DESTDIR=/<>/debian/tmp" --data-mode=0644 --prog-mode=0755 --installed-list .installed.list --mantype="doc" installing binary commands: /usr/bin /<>/lib/fileutils.rb:250: [BUG] Segmentation fault at 0x5f583332 ruby 2.3.0p0 (2015-12-25) [m68k-linux-gnu] I rememeber we had a similar issue on ruby2.2, so it might be possbible that the patch suggested by Andreas Schwab back then [2] might help. Anyone wants to have a look? Adrian > [1] https://people.debian.org/~glaubitz/ruby2.3_2.3.0-2_m68k-20160226-1719 > [2] https://lists.debian.org/debian-68k/2015/11/msg00057.html