Bug#1012704: libmath-bigint-perl: busy loop with bignum bitwise operations
On Fri, Feb 24, 2023 at 12:56:12PM +0100, Roland Rosenfeld wrote: > On Mo, 19 Sep 2022, Niko Tyni wrote: > > > The bug is not specific to any Perl versions but seems to be fully > > contained in Math::BigInt / Math::BigFloat. The versions of those > > modules that ship with Perl 5.34.0 (Math::BigInt 1.999818) and Perl > > 5.36.0 (Math::BigInt 1.999830) are not affected by the bug, but you > > have the newer separate libmath-bigint-perl package installed where the > > bug triggers. > > > > It seems to have regressed upstream around 1.999832 (where it started > > to spit errors) and 1.999834 (where the errors became infinite recursion.) > > The first version in Debian that had the bug was 1.999835-1, which > > fits your upgrade timeline. > > > > So I'm reassigning this once more. Also raising the severity as this looks > > rather Bad. > > Since it first wasn't clear to me (and maybe others): There are two > versions of Math::BigInt available in bookworm at the moment: > - 1.999830 in perl-modules-5.36 > - 1.999837 in libmath-bigint-perl > > Since 1.999837 breaks at least ipcalc, it may be better to remove > libmath-bigint-perl 1.999837 from bookworm than releasing with a > broken version. > > Since this means a fallback to 1.999830 from perl-modules-5.36, this > should not be an issue. Package: libmath-bigint-gmp-perl Version: 1.6011-2+b1 Depends: ..., libmath-bigint-perl (>= 1.999831) > Greetings > Roland cu Adrian
Bug#1012704: libmath-bigint-perl: busy loop with bignum bitwise operations
On Mo, 19 Sep 2022, Niko Tyni wrote: > The bug is not specific to any Perl versions but seems to be fully > contained in Math::BigInt / Math::BigFloat. The versions of those > modules that ship with Perl 5.34.0 (Math::BigInt 1.999818) and Perl > 5.36.0 (Math::BigInt 1.999830) are not affected by the bug, but you > have the newer separate libmath-bigint-perl package installed where the > bug triggers. > > It seems to have regressed upstream around 1.999832 (where it started > to spit errors) and 1.999834 (where the errors became infinite recursion.) > The first version in Debian that had the bug was 1.999835-1, which > fits your upgrade timeline. > > So I'm reassigning this once more. Also raising the severity as this looks > rather Bad. Since it first wasn't clear to me (and maybe others): There are two versions of Math::BigInt available in bookworm at the moment: - 1.999830 in perl-modules-5.36 - 1.999837 in libmath-bigint-perl Since 1.999837 breaks at least ipcalc, it may be better to remove libmath-bigint-perl 1.999837 from bookworm than releasing with a broken version. Since this means a fallback to 1.999830 from perl-modules-5.36, this should not be an issue. Greetings Roland
Bug#1012704: libmath-bigint-perl: busy loop with bignum bitwise operations
retitle 1012704 libmath-bigint-perl: busy loop with bignum bitwise operations severity 1012704 serious reassign 1012704 libmath-bigint-perl 1.999835-1 found 1012704 1.999837-1 tag 1012704 upstream thanks On Sun, Sep 18, 2022 at 12:14:06PM +0100, Klaus Ethgen wrote: > I was able to fix that bug by taking Math::BigInt and Math::BigFloat > from perl 5.36. They work seamless. > > I will reassign the bug to perl-modules. Thanks for the report. This boils down to % perl -Mbignum -e '1 | (1 >> 1)' Deep recursion on subroutine "Math::BigInt::bior" at /usr/share/perl5/Math/BigFloat.pm line 3883. Deep recursion on subroutine "Math::BigFloat::bior" at /usr/share/perl5/Math/BigInt.pm line 3513. Also happens with other bitwise operations like & and ^ . The bug is not specific to any Perl versions but seems to be fully contained in Math::BigInt / Math::BigFloat. The versions of those modules that ship with Perl 5.34.0 (Math::BigInt 1.999818) and Perl 5.36.0 (Math::BigInt 1.999830) are not affected by the bug, but you have the newer separate libmath-bigint-perl package installed where the bug triggers. It seems to have regressed upstream around 1.999832 (where it started to spit errors) and 1.999834 (where the errors became infinite recursion.) The first version in Debian that had the bug was 1.999835-1, which fits your upgrade timeline. So I'm reassigning this once more. Also raising the severity as this looks rather Bad. Would be great if (other) pkg-perl maintainers can pick this up from here and forward upstream etc. Otherwise I'll get to it eventually :) -- Niko Tyni nt...@debian.org
