Package: libqb
Version: 0.16.0.real-1
Severity: serious
Tags: sid patch
Justification: FTBFS
In an attempt to build libqb on mips/mipsel,
build failed on testing:
< make check-TESTS
< make[4]: Entering directory `/«PKGBUILDDIR»/tests'
< make[5]: Entering directory `/«PKGBUILDDIR»/tests'
< PASS: array.test
< PASS: map.test
< FAIL: rb.test
< PASS: log.test
< PASS: blackbox-segfault.sh
< PASS: loop.test
< PASS: ipc.test
< PASS: resources.test
< make[6]: Entering directory `/«PKGBUILDDIR»/tests'
< make[6]: Nothing to be done for `all'.
< make[6]: Leaving directory `/«PKGBUILDDIR»/tests'
< ==========================================================================
< Testsuite summary for libqb 0.16.0
< ==========================================================================
< # TOTAL: 8
< # PASS: 7
< # SKIP: 0
< # XFAIL: 0
< # FAIL: 1
< # XPASS: 0
< # ERROR: 0
< ==========================================================================
< See tests/test-suite.log
< Please report to quarterback-de...@fedorahosted.org
< ==========================================================================
< make[5]: *** [test-suite.log] Error 1
The full build logs are available from:
https://buildd.debian.org/status/fetch.php?pkg=libqb&arch=mips&ver=0.16.0.real-1&stamp=1375430864
https://buildd.debian.org/status/fetch.php?pkg=libqb&arch=mipsel&ver=0.16.0.real-1&stamp=1375430215
After I ran rb.test manually I got this error:
< Running suite(s): ringbuffer
< 75%: Checks: 4, Failures: 0, Errors: 1
< check_rb.c:82:E:test01:test_ring_buffer1:0: (after this point) Received < <
signal 11 (Segmentation fault)
< check_rb.c:123:P:test02:test_ring_buffer2:0: Passed
< check_rb.c:155:P:test03:test_ring_buffer3:0: Passed
< check_rb.c:183:P:test04:test_ring_buffer4:0: Passed
The problem is that test_ring_buffer1 in ./tests/check_rb.c,
at line:
< actual = qb_rb_chunk_read(rb, &hdr, 512, 0);
is attempting to read chunk from ring buffer
< qb_ringbuffer_t *rb
and store it into address of struct hdr
< struct qb_ipc_request_header hdr;
If the size of the chunk(90-93) is larger than size of the hdr (16),
it comes to overwriting memory during reading.
This test does not fail on some other architectures
because there is a possibility that my_buf is located after hdr,
< char my_buf[512];
and then the overwriting passes unnoticed.
A patch fixing this issue is attached.
Regards,
Dejan Latinović
Author: "Dejan Latinovic" <dejan.latino...@rt-rk.com>
Description: Fix for ring buffer test.
Index: libqb-0.16.0.real/tests/check_rb.c
===================================================================
--- libqb-0.16.0.real.orig/tests/check_rb.c 2013-12-09 14:28:57.000000000 +0000
+++ libqb-0.16.0.real/tests/check_rb.c 2013-12-09 14:31:15.000000000 +0000
@@ -57,8 +57,9 @@
hdr.id, "actually the line number", i,
__func__, __FILE__) + 1;
hdr.size += sizeof(struct qb_ipc_request_header);
+ memcpy(my_buf, &hdr, sizeof(struct qb_ipc_request_header));
avail = qb_rb_space_free(rb);
- actual = qb_rb_chunk_write(rb, &hdr, hdr.size);
+ actual = qb_rb_chunk_write(rb, my_buf, hdr.size);
if (avail < (hdr.size + (3 * sizeof(uint32_t)))) {
ck_assert_int_eq(actual, -EAGAIN);
} else {
@@ -72,13 +73,13 @@
str = my_buf + sizeof(struct qb_ipc_request_header);
for (i = 0; i < 15; i++) {
- actual = qb_rb_chunk_read(rb, &hdr, 512, 0);
+ actual = qb_rb_chunk_read(rb, my_buf, 512, 0);
if (actual < 0) {
ck_assert_int_eq(0, qb_rb_chunks_used(rb));
break;
}
+ memcpy(&hdr, my_buf, sizeof(struct qb_ipc_request_header));
str[actual - sizeof(struct qb_ipc_request_header)] = '\0';
-
ck_assert_int_eq(actual, hdr.size);
}
}
