Bug#954127: fermi-lite broken on armhf

Tue, 17 Mar 2020 01:18:28 -0700 

Package: fermi-lite
Version: 0.1-9
Severity: grave
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu focal ubuntu-patch

Dear maintainers,

In Ubuntu, the fermi-lite autopkgtest has started failing on armhf with
version 0.1-9; where it previously succeeded, it now produces a segfault.

Investigation shows a problem with an assumption about the behavior when
implicitly casting from an unsigned integer type to a signed integer type:
when v->n is 0 in this function, because v->n is of type size_t, v->n - 1
yields UINT32_MAX, not -1.

The attached patch fixes the segfault.

Since the code here doesn't seem to have changed since the previous version
of the package whose autopkgtests succeeded, I assume this is due to a
behavior change in the compiler.  However, as far as I can see the new and
old behavior are valid under the C standard, so this is a fermi-lite bug,
not a compiler bug.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slanga...@ubuntu.com                                     vor...@debian.org

diff -Nru fermi-lite-0.1/debian/patches/ensure-signed-comparison 
fermi-lite-0.1/debian/patches/ensure-signed-comparison
--- fermi-lite-0.1/debian/patches/ensure-signed-comparison      1969-12-31 
16:00:00.000000000 -0800
+++ fermi-lite-0.1/debian/patches/ensure-signed-comparison      2020-03-17 
01:09:35.000000000 -0700
@@ -0,0 +1,21 @@
+Description: Ensure that our variable checking for >= 0 is signed
+ The type of v->n is size_t, which is an unsigned type, and we are assigning
+ v->n - 1 to i and looping while this is >= 0.  If v->n == 0, on some
+ architectures (armhf) this results in i being set to a positive value
+ (specifically, UINT32_MAX).
+Author: Steve Langasek <steve.langa...@ubuntu.com>
+Last-Update: 2020-03-17
+
+Index: fermi-lite-0.1/mag.c
+===================================================================
+--- fermi-lite-0.1.orig/mag.c
++++ fermi-lite-0.1/mag.c
+@@ -506,7 +506,7 @@
+ 
+       for (j = 0; j < 2; ++j) {
+               sum_n = sum_l = 0;
+-              for (i = v->n - 1; i >= 0; --i) {
++              for (i = (int64_t)v->n - 1; i >= 0; --i) {
+                       const magv_t *p = &v->a[srt[i]<<32>>32];
+                       int tmp1, tmp2;
+                       tmp1 = tmp2 = 0;
diff -Nru fermi-lite-0.1/debian/patches/series 
fermi-lite-0.1/debian/patches/series
--- fermi-lite-0.1/debian/patches/series        2020-02-15 04:17:54.000000000 
-0800
+++ fermi-lite-0.1/debian/patches/series        2020-03-17 01:04:57.000000000 
-0700
@@ -3,4 +3,5 @@
 rename_bseq1_t.patch
 bcf_seqlib.patch
 simde
+ensure-signed-comparison
 sync_instead_of_atomic

Reply via email to