From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id SN3PGcEfbl84VAAA0tVLHw (envelope-from ) for ; Fri, 25 Sep 2020 16:50:09 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id iP69FcEfbl/xWQAAbx9fmQ (envelope-from ) for ; Fri, 25 Sep 2020 16:50:09 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DDC9B94060E for ; Fri, 25 Sep 2020 16:50:08 +0000 (UTC) Received: from localhost ([::1]:51054 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kLqv9-0003Dh-Sh for larch@yhetil.org; Fri, 25 Sep 2020 12:50:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48390) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kLqWs-0008Pb-Er for bug-guix@gnu.org; Fri, 25 Sep 2020 12:25:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33633) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kLqWs-000705-1c for bug-guix@gnu.org; Fri, 25 Sep 2020 12:25:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kLqWr-0003EI-UF for bug-guix@gnu.org; Fri, 25 Sep 2020 12:25:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#43513: json-c build failure (on armhf-linux) while trying to build u-boot Resent-From: Danny Milosavljevic Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 25 Sep 2020 16:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43513 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 43513-submit@debbugs.gnu.org id=B43513.160105106112359 (code B ref 43513); Fri, 25 Sep 2020 16:25:01 +0000 Received: (at 43513) by debbugs.gnu.org; 25 Sep 2020 16:24:21 +0000 Received: from localhost ([127.0.0.1]:45179 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kLqWD-0003DF-LK for submit@debbugs.gnu.org; Fri, 25 Sep 2020 12:24:21 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:41648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kLqWB-0003D7-KE for 43513@debbugs.gnu.org; Fri, 25 Sep 2020 12:24:20 -0400 Received: from localhost (80-110-126-103.cgn.dynamic.surfer.at [80.110.126.103]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 38C873368534; Fri, 25 Sep 2020 18:24:18 +0200 (CEST) Date: Fri, 25 Sep 2020 18:23:26 +0200 From: Danny Milosavljevic Message-ID: <20200925182326.402aa6f2@scratchpost.org> In-Reply-To: <87wo0hj13l.fsf@gnu.org> References: <20200919173628.423331da@scratchpost.org> <20200921134855.2ed40eb0@scratchpost.org> <87wo0i17vv.fsf@gnu.org> <20200925131237.32fc61e9@scratchpost.org> <87wo0hj13l.fsf@gnu.org> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/5=gZNvCW1UBpui28Ro3bgMU"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.7 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 43513@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -1.11 X-TUID: PiNafzUsg8a1 --Sig_/5=gZNvCW1UBpui28Ro3bgMU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, On Fri, 25 Sep 2020 18:02:54 +0200 Ludovic Court=C3=A8s wrote: > What are the odds of a build succeeding in the presence of broken > getdents/readdir? Wouldn=E2=80=99t such builds simply fail (as in the CM= ake > case), as opposed to succeeding but somehow producing invalid binaries? I don't know what hashing mechanism ext4 uses, but I guess the odds are not that high IF THE DIRECTORY IS RANDOM. If it's crafted by a malicious perso= n, all bets are off. However, notice that glibc can only fail out of readdir once it gets an *ac= tual* value >=3D 2**32. It's totally possible in principle to have a directory w= ith 200 entries, the first 100 of which have d_off < 2**32, and the 101st has d_off >=3D 2**32. Readdir will only stop after having given back 100 entri= es to the caller. The caller most likely will process those 100 entries. That's it, you've just forgotten to install/copy/read/whatever half the fil= es. Technically the caller could examine errno to find out that something bad happened while using readdir, but odds are that they don't (I haven't seen anyone do that in my entire career)--and also the error code they are using is undocumented[1]. So even a person who would check wouldn't expect this error value (errno =3D=3D EOVERFLOW). In short, it won't work in practice. > We can still disabled emulated builds on ci.guix.gnu.org, but let=E2=80= =99s > first make sure we understand the practical impact of this bug. We need non-emulated builds to compare. If a real ARM machine uses substitutes for anything, it probably picks up now-untrustworthy builds made by x86_64 for ARM and builds on top of those. Or don't they use substitutes? In that case everything would be OK-ish. Otherwise huge mess... [1] "man getdents64" does not list EOVERFLOW--at least not for me. --Sig_/5=gZNvCW1UBpui28Ro3bgMU Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9uGX4ACgkQ5xo1VCww uqWi9wgAm4mQhsA+mCqSiaPLDJr7y7QuqAZ/xU9WjKqIbGCQHZJZyveeOr64B2OV xDuVXzn2yc/P4Ot3mMm1+EuW85FXKcIG3y7xwd5kA0+d0oSfHBQOrBru2Xw7ezMD 734V3Fh79KzHSjhL/rBrdl3dJ+nwRas5Ap5jKJpgtB15HKDqyPS1F6+Sooxmxr/J SKuEd8vwsKrS+WmDpTWJoWh1BJkcqQsIOl9rA1kk1WlYU25buysKHSdFzUmZ1EBN d/F8+O5B1/jBQM8EpEkYjG2LvgWX1oqizP9UZ9G3OZ8lM1NaYF+13hdtWtJhJMNn OwHKPnuFRI4lzqpUzMyM35MCPhHE3A== =E3hj -----END PGP SIGNATURE----- --Sig_/5=gZNvCW1UBpui28Ro3bgMU--