Received: from mail.toastin.space (mail.toastin.space [207.246.93.162])	by
 nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 06C3C781A55	for
 <~alpine/apk-tools@lists.alpinelinux.org>; Wed, 10 Jul 2019 23:55:49 +0000
 (UTC)
Received: from mail.toastin.space (localhost [127.0.0.1])
	by mail.toastin.space (OpenSMTPD) with ESMTP id d11842c9
	for <~alpine/apk-tools@lists.alpinelinux.org>;
	Wed, 10 Jul 2019 19:55:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=toastin.space; h=from
	:subject:to:message-id:date:mime-version:content-type
	:content-transfer-encoding; s=ml; bh=CjrUSRnELMaQ5z4XoTw2e6AdFz4
	=; b=g5C6impEB9J9TT6o5aGcvTzL1cnyXz9ON6ntXuOFxjIRJ5LAsrkg8KOUGgP
	kabVGLcIq54PRVQmO5baFh+z2LH7EcWmWdmgkPqRqopj1BSAa4ua5E9hBlVMEuK2
	qEESqkcqMSY70Jao54AlRq9+DxeiIb+GAnkRt/7NbhbIBZioTGB42v+L0N3IjKzS
	mN+M6rY9hPXbtQOBMzVveZbux7GqcgMLNxk+2axspZ0W1vyknx3rsXG1OgyoD4gv
	Oh6o5EqVaog576GY/kBuf0ypZZX48mSkGTDnAcO+F6XALi8Shzrlp2x2Tp3vJutM
	3Butb5+7yRjyht6vwFLvUUf8hKQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=toastin.space; h=from
	:subject:to:message-id:date:mime-version:content-type
	:content-transfer-encoding; q=dns; s=ml; b=jvbabFRNstwymtQwYIdOz
	cNpDoUVw52iINCz0AhcUrkDvhp+kn/eTE0aNiZ9RMD2RiODyPmKKnSO7yP5lyI0D
	+5SalXtZVTOu9uVXRZRIFIAN46+EjKk7JZYAMucN0tDroKJClUJKyuaXinEPuArW
	ijjhT/cbVs1aR0VhHNcKffNz+ku6IYLaUgN4iTFPaKvfXaA58uG9EKZachpiV5MK
	xeMFuXjttkYjloZZplyJdm7ObIEabXFTcYgMfark/hgZjA4RnBRd1CDVA0dTSEK0
	rqPr5NnHYOzDaDYmk5u1EXMhOokB+itFTNXXJSYbMNsFyVewL0v7z8NfAYp2IMN/
	w==
Received: from [192.168.0.21] (173-246-15-165.qc.cable.ebox.net
 [173.246.15.165])	by mail.toastin.space (OpenSMTPD) with ESMTPSA id b6ba7975
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)	for
 <~alpine/apk-tools@lists.alpinelinux.org>;	Wed, 10 Jul 2019 19:55:48 -0400
 (EDT)
From: Chloe Kudryavtsev <toast@toastin.space>
Subject: apk_blob_pull_dep corrupts virtpkg->version->ptr under clang
To: ~alpine/apk-tools@lists.alpinelinux.org
Message-ID: <5bbbc186-d3c5-beca-bfdb-f530a6c307e3@toastin.space>
Date: Wed, 10 Jul 2019 19:55:47 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Hi, virtual packages get their version corrupted under clang.
It specifically happens in add.c::171 (well, the invocation, digging 
deeper turned out to be difficult).

Steps to reproduce:
1. Launch a docker image - I used alpine:edge
2. Install the packages we'll need for the demonstration, full list at [1].
3. git clone https://git.alpinelinux.org/apk-tools
4. cd apk-tools
5. Apply the following patch: https://brpaste.xyz/raw/2B_m0A. Reasoning 
in [2]. (curl https://brpaste.xyz/raw/2B_m0A | patch -p1)
6. make CC=clang CFLAGS=-O2
7. ./src/apk -s add -t foo foo
8. Observe the discrepancies

NOTE: CFLAGS are -O2 because that makes the error easier to observe.
However it shows up even under -O0.

I have no familiarity with apk internals, but clang compiles many other 
things just fine without corrupting pointers at random.
Could someone look into this?

[1]: musl-dev linux-headers lua5.2-dev openssl-dev zlib-dev clang gcc 
make git curl
[2]: This adds two printf statements for easy viewing and removes -Wall 
(clang has stricter warnings, should be tackled, but maybe later).