Subject: Re: apk_blob_pull_dep corrupts virtpkg->version->ptr under clang
To: ~alpine/apk-tools@lists.alpinelinux.org
References: <5bbbc186-d3c5-beca-bfdb-f530a6c307e3@toastin.space>
From: "A. Wilcox" <awilfox@adelielinux.org>
Openpgp: preference=signencrypt
Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?=
Message-ID: <aba4b281-7f82-5bd3-7b24-8a25d54a345d@adelielinux.org>
Date: Wed, 10 Jul 2019 19:45:57 -0500
User-Agent: Mozilla/5.0 (X11; Linux ppc64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <5bbbc186-d3c5-beca-bfdb-f530a6c307e3@toastin.space>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="vK4NDoMbGha7weIQTtdTJ0aCOSYgnVdmG"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--vK4NDoMbGha7weIQTtdTJ0aCOSYgnVdmG
Content-Type: multipart/mixed; boundary="S7wavh7iUL0AUUmF6U7oesAD8YNhV8S3A";
 protected-headers="v1"
From: "A. Wilcox" <awilfox@adelielinux.org>
To: ~alpine/apk-tools@lists.alpinelinux.org
Message-ID: <aba4b281-7f82-5bd3-7b24-8a25d54a345d@adelielinux.org>
Subject: Re: apk_blob_pull_dep corrupts virtpkg->version->ptr under clang
References: <5bbbc186-d3c5-beca-bfdb-f530a6c307e3@toastin.space>
In-Reply-To: <5bbbc186-d3c5-beca-bfdb-f530a6c307e3@toastin.space>

--S7wavh7iUL0AUUmF6U7oesAD8YNhV8S3A
Content-Type: multipart/mixed;
 boundary="------------B795DCB7B281E527CC495CC2"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------B795DCB7B281E527CC495CC2
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 07/10/19 18:55, Chloe Kudryavtsev wrote:
> Hi, virtual packages get their version corrupted under clang.
> It specifically happens in add.c::171 (well, the invocation, digging
> deeper turned out to be difficult).
>=20
> Steps to reproduce:
> 1. Launch a docker image - I used alpine:edge
> 2. Install the packages we'll need for the demonstration, full list at =
[1].
> 3. git clone https://git.alpinelinux.org/apk-tools
> 4. cd apk-tools
> 5. Apply the following patch: https://brpaste.xyz/raw/2B_m0A. Reasoning=

> in [2]. (curl https://brpaste.xyz/raw/2B_m0A | patch -p1)
> 6. make CC=3Dclang CFLAGS=3D-O2
> 7. ./src/apk -s add -t foo foo
> 8. Observe the discrepancies
>=20
> NOTE: CFLAGS are -O2 because that makes the error easier to observe.
> However it shows up even under -O0.
>=20
> I have no familiarity with apk internals, but clang compiles many other=

> things just fine without corrupting pointers at random.
> Could someone look into this?
>=20
> [1]: musl-dev linux-headers lua5.2-dev openssl-dev zlib-dev clang gcc
> make git curl
> [2]: This adds two printf statements for easy viewing and removes -Wall=

> (clang has stricter warnings, should be tackled, but maybe later).



Duplicated on Ad=C3=A9lie ppc64 with clang 8.

This is because 'ver' is a stack-allocated variable.  Its scope is
bounded by create_virtual_package.

Patch attached fixes this.

--arw


--=20
A. Wilcox (awilfox)
Project Lead, Ad=C3=A9lie Linux
https://www.adelielinux.org

--------------B795DCB7B281E527CC495CC2
Content-Type: text/plain; charset=UTF-8;
 name="0001-add-create_virtual_package-dup-ver-string.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="0001-add-create_virtual_package-dup-ver-string.patch"

RnJvbSBkMDgwNzM3OTRhNzFjNWJmMmFkMWRmNTI3OTlkMzU5ZjU1ZGEwNjgwIE1vbiBTZXAg
MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiAiQS4gV2lsY294IiA8QVdpbGNveEBXaWxjb3gtVGVj
aC5jb20+CkRhdGU6IFdlZCwgMTAgSnVsIDIwMTkgMTk6NDQ6NDggLTA1MDAKU3ViamVjdDog
W1BBVENIXSBhZGQ6IGNyZWF0ZV92aXJ0dWFsX3BhY2thZ2U6IGR1cCB2ZXIgc3RyaW5nCgp2
ZXIgaXMgYSBzdGFjay1hbGxvY2F0ZWQgdmFyaWFibGUuICBJdHMgc2NvcGUgZW5kcyB3aGVu
IHRoZSBmdW5jdGlvbiBkb2VzLgpUaGlzIG1lYW5zIHRoYXQgdGhlIHZlcnNpb24gYXRvbSBp
cyBubyBsb25nZXIgdmFsaWQgYWZ0ZXIgdGhlIHJldHVybiBvZgpjcmVhdGVfdmlydHVhbF9w
YWNrYWdlLgotLS0KIHNyYy9hZGQuYyB8IDIgKy0KIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2Vy
dGlvbigrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL3NyYy9hZGQuYyBiL3NyYy9h
ZGQuYwppbmRleCA0YzI4NWY3Li43ZTE1ZjEwIDEwMDY0NAotLS0gYS9zcmMvYWRkLmMKKysr
IGIvc3JjL2FkZC5jCkBAIC05Nyw3ICs5Nyw3IEBAIHN0YXRpYyBzdHJ1Y3QgYXBrX3BhY2th
Z2UgKmNyZWF0ZV92aXJ0dWFsX3BhY2thZ2Uoc3RydWN0IGFwa19kYXRhYmFzZSAqZGIsIHN0
cnVjCiAJaWYgKHZpcnRwa2cgPT0gTlVMTCkgcmV0dXJuIDA7CiAKIAl2aXJ0cGtnLT5uYW1l
ID0gbmFtZTsKLQl2aXJ0cGtnLT52ZXJzaW9uID0gYXBrX2Jsb2JfYXRvbWl6ZShBUEtfQkxP
Ql9TVFIodmVyKSk7CisJdmlydHBrZy0+dmVyc2lvbiA9IGFwa19ibG9iX2F0b21pemVfZHVw
KEFQS19CTE9CX1NUUih2ZXIpKTsKIAl2aXJ0cGtnLT5kZXNjcmlwdGlvbiA9IHN0cmR1cCgi
dmlydHVhbCBtZXRhIHBhY2thZ2UiKTsKIAl2aXJ0cGtnLT5hcmNoID0gYXBrX2Jsb2JfYXRv
bWl6ZShBUEtfQkxPQl9TVFIoIm5vYXJjaCIpKTsKIAotLSAKMi4yMi4wCgo=
--------------B795DCB7B281E527CC495CC2--

--S7wavh7iUL0AUUmF6U7oesAD8YNhV8S3A--

--vK4NDoMbGha7weIQTtdTJ0aCOSYgnVdmG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjNyWOYPU1SaTSMHHyynLUZIrnRQFAl0mhsUACgkQyynLUZIr
nRQ6pQ/+IwOWbnpTG6OpWjkqvygGb7hx4kV7K1u9R/jaA/rrHRnXJv0gAea0Q/mX
EbGgVZcKr3jgLN2wTUSyx6qvvjXBlVXHHhID/9B55WfYcqKomyvVeDCBnDSXwP3N
PFk3JRIfo6fTpW3svSJDZQf5xDOP37BqY8nIHUC7YCBQ8UH5n47RJCpzHJUYT/DU
bQ0WzSsuqeXJO+NfI2qd0xmfx6HgB1hK0WcAusMyIqwoM9rYJ59uAhGZccn9hpAO
mqUFfyD2Sm9uVFsW9sSXc4Nja7t2sDX8D4dUosF9CIhnzVUIinJsW+ZULG2i8qnH
uANp9nt8bk5CC+YpZtYPzQZvk29QeDL8LFPgGU8484DkOuV1GSqj4nrMjHl4qYcY
evcstmYvercBxDdmX75ukI8FDESG5Y30FSZlG+yh77Yw2xPXArlfXTPzoKXWtUIQ
nnasrhZB5Jxt6MRFasOwb/fsilvuOLW0h1y2UCSsX0u51QaaUMyuDZdcUq5hruaR
18I66UulpsLRjkzlSPodlRG/oOOxVzi7+9oV5U98uVs2vbJ7qxgT8BhnksDCqChh
FE/q1AQUMUqeyvcLRMiBu3psSgc3ATibXCfX9kbTzj+kKzMFV7DSemSCzqMwdHIB
RhCo143kXCzxUXJ+qbhkkQg1zwVitXOI7yReL53QXOGgbo8/RoI=
=8a50
-----END PGP SIGNATURE-----

--vK4NDoMbGha7weIQTtdTJ0aCOSYgnVdmG--