From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 25 12:24:21 2020 Received: (at 43513) by debbugs.gnu.org; 25 Sep 2020 16:24:21 +0000 Received: from localhost ([127.0.0.1]:45179 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kLqWD-0003DF-LK for submit@debbugs.gnu.org; Fri, 25 Sep 2020 12:24:21 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:41648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kLqWB-0003D7-KE for 43513@debbugs.gnu.org; Fri, 25 Sep 2020 12:24:20 -0400 Received: from localhost (80-110-126-103.cgn.dynamic.surfer.at [80.110.126.103]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 38C873368534; Fri, 25 Sep 2020 18:24:18 +0200 (CEST) Date: Fri, 25 Sep 2020 18:23:26 +0200 From: Danny Milosavljevic To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Subject: Re: bug#43513: json-c build failure (on armhf-linux) while trying to build u-boot Message-ID: <20200925182326.402aa6f2@scratchpost.org> In-Reply-To: <87wo0hj13l.fsf@gnu.org> References: <20200919173628.423331da@scratchpost.org> <20200921134855.2ed40eb0@scratchpost.org> <87wo0i17vv.fsf@gnu.org> <20200925131237.32fc61e9@scratchpost.org> <87wo0hj13l.fsf@gnu.org> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/5=gZNvCW1UBpui28Ro3bgMU"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 43513 Cc: 43513@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/5=gZNvCW1UBpui28Ro3bgMU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, On Fri, 25 Sep 2020 18:02:54 +0200 Ludovic Court=C3=A8s wrote: > What are the odds of a build succeeding in the presence of broken > getdents/readdir? Wouldn=E2=80=99t such builds simply fail (as in the CM= ake > case), as opposed to succeeding but somehow producing invalid binaries? I don't know what hashing mechanism ext4 uses, but I guess the odds are not that high IF THE DIRECTORY IS RANDOM. If it's crafted by a malicious perso= n, all bets are off. However, notice that glibc can only fail out of readdir once it gets an *ac= tual* value >=3D 2**32. It's totally possible in principle to have a directory w= ith 200 entries, the first 100 of which have d_off < 2**32, and the 101st has d_off >=3D 2**32. Readdir will only stop after having given back 100 entri= es to the caller. The caller most likely will process those 100 entries. That's it, you've just forgotten to install/copy/read/whatever half the fil= es. Technically the caller could examine errno to find out that something bad happened while using readdir, but odds are that they don't (I haven't seen anyone do that in my entire career)--and also the error code they are using is undocumented[1]. So even a person who would check wouldn't expect this error value (errno =3D=3D EOVERFLOW). In short, it won't work in practice. > We can still disabled emulated builds on ci.guix.gnu.org, but let=E2=80= =99s > first make sure we understand the practical impact of this bug. We need non-emulated builds to compare. If a real ARM machine uses substitutes for anything, it probably picks up now-untrustworthy builds made by x86_64 for ARM and builds on top of those. Or don't they use substitutes? In that case everything would be OK-ish. Otherwise huge mess... [1] "man getdents64" does not list EOVERFLOW--at least not for me. --Sig_/5=gZNvCW1UBpui28Ro3bgMU Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9uGX4ACgkQ5xo1VCww uqWi9wgAm4mQhsA+mCqSiaPLDJr7y7QuqAZ/xU9WjKqIbGCQHZJZyveeOr64B2OV xDuVXzn2yc/P4Ot3mMm1+EuW85FXKcIG3y7xwd5kA0+d0oSfHBQOrBru2Xw7ezMD 734V3Fh79KzHSjhL/rBrdl3dJ+nwRas5Ap5jKJpgtB15HKDqyPS1F6+Sooxmxr/J SKuEd8vwsKrS+WmDpTWJoWh1BJkcqQsIOl9rA1kk1WlYU25buysKHSdFzUmZ1EBN d/F8+O5B1/jBQM8EpEkYjG2LvgWX1oqizP9UZ9G3OZ8lM1NaYF+13hdtWtJhJMNn OwHKPnuFRI4lzqpUzMyM35MCPhHE3A== =E3hj -----END PGP SIGNATURE----- --Sig_/5=gZNvCW1UBpui28Ro3bgMU--