Bug#1119014: libamdhip64-6: possible out-of-bounds write in rocclr printf
Package: libamdhip64-6
Version: 6.4.3-2
Severity: normal
X-Debbugs-Cc: cgmb@debian.org
Dear Maintainer,
When building src:rocm-hipamd 6.4.3-2 with hardening and lto enabled,
I encountered a number of out-of-bounds memcpy calls that caused the
package to FTBFS. There was one error that didn't seem to have a patch
upstream that I could backport:
```
[100%] Linking CXX shared library ../lib/libamdhip64.so
cd /root/rocm-hipamd/rocm-hipamd/obj-x86_64-linux-gnu/hipamd/src && /usr/bin/cmake -E cmake_link_script CMakeFiles/amdhip64.dir/link.txt --verbose=1
In function ‘memcpy’,
inlined from ‘output’ at /usr/src/rocm-hipamd-6.4.3-3/rocclr/device/rocm/rocprintf.cpp:489:17:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:33: error: ‘__builtin_memcpy’ specified bound between 18446744073709551604 and 18446744073709551608 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^
lto1: all warnings being treated as errors
```
Sincerely,
Cory Bloor
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.16.3+deb13-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages libamdhip64-6 depends on:
ii libamd-comgr3 7.0.2+dfsg-1
ii libc6 2.41-12
ii libgcc-s1 15.2.0-7
ii libhsa-runtime64-1 6.4.3+dfsg-3
ii libnuma1 2.0.19-1
ii libstdc++6 15.2.0-7
libamdhip64-6 recommends no packages.
libamdhip64-6 suggests no packages.
-- no debconf information
Reply to: