Bug#452108: what binary packages to update?

To: 452108@bugs.debian.org
Subject: Bug#452108: what binary packages to update?
From: Török Edwin <edwintorok@gmail.com>
Date: Tue, 20 Nov 2007 21:04:54 +0200
Message-id: <[🔎] 47432FD6.7080209@gmail.com>
Reply-to: Török Edwin <edwintorok@gmail.com>, 452108@bugs.debian.org

> Note that this issue is in theory pretty serious as in principle
_any_
> binary package in the archive could be affected.

Since the abs() is optimized away on miscompilations, searching for
binaries that have the abs() symbol won't find the buggy ones.

The only reliable way to find out what packages could be affected,
is to grep for calls to abs() [I guess too many to hand-review].

Then the list could be filtered by dropping calls to abs() where
parameteres are provably positive numbers (either constants, or
unsigned types). Such a check could be implemented in static
analysis tools, like CIL, but trying to compile the entire archive
with CIL can be a challenge by itself.

How do you intend to handle this bug for stable?
Obviously updating all packages that call abs() is not a solution :(

A quicker way to find out could be to compile all the archive with
current gcc version. Then apply the patch that fixes the bug,
recompile the entire archive, and see which .o,.so,.a, and
executable files differ between the two. Is there a tool to automate
such a task?


--Edwin

Reply to:

Prev by Date: gnat-4.2_4.2.2-3_hppa.changes REJECTED
Next by Date: Processed: Re: Bug#452238: Acknowledgement ([alpha] Segfault in df_chain_remove_problem with -O3)
Previous by thread: gnat-4.2_4.2.2-3_hppa.changes REJECTED
Next by thread: Processed: Re: Bug#452238: Acknowledgement ([alpha] Segfault in df_chain_remove_problem with -O3)
Index(es):
- Date
- Thread