[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#633458: gcc-4.6 miscompiles libgcrypt11 on sparc



On Sun, Jul 10, 2011 at 15:26:07 +0200, Andreas Metzler wrote:

> Package: gcc-4.6
> Version: 4.6.1-1
> Severity: normal
> Blocks: 633373
> 
> gcc-4.6 seems to miscompile libgcrypt11 on armel, causing total
> failure of gnutls26.
> 
> -------------------------------
> (sid)ametzler@abel:~/GNUTLS$ ~/GNUTLS/2.10.5-2/usr/bin/gnutls-cli db.debian.org Resolving 'db.debian.org'...
> Connecting to '82.195.75.106:443'...
> *** Fatal error: Decryption has failed.
> *** Handshake has failed
> GnuTLS error: Decryption has failed.
> -------------------------------
> 
I get similar failure on sparc.  1.4.6-7 was built with gcc 4.4, works.
1.4.6-8, built with gcc 4.6, fails with an unaligned access.

(sid)jcristau@sperger:~$ gnutls/usr/bin/gnutls-cli db.debian.org
Resolving 'db.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:3906:443'...
Bus error

(sid)jcristau@sperger:~$ LD_LIBRARY_PATH=~/gcrypt-old/lib/sparc-linux-gnu gnutls/usr/bin/gnutls-cli db.debian.org
Resolving 'db.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:3906:443'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1022 bits
 - Peer's public key: 1023 bits
- Certificate type: X.509
 - Got a certificate list of 3 certificates.
 - Certificate[0] info:
  - subject `O=Debian,CN=db.debian.org,EMAIL=debian-admin@debian.org', issuer `O=Debian,CN=ca.debian.org,EMAIL=debian-admin@debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-04-01 05:52:15 UTC', expires `2012-03-31 05:52:15 UTC', SHA-1 fingerprint `88777cfc5bd5bb4590d0be07fa24d166e98c201c'
 - Certificate[1] info:
  - subject `O=Debian,CN=ca.debian.org,EMAIL=debian-admin@debian.org', issuer `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public Interest,OU=hostmaster,CN=Certificate Authority,EMAIL=hostmaster@spi-inc.org', RSA key 4096 bits, signed using RSA-SHA1, activated `2008-05-13 09:13:20 UTC', expires `2018-05-10 09:13:20 UTC', SHA-1 fingerprint `d726c9c7a22a52af1212e99342b76283aa40994c'
 - Certificate[2] info:
  - subject `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public Interest,OU=hostmaster,CN=Certificate Authority,EMAIL=hostmaster@spi-inc.org', issuer `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public Interest,OU=hostmaster,CN=Certificate Authority,EMAIL=hostmaster@spi-inc.org', RSA key 4096 bits, signed using RSA-SHA1, activated `2008-05-13 08:07:56 UTC', expires `2018-05-11 08:07:56 UTC', SHA-1 fingerprint `af70884383820215cd61c6bcecfd3724a990431c'
- The hostname in the certificate matches 'db.debian.org'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

(~/gcrypt-old has libgcrypt11 1.4.6-7 unpacked)

This also causes test failures for libsoup2.4:
https://buildd.debian.org/status/fetch.php?pkg=libsoup2.4&arch=sparc&ver=2.34.3-1&stamp=1311910501

Tracked it down to the same file as the arm fail, cipher/rijndael.c,
inside do_encrypt:

Program received signal SIGBUS, Bus error.
do_decrypt (ctx=0x57988,
    bx=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>,
    ax=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>) at rijndael.c:688
688     rijndael.c: No such file or directory.   
        in rijndael.c
(gdb) bt full
#0  do_decrypt (ctx=0x57988,
    bx=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>,
    ax=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>) at rijndael.c:688
        b = {dummy = {16843009, 0, 180696, 1}, b = "\001\001\001\001\000\000\000\000\000\002\301\330\000\000\000\001"}
#1  0xf7654e10 in _gcry_aes_cbc_dec (context=0x57988, iv=0x57950 "U\331\033\341\275\002\251\210\227\032\363í\251", <incomplete sequence \343\244>, outbuf_arg=<value optimized out>,
    inbuf_arg=<value optimized out>, nblocks=3) at rijndael.c:794
        ctx = 0x57988
        outbuf = 0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JF
zc^\201\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>
        inbuf = 0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFz
c^\201\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>
        ivp = <value optimized out>
        i = <value optimized out>
        savebuf = "\332\347I^\234q\350\023>r|T{\347\033\216"
#2  0xf763c388 in do_cbc_decrypt (c=0x57918,
    outbuf=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\20
1\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>, inbuf=<value optimized out>, nbytes=<value optimized out>) at cipher.c:1056
        ivp = <value optimized out>
        i = <value optimized out>
        n = <value optimized out>
        blocksize = 16
        nblocks = <value optimized out>
#3  cipher_decrypt (c=0x57918,
    outbuf=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>, inbuf=<value optimized out>, nbytes=<value optimized out>) at cipher.c:1705
        rc = GPG_ERR_NO_ERROR
        __FUNCTION__ = "cipher_decrypt"
#4  0xf763df74 in _gcry_cipher_decrypt (h=<value optimized out>, out=0x55cad, outsize=48, in=0x55cad, inlen=48) at cipher.c:1776
        err = GPG_ERR_NO_ERROR
#5  0xf76f898c in ?? () from /usr/lib/libgnutls.so.26
No symbol table info available.

(gdb) disass
Dump of assembler code for function do_decrypt:
   0xf7653e60 <+0>:     save  %sp, -128, %sp
   0xf7653e64 <+4>:     ld  [ %i0 + 4 ], %g1
   0xf7653e68 <+8>:     sethi  %hi(0x5ec00), %l7
   0xf7653e6c <+12>:    call  0xf7630fe0 <__sparc_get_pc_thunk.l7>
   0xf7653e70 <+16>:    add  %l7, 0x260, %l7    ! 0x5ee60
   0xf7653e74 <+20>:    cmp  %g1, 0
   0xf7653e78 <+24>:    be,pn   %icc, 0xf765429c <do_decrypt+1084>
   0xf7653e7c <+28>:    add  %i0, 0xf8, %i5
   0xf7653e80 <+32>:    ld  [ %i0 ], %o4
   0xf7653e84 <+36>:    sethi  %hi(0x20800), %o5 
=> 0xf7653e88 <+40>:    ld  [ %i2 + 4 ], %g2
   0xf7653e8c <+44>:    xor  %o5, -508, %o5
   0xf7653e90 <+48>:    sll  %o4, 4, %g3
   0xf7653e94 <+52>:    ld  [ %i2 + 0xc ], %o7   
   0xf7653e98 <+56>:    add  %o4, -1, %o4
   0xf7653e9c <+60>:    add  %i5, %g3, %i5
   0xf7653ea0 <+64>:    add  %g3, 0xf8, %g3
   0xf7653ea4 <+68>:    ld  [ %i2 ], %i4
   0xf7653ea8 <+72>:    ld  [ %i0 + %g3 ], %g4   
   0xf7653eac <+76>:    cmp  %o4, 1
[...]

%i2 is 0x55cad, obviously not aligned, so a 4-byte load at %i2 + 4 breaks.

Cheers,
Julien



Reply to: