Bug#633458: gcc-4.6 miscompiles libgcrypt11 on sparc
On Sun, Jul 10, 2011 at 15:26:07 +0200, Andreas Metzler wrote:
> Package: gcc-4.6
> Version: 4.6.1-1
> Severity: normal
> Blocks: 633373
>
> gcc-4.6 seems to miscompile libgcrypt11 on armel, causing total
> failure of gnutls26.
>
> -------------------------------
> (sid)ametzler@abel:~/GNUTLS$ ~/GNUTLS/2.10.5-2/usr/bin/gnutls-cli db.debian.org Resolving 'db.debian.org'...
> Connecting to '82.195.75.106:443'...
> *** Fatal error: Decryption has failed.
> *** Handshake has failed
> GnuTLS error: Decryption has failed.
> -------------------------------
>
I get similar failure on sparc. 1.4.6-7 was built with gcc 4.4, works.
1.4.6-8, built with gcc 4.6, fails with an unaligned access.
(sid)jcristau@sperger:~$ gnutls/usr/bin/gnutls-cli db.debian.org
Resolving 'db.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:3906:443'...
Bus error
(sid)jcristau@sperger:~$ LD_LIBRARY_PATH=~/gcrypt-old/lib/sparc-linux-gnu gnutls/usr/bin/gnutls-cli db.debian.org
Resolving 'db.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:3906:443'...
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1022 bits
- Peer's public key: 1023 bits
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `O=Debian,CN=db.debian.org,EMAIL=debian-admin@debian.org', issuer `O=Debian,CN=ca.debian.org,EMAIL=debian-admin@debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-04-01 05:52:15 UTC', expires `2012-03-31 05:52:15 UTC', SHA-1 fingerprint `88777cfc5bd5bb4590d0be07fa24d166e98c201c'
- Certificate[1] info:
- subject `O=Debian,CN=ca.debian.org,EMAIL=debian-admin@debian.org', issuer `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public Interest,OU=hostmaster,CN=Certificate Authority,EMAIL=hostmaster@spi-inc.org', RSA key 4096 bits, signed using RSA-SHA1, activated `2008-05-13 09:13:20 UTC', expires `2018-05-10 09:13:20 UTC', SHA-1 fingerprint `d726c9c7a22a52af1212e99342b76283aa40994c'
- Certificate[2] info:
- subject `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public Interest,OU=hostmaster,CN=Certificate Authority,EMAIL=hostmaster@spi-inc.org', issuer `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public Interest,OU=hostmaster,CN=Certificate Authority,EMAIL=hostmaster@spi-inc.org', RSA key 4096 bits, signed using RSA-SHA1, activated `2008-05-13 08:07:56 UTC', expires `2018-05-11 08:07:56 UTC', SHA-1 fingerprint `af70884383820215cd61c6bcecfd3724a990431c'
- The hostname in the certificate matches 'db.debian.org'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
(~/gcrypt-old has libgcrypt11 1.4.6-7 unpacked)
This also causes test failures for libsoup2.4:
https://buildd.debian.org/status/fetch.php?pkg=libsoup2.4&arch=sparc&ver=2.34.3-1&stamp=1311910501
Tracked it down to the same file as the arm fail, cipher/rijndael.c,
inside do_encrypt:
Program received signal SIGBUS, Bus error.
do_decrypt (ctx=0x57988,
bx=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>,
ax=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>) at rijndael.c:688
688 rijndael.c: No such file or directory.
in rijndael.c
(gdb) bt full
#0 do_decrypt (ctx=0x57988,
bx=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>,
ax=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\37
7Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>) at rijndael.c:688
b = {dummy = {16843009, 0, 180696, 1}, b = "\001\001\001\001\000\000\000\000\000\002\301\330\000\000\000\001"}
#1 0xf7654e10 in _gcry_aes_cbc_dec (context=0x57988, iv=0x57950 "U\331\033\341\275\002\251\210\227\032\363í\251", <incomplete sequence \343\244>, outbuf_arg=<value optimized out>,
inbuf_arg=<value optimized out>, nblocks=3) at rijndael.c:794
ctx = 0x57988
outbuf = 0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JF
zc^\201\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>
inbuf = 0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFz
c^\201\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>
ivp = <value optimized out>
i = <value optimized out>
savebuf = "\332\347I^\234q\350\023>r|T{\347\033\216"
#2 0xf763c388 in do_cbc_decrypt (c=0x57918,
outbuf=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\20
1\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>, inbuf=<value optimized out>, nbytes=<value optimized out>) at cipher.c:1056
ivp = <value optimized out>
i = <value optimized out>
n = <value optimized out>
blocksize = 16
nblocks = <value optimized out>
#3 cipher_decrypt (c=0x57918,
outbuf=0x55cad "\332\347I^\234q\350\023>r|T{\347\033\216\352\367\f\266\006\t\315S\307\313\353*9d\021=\261\233\275\177v\241\223\301y\202\366\274\024{\345\364\264\327\027~\026\325Z\301y\272B\v*)\376\062JFzc^\201\377Y\001\067{\355\334\375\063\026\212F\032\255;r\332", <incomplete sequence \350\206>, inbuf=<value optimized out>, nbytes=<value optimized out>) at cipher.c:1705
rc = GPG_ERR_NO_ERROR
__FUNCTION__ = "cipher_decrypt"
#4 0xf763df74 in _gcry_cipher_decrypt (h=<value optimized out>, out=0x55cad, outsize=48, in=0x55cad, inlen=48) at cipher.c:1776
err = GPG_ERR_NO_ERROR
#5 0xf76f898c in ?? () from /usr/lib/libgnutls.so.26
No symbol table info available.
(gdb) disass
Dump of assembler code for function do_decrypt:
0xf7653e60 <+0>: save %sp, -128, %sp
0xf7653e64 <+4>: ld [ %i0 + 4 ], %g1
0xf7653e68 <+8>: sethi %hi(0x5ec00), %l7
0xf7653e6c <+12>: call 0xf7630fe0 <__sparc_get_pc_thunk.l7>
0xf7653e70 <+16>: add %l7, 0x260, %l7 ! 0x5ee60
0xf7653e74 <+20>: cmp %g1, 0
0xf7653e78 <+24>: be,pn %icc, 0xf765429c <do_decrypt+1084>
0xf7653e7c <+28>: add %i0, 0xf8, %i5
0xf7653e80 <+32>: ld [ %i0 ], %o4
0xf7653e84 <+36>: sethi %hi(0x20800), %o5
=> 0xf7653e88 <+40>: ld [ %i2 + 4 ], %g2
0xf7653e8c <+44>: xor %o5, -508, %o5
0xf7653e90 <+48>: sll %o4, 4, %g3
0xf7653e94 <+52>: ld [ %i2 + 0xc ], %o7
0xf7653e98 <+56>: add %o4, -1, %o4
0xf7653e9c <+60>: add %i5, %g3, %i5
0xf7653ea0 <+64>: add %g3, 0xf8, %g3
0xf7653ea4 <+68>: ld [ %i2 ], %i4
0xf7653ea8 <+72>: ld [ %i0 + %g3 ], %g4
0xf7653eac <+76>: cmp %o4, 1
[...]
%i2 is 0x55cad, obviously not aligned, so a 4-byte load at %i2 + 4 breaks.
Cheers,
Julien
Reply to: