Bug#946792: marked as done (gcc-9: Buffer overflow bug introduced by gcc-search-prefixed-as-ld.diff)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 04 Jan 2020 10:34:28 +0000
with message-id <E1inglI-000IeE-1Y@fasolo.debian.org>
and subject line Bug#946792: fixed in gcc-9 9.2.1-22
has caused the Debian Bug report #946792,
regarding gcc-9: Buffer overflow bug introduced by gcc-search-prefixed-as-ld.diff
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
946792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946792
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: gcc-9: Buffer overflow bug introduced by gcc-search-prefixed-as-ld.diff
• From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
• Date: Sun, 15 Dec 2019 23:19:27 +0100
• Message-id: <157644836730.1385835.11973450335738158427.reportbug@z6.physik.fu-berlin.de>

Source: gcc-9
Severity: important

Hello!

Recently, we have observed strange crashes of gcc-9 while building src:linux
on sh4 [1].

Michael Karcher has debugged the problem and found that this is a buffer
overflow introduced by the patch gcc-search-prefixed-as-ld.diff.

The backtrace is:

Core was generated by `gcc -v -pipe -m4 -m4-nofpu hello.c'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x296993e6 in memcpy () from /lib/sh4-linux-gnu/libc.so.6
(gdb) bt
#0  0x296993e6 in memcpy () from /lib/sh4-linux-gnu/libc.so.6
#1  0x00405ade in file_at_path (path=0x29892fb0 "/usr/lib/gcc/sh4-linux-gnu/9/../../../../sh4-linux-gnu/bin/sh4-linux-gnu/9/sh4-l", data=0x7b901400) at ../../src/gcc/gcc.c:2943
#2  0x00405b80 in file_at_path (path=0x29892fb0 "/usr/lib/gcc/sh4-linux-gnu/9/../../../../sh4-linux-gnu/bin/sh4-linux-gnu/9/sh4-l", data=0x7b9014a0) at ../../src/gcc/gcc.c:2936
#3  0x00404d0e in for_each_path (paths=0x4e8520 <exec_prefixes>, do_multi=<optimized out>, extra_space=2, callback=0x405a88 <file_at_path(char*, void*)>, callback_info=0x7b9014a0)
    at ../../src/gcc/gcc.c:2724
#4  0x0040680c in find_a_file (pprefix=<optimized out>, name=0x29828240 "as", mode=1, do_multi=<optimized out>) at ../../src/gcc/gcc.c:2999
#5  0x00409e86 in execute () at ../../src/gcc/gcc.c:3200
#6  0x0040ff14 in driver::do_spec_on_infiles (this=0x7b9015f8) at ../../src/gcc/gcc.c:8377
#7  0x00403b60 in driver::main (this=0x7b9015f8, argc=<optimized out>, argv=<optimized out>) at ../../src/gcc/gcc.c:7601
#8  0x00403dd4 in main (argc=6, argv=0x7b901694) at ../../src/gcc/gcc-main.c:47
(gdb)

See also [2].

The issue is fixed by replacing line 9 in [3] with:

+         len += strlen (DEFAULT_REAL_TARGET_MACHINE) + 2; /* triplet prefix for as, ld.  */

I assume it's just pure luck the issue doesn't show on other architectures.

Thanks,
Adrian

> [1] https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=5.3.15-1&stamp=1575738446&raw=0
> [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92946
> [3] https://sources.debian.org/src/gcc-9/9.2.1-21/debian/patches/gcc-search-prefixed-as-ld.diff/

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

--- End Message ---

--- Begin Message ---

• To: 946792-close@bugs.debian.org
• Subject: Bug#946792: fixed in gcc-9 9.2.1-22
• From: Matthias Klose <doko@debian.org>
• Date: Sat, 04 Jan 2020 10:34:28 +0000
• Message-id: <E1inglI-000IeE-1Y@fasolo.debian.org>

Source: gcc-9
Source-Version: 9.2.1-22

We believe that the bug you reported is fixed in the latest version of
gcc-9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 946792@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated gcc-9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jan 2020 10:43:48 +0100
Source: gcc-9
Architecture: source
Version: 9.2.1-22
Distribution: unstable
Urgency: medium
Maintainer: Debian GCC Maintainers <debian-gcc@lists.debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Closes: 946487 946709 946792
Changes:
 gcc-9 (9.2.1-22) unstable; urgency=medium
 .
   * Update to SVN 20200104 (r279880) from the gcc-9-branch.
     - Fix PR libstdc++/92853, PR target/92098 (PPC), PR libstdc++/91786,
       PR tree-optimization/91790, PR c++/57082, PR c++/92859, PR c++/92446,
       PR c++/92150, PR fortran/92898, PR fortran/92897, PR fortran/92899,
       PR c++/60228, PR sanitizer/92154, PR c++/61414, PR c/90677,
       PR target/67834 (PA), PR target/93111 (PA), PR fortran/92756,
       PR ipa/92357, PR tree-optimization/92930, PR target/92904 (X86),
       PR target/92723, PR debug/92664, PR tree-optimization/92644,
       PR target/92615 (X86), PR rtl-optimization/92591, PR target/92545 (AVR),
       PR target/92950 (S390), PR c/90677, PR c++/92831, PR c++/92732,
       PR c++/92695, PR c++/92695, PR c++/60228, PR c++/92695, PR c++/92524,
       PR c++/92648, PR c++/61414, PR c/90677, PR c++/90842, PR fortran/92961,
       PR fortran/92753, PR fortran/92977, PR fortran/92977, PR fortran/92899,
       PR fortran/92775, PR fortran/92781, PR fortran/91944.
   * libgomp-plugin-nvptx1: Update cuda suggestions. Closes: #946487.
   * Fix buffer overflow in the gcc-search-prefixed-as-ld patch. Closes: #946792.
   * Backport gccgo patch for hurd-i386 (Svante Signell). Closes: #946709.
Checksums-Sha1:
 4acdbbbc22b4dafbe9fbcfdecdf1dd0450189f1c 27011 gcc-9_9.2.1-22.dsc
 c98a444fa60746affb08bf41acbc14cd7e95a43a 921484 gcc-9_9.2.1-22.debian.tar.xz
 00b883c877865a6cd2ab4f11556f1dcbae67b448 10217 gcc-9_9.2.1-22_source.buildinfo
Checksums-Sha256:
 32f9d8bbfe6684a883417b272dba99f4d35e2facfdffcf122e4dbc9c152e578f 27011 gcc-9_9.2.1-22.dsc
 760174cd62f776bc10ce87ad71e6ce40159221b1f1c71b389904c93f854ef66a 921484 gcc-9_9.2.1-22.debian.tar.xz
 8119ceb4c0f6843406b89f1116388654fd7e64705429d70835729f492d7cd46f 10217 gcc-9_9.2.1-22_source.buildinfo
Files:
 11ff0e5d73dfa27548295d7dbef26df5 27011 devel optional gcc-9_9.2.1-22.dsc
 713a6a510ed417a59b0cde02870dc10a 921484 devel optional gcc-9_9.2.1-22.debian.tar.xz
 e4447339be8a5cf3c8cb0eb09beda2de 10217 devel optional gcc-9_9.2.1-22_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAl4QZDEQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9VsHD/9o9xryKSBqTUiAYxrKCaYWp7q4fR65Ud2A
2e5v3IcvjD+y+y5bA/tnrGVx6SP66H92ThPbvE5yzttV0Q9RhD4HgwHAai/ox672
HGmKgxNjh4mzhh9G9lwWCBJdZPEcbh45/vpg5MuZVYJJ+6AVm9zKi4WsJVTzvBl6
voma9U0bxblt/gVa5jkgDAYfQB4gIbLFdyKAc/dXh2j7rUoy72QPhm1ey/sByfxU
gJ6U/Z69su7SqSBrb8epAAcYBe9tB80pu9Ob43yoDwBRK+8MS0/onuiE0KQvHJHp
ASxbW43GClg18xsfzPigY/v63MneNqxtZz6c/Kfu7HU61JJK0wsVwdU4iJQwUBtK
Vg0QUVjIPongfjWwKsGZdd/BYIUhtbwS9txiw+ISwGg725kCEAZdvq7KmEoS1tem
ERg9trCn35O/CfZ/IMBycvjGc+7Al+p/jmEyT0c0VNP+d++wXZTWpmzTJcZTfWgm
QZmyfrTZdlFQcgyYzXh2mp+VhPf3vzpce6aM1r0GFF6BGUFof/ELKFtePPoBMVIE
VbIkomGck/bu7xB8NuQQw9nY5dYK80+uhzNEoOz2yPmVD/nEyt/oW8H8u7CX3R4B
sELVsiyw6h7AWx2TNC2nYyXW6hf7TZICaGGV/zRlXD9bi+rJ+YjvAp9GJliCEaTg
yHh2NMV/eA==
=OKPZ
-----END PGP SIGNATURE-----

--- End Message ---