Bug#749209: kinput2: missing define may result in invalid memory access

To: submit@bugs.debian.org
Subject: Bug#749209: kinput2: missing define may result in invalid memory access
From: Michael Tautschnig <mt@debian.org>
Date: Sun, 25 May 2014 04:17:58 +0100
Message-id: <[🔎] 20140525031758.GE1035@l04.Home>
Reply-to: Michael Tautschnig <mt@debian.org>, 749209@bugs.debian.org

Package: kinput2
Version: 3.1-12
Usertags: goto-cc

During a rebuild of all packages in a clean sid chroot (and cowbuilder+pbuilder)
the build failed with the following error. Please note that we use our research
compiler tool-chain (using tools from the cbmc package), which permits extended
reporting on type inconsistencies at link time.

[...]
gcc -o kinput2 -g -O2 -fno-strict-aliasing       kinput2.o ../lib/libKi2.a ../lib/imlib/libim.a  -lcanna16  -lXaw -lXmu -lXt -lSM -lICE -lXpm  -lXext -lX11      

error: conflicting function declarations "IMCloseConnection"
old definition in module IMProto file imlib/imfuncs.h line 70
void (struct _im_connection_ *)
new definition in module imdispatch file imfuncs.h line 70
void (struct _im_connection_ *)

reason for conflict at .serial in types listed below (struct/struct):
names of component 2 differ (serial/has_length_bug)
struct _im_connection_ {
  signed int major_protocol_version;
  signed int minor_protocol_version;
  signed int serial;
  unsigned int $pad0;
  struct _WidgetRec * proto_widget;
  IMTransport transport;
  signed int byte_order;
  unsigned int $pad1;
  IMBuffer in_buf;
  IMBuffer out_buf;
  signed int (*)() dispatcher;
  struct _im_im_ * im_list;
  signed int schedule;
  unsigned int $pad2;
  struct _im_connection_ * queue_next;
  struct _im_connection_ * next;
}
struct _im_connection_ {
  signed int major_protocol_version;
  signed int minor_protocol_version;
  signed int has_length_bug;
  signed int serial;
  struct _WidgetRec * proto_widget;
  IMTransport transport;
  signed int byte_order;
  unsigned int $pad1;
  IMBuffer in_buf;
  IMBuffer out_buf;
  signed int (*)() dispatcher;
  struct _im_im_ * im_list;
  signed int schedule;
  unsigned int $pad1;
  struct _im_connection_ * queue_next;
  struct _im_connection_ * next;
}
Makefile:1111: recipe for target 'kinput2' failed
make[2]: *** [kinput2] Error 64
make[2]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-kinput2/kinput2-3.1/cmd'
Makefile:1099: recipe for target 'all' failed
make[1]: *** [all] Error 2

Looking at the struct layout above, it will depend on the size of padding
whether fields map onto each other or not. On 64 bit systems (as in this case),
the padding may help; on 32 bit systems the fields will be misaligned. In
particular, accesses such as conn->next

http://sources.debian.net/src/kinput2/3.1-12/lib/IMProto.c?hl=377#L377

may or may not be valid. This is all caused by -DXIM_BC not being part of all
compiler command lines.

Best,
Michael

Attachment: pgpneM0Jh7NF9.pgp
Description: PGP signature

Reply to:

Prev by Date: Bug#261840: Nachfolgend finden Sie Freie Stellen vom 23.05.2014 zur Durchsicht
Next by Date: Bug#324604: Arbeitsvorschlag für Sie vom 23.05.2014
Previous by thread: Bug#261840: Nachfolgend finden Sie Freie Stellen vom 23.05.2014 zur Durchsicht
Next by thread: Bug#324604: Arbeitsvorschlag für Sie vom 23.05.2014
Index(es):
- Date
- Thread