--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: tcc/0.9.26~git20120612.ad5f375-6
- From: Thomas Preud'homme <robotux@celest.fr>
- Date: Sun, 22 Jul 2012 11:56:50 +0800
- Message-id: <20120722035643.3460.35251.reportbug@brano>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: freeze-exception
Please unblock package tcc
This new version fixes a bug where a long long value is not correctly
read from memory into the registers. This leads to unexpected behavior
of correctly written programs and could have security issue for these
programs. People are warned in tcc's description that the compiler is not
ready for production because it could have security problems but it
would still be good to have a fixed version when a bug is known.
The patch is small and only the fix for the bug has been included in
this upload. The relevant bug number is #681281 and is of severity
important. Attached to this mail the debdiff from the previous version.
unblock tcc/0.9.26~git20120612.ad5f375-6
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: armhf (armv7l)
Kernel: Linux 2.6.38-ac2-ac100 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru tcc-0.9.26~git20120612.ad5f375/debian/changelog tcc-0.9.26~git20120612.ad5f375/debian/changelog
--- tcc-0.9.26~git20120612.ad5f375/debian/changelog 2012-07-09 21:30:35.000000000 +0800
+++ tcc-0.9.26~git20120612.ad5f375/debian/changelog 2012-07-22 00:41:21.000000000 +0800
@@ -1,3 +1,17 @@
+tcc (0.9.26~git20120612.ad5f375-6) unstable; urgency=low
+
+ [Paul Tagliamonte]
+ * Uploading Tom's fixes on his behalf. Although he's signed this upload
+ (he issued a debdiff), I've prepared this upload. Fix verified on
+ i386.
+
+ [Thomas Preud'homme]
+ * debian/patches:
+ + Fix incorrect reading of long long values on architecture with 32bits
+ registers like i386 and armel (Closes: #681281).
+
+ -- Thomas Preud'homme <robotux@celest.fr> Sat, 21 Jul 2012 03:43:35 +0200
+
tcc (0.9.26~git20120612.ad5f375-5) unstable; urgency=low
* debian/patches:
diff -Nru tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch
--- tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch 1970-01-01 08:00:00.000000000 +0800
+++ tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch 2012-07-22 00:31:29.000000000 +0800
@@ -0,0 +1,51 @@
+From 315185fe1db1296e511bec15894dad22432c9a7f Mon Sep 17 00:00:00 2001
+From: Thomas Preud'homme <robotux@celest.fr>
+Date: Sat, 21 Jul 2012 03:36:51 +0200
+Subject: get_reg(): try to free r2 for an SValue first
+
+To be able to load a long long value correctly on i386, gv() rely on the
+fact that when get_reg() look at an SValue it tries first to free the
+register in r2 and then r. More information about the context can be
+found at
+http://lists.nongnu.org/archive/html/tinycc-devel/2012-06/msg00017.html
+and later at
+http://lists.nongnu.org/archive/html/tinycc-devel/2012-07/msg00021.html
+
+Origin: upstream,http://repo.or.cz/w/tinycc.git/commit/d1694f7d7e6d96f64d1330c9b43491b613272b1e
+Bug-Debian: http://bugs.debian.org/681281
+Forwarded: http://lists.nongnu.org/archive/html/tinycc-devel/2012-06/msg00017.html
+Last-Updated: 2012-07-21
+Applied-Upstream: commit:d1694f7d7e6d96f64d1330c9b43491b613272b1e
+---
+ tccgen.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/tccgen.c b/tccgen.c
+index d27bdba..71d0809 100644
+--- a/tccgen.c
++++ b/tccgen.c
+@@ -589,11 +589,11 @@ ST_FUNC int get_reg(int rc)
+ IMPORTANT to start from the bottom to ensure that we don't
+ spill registers used in gen_opi()) */
+ for(p=vstack;p<=vtop;p++) {
+- r = p->r & VT_VALMASK;
++ /* look at second register (if long long) */
++ r = p->r2 & VT_VALMASK;
+ if (r < VT_CONST && (reg_classes[r] & rc))
+ goto save_found;
+- /* also look at second register (if long long) */
+- r = p->r2 & VT_VALMASK;
++ r = p->r & VT_VALMASK;
+ if (r < VT_CONST && (reg_classes[r] & rc)) {
+ save_found:
+ save_reg(r);
+@@ -812,7 +812,8 @@ ST_FUNC int gv(int rc)
+ vtop[-1].r = r; /* save register value */
+ vtop->r = vtop[-1].r2;
+ }
+- /* allocate second register */
++ /* Allocate second register. Here we rely on the fact that
++ get_reg() tries first to free r2 of an SValue. */
+ r2 = get_reg(rc2);
+ load(r2, vtop);
+ vpop();
diff -Nru tcc-0.9.26~git20120612.ad5f375/debian/patches/series tcc-0.9.26~git20120612.ad5f375/debian/patches/series
--- tcc-0.9.26~git20120612.ad5f375/debian/patches/series 2012-07-09 21:30:35.000000000 +0800
+++ tcc-0.9.26~git20120612.ad5f375/debian/patches/series 2012-07-22 00:31:29.000000000 +0800
@@ -3,3 +3,4 @@
0003-Detect-multiarch-on-Kfreebsd-and-Hurd.patch
0004-Disable-callsave_test-test-on-arm.patch
0005-Incorrect-shift-result-type-with-64-bit-ABI.patch
+0006-get_reg-try-to-free-r2-for-an-SValue-first.patch
--- End Message ---
--- Begin Message ---
- To: Thomas Preud'homme <robotux@celest.fr>, 682367-done@bugs.debian.org
- Subject: Re: Bug#682367: unblock: tcc/0.9.26~git20120612.ad5f375-6
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sun, 22 Jul 2012 11:01:31 +0100
- Message-id: <1342951291.13223.133.camel@jacala.jungle.funky-badger.org>
- In-reply-to: <20120722035643.3460.35251.reportbug@brano>
- References: <20120722035643.3460.35251.reportbug@brano>
On Sun, 2012-07-22 at 11:56 +0800, Thomas Preud'homme wrote:
> Please unblock package tcc
>
> This new version fixes a bug where a long long value is not correctly
> read from memory into the registers. This leads to unexpected behavior
> of correctly written programs and could have security issue for these
> programs. People are warned in tcc's description that the compiler is not
> ready for production because it could have security problems but it
> would still be good to have a fixed version when a bug is known.
Unblocked.
Regards,
Adam
--- End Message ---