[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#682367: marked as done (unblock: tcc/0.9.26~git20120612.ad5f375-6)

Your message dated Sun, 22 Jul 2012 11:01:31 +0100
with message-id <1342951291.13223.133.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#682367: unblock: tcc/0.9.26~git20120612.ad5f375-6
has caused the Debian Bug report #682367,
regarding unblock: tcc/0.9.26~git20120612.ad5f375-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
682367: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682367
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: freeze-exception

Please unblock package tcc

This new version fixes a bug where a long long value is not correctly
read from memory into the registers. This leads to unexpected behavior
of correctly written programs and could have security issue for these
programs. People are warned in tcc's description that the compiler is not
ready for production because it could have security problems but it
would still be good to have a fixed version when a bug is known.

The patch is small and only the fix for the bug has been included in
this upload. The relevant bug number is #681281 and is of severity
important. Attached to this mail the debdiff from the previous version.

unblock tcc/0.9.26~git20120612.ad5f375-6

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: armhf (armv7l)

Kernel: Linux 2.6.38-ac2-ac100 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru tcc-0.9.26~git20120612.ad5f375/debian/changelog tcc-0.9.26~git20120612.ad5f375/debian/changelog
--- tcc-0.9.26~git20120612.ad5f375/debian/changelog	2012-07-09 21:30:35.000000000 +0800
+++ tcc-0.9.26~git20120612.ad5f375/debian/changelog	2012-07-22 00:41:21.000000000 +0800
@@ -1,3 +1,17 @@
+tcc (0.9.26~git20120612.ad5f375-6) unstable; urgency=low
+
+  [Paul Tagliamonte]
+    * Uploading Tom's fixes on his behalf. Although he's signed this upload
+      (he issued a debdiff), I've prepared this upload. Fix verified on
+      i386.
+
+  [Thomas Preud'homme]
+    * debian/patches:
+      + Fix incorrect reading of long long values on architecture with 32bits
+        registers like i386 and armel (Closes: #681281).
+
+ -- Thomas Preud'homme <robotux@celest.fr>  Sat, 21 Jul 2012 03:43:35 +0200
+
 tcc (0.9.26~git20120612.ad5f375-5) unstable; urgency=low
 
   * debian/patches:
diff -Nru tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch
--- tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch	1970-01-01 08:00:00.000000000 +0800
+++ tcc-0.9.26~git20120612.ad5f375/debian/patches/0006-get_reg-try-to-free-r2-for-an-SValue-first.patch	2012-07-22 00:31:29.000000000 +0800
@@ -0,0 +1,51 @@
+From 315185fe1db1296e511bec15894dad22432c9a7f Mon Sep 17 00:00:00 2001
+From: Thomas Preud'homme <robotux@celest.fr>
+Date: Sat, 21 Jul 2012 03:36:51 +0200
+Subject: get_reg(): try to free r2 for an SValue first
+
+To be able to load a long long value correctly on i386, gv() rely on the
+fact that when get_reg() look at an SValue it tries first to free the
+register in r2 and then r. More information about the context can be
+found at
+http://lists.nongnu.org/archive/html/tinycc-devel/2012-06/msg00017.html
+and later at
+http://lists.nongnu.org/archive/html/tinycc-devel/2012-07/msg00021.html
+
+Origin: upstream,http://repo.or.cz/w/tinycc.git/commit/d1694f7d7e6d96f64d1330c9b43491b613272b1e
+Bug-Debian: http://bugs.debian.org/681281
+Forwarded: http://lists.nongnu.org/archive/html/tinycc-devel/2012-06/msg00017.html
+Last-Updated: 2012-07-21
+Applied-Upstream: commit:d1694f7d7e6d96f64d1330c9b43491b613272b1e
+---
+ tccgen.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/tccgen.c b/tccgen.c
+index d27bdba..71d0809 100644
+--- a/tccgen.c
++++ b/tccgen.c
+@@ -589,11 +589,11 @@ ST_FUNC int get_reg(int rc)
+        IMPORTANT to start from the bottom to ensure that we don't
+        spill registers used in gen_opi()) */
+     for(p=vstack;p<=vtop;p++) {
+-        r = p->r & VT_VALMASK;
++        /* look at second register (if long long) */
++        r = p->r2 & VT_VALMASK;
+         if (r < VT_CONST && (reg_classes[r] & rc))
+             goto save_found;
+-        /* also look at second register (if long long) */
+-        r = p->r2 & VT_VALMASK;
++        r = p->r & VT_VALMASK;
+         if (r < VT_CONST && (reg_classes[r] & rc)) {
+         save_found:
+             save_reg(r);
+@@ -812,7 +812,8 @@ ST_FUNC int gv(int rc)
+                     vtop[-1].r = r; /* save register value */
+                     vtop->r = vtop[-1].r2;
+                 }
+-                /* allocate second register */
++                /* Allocate second register. Here we rely on the fact that
++                   get_reg() tries first to free r2 of an SValue. */
+                 r2 = get_reg(rc2);
+                 load(r2, vtop);
+                 vpop();
diff -Nru tcc-0.9.26~git20120612.ad5f375/debian/patches/series tcc-0.9.26~git20120612.ad5f375/debian/patches/series
--- tcc-0.9.26~git20120612.ad5f375/debian/patches/series	2012-07-09 21:30:35.000000000 +0800
+++ tcc-0.9.26~git20120612.ad5f375/debian/patches/series	2012-07-22 00:31:29.000000000 +0800
@@ -3,3 +3,4 @@
 0003-Detect-multiarch-on-Kfreebsd-and-Hurd.patch
 0004-Disable-callsave_test-test-on-arm.patch
 0005-Incorrect-shift-result-type-with-64-bit-ABI.patch
+0006-get_reg-try-to-free-r2-for-an-SValue-first.patch

--- End Message ---
--- Begin Message --- 
On Sun, 2012-07-22 at 11:56 +0800, Thomas Preud'homme wrote:
> Please unblock package tcc
> 
> This new version fixes a bug where a long long value is not correctly
> read from memory into the registers. This leads to unexpected behavior
> of correctly written programs and could have security issue for these
> programs. People are warned in tcc's description that the compiler is not
> ready for production because it could have security problems but it
> would still be good to have a fixed version when a bug is known.

Unblocked.

Regards,

Adam

--- End Message ---
Reply to: