https://blogs.gentoo.org/ago/2017/06/28/xar-null-pointer-dereference-in-xar_get_path-util-c/ https://blogs.gentoo.org/ago/2017/06/28/xar-null-pointer-dereference-in-xar_unserialize-archive-c/
FWICS in the linked issue, the repo we're using for 'xar' is not really a canonical upstream but merely a 'pull request' fork. It kinda become canonical when the original repository disappeared but the author is not capable of taking it forward. That said, I have no clue what's the status of canonical xar implementation. It's quite possible that OSX includes its own implementation. The only revdep in Gentoo is sys-devel/binutils-apple. Given it's a pure macos Prefix package, I'm not sure if it really even needs custom app-arch/xar, or can use xar from the host system. @prefix, could you look into this? If we don't need the custom package, we should treeclean it as dead and seriously broken.
binutils-apple links against libxar for USE=lto. We can't really rely on the host xar, if it even exists. We can take xar, or use the apple-provided version perhaps? https://opensource.apple.com/source/xar/xar-400/
for the record, I can't reproduce both issues, e.g. % env LD_LIBRARY_PATH=${PWD}/lib valgrind ./src/xar -t -f 00287-xar-nullptr-xar_get_path ==23973== Memcheck, a memory error detector ==23973== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==23973== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==23973== Command: ./src/xar -t -f 00287-xar-nullptr-xar_get_path ==23973== Error opening xar archive: 00287-xar-nullptr-xar_get_path ==23973== ==23973== HEAP SUMMARY: ==23973== in use at exit: 3,280 bytes in 118 blocks ==23973== total heap usage: 142 allocs, 24 frees, 151,368 bytes allocated ==23973== ==23973== LEAK SUMMARY: ==23973== definitely lost: 0 bytes in 0 blocks ==23973== indirectly lost: 0 bytes in 0 blocks ==23973== possibly lost: 0 bytes in 0 blocks ==23973== still reachable: 3,280 bytes in 118 blocks ==23973== suppressed: 0 bytes in 0 blocks ==23973== Rerun with --leak-check=full to see details of leaked memory ==23973== ==23973== For counts of detected and suppressed errors, rerun with: -v ==23973== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) If it were a segfault, it should've been seen, should it?
Apple's latest version (called 1.8dev or something) has this particular cases fixed: https://opensource.apple.com/source/xar/xar-400/xar/lib/util.c.auto.html (see xar_get_path, it checks for name being found) https://opensource.apple.com/source/xar/xar-400/xar/lib/archive.c.auto.html (see xar_unserialize, s is checked for now)
Yeah, the Apple version sounds good. I presume it builds on Linux?
I assigned maintainership to Prefix team, and bumped to version xar-1.8 which gives: (ptah:work/xar-400/xar) % env LD_LIBRARY_PATH=${PWD}/lib ./src/xar -t -f 00287-xar-nullptr-xar_get_path Warning, archive contains invalid path: (null) (ptah:work/xar-400/xar) % env LD_LIBRARY_PATH=${PWD}/lib ./src/xar -t -f 00288-xar-nullptr-xar_unserialize namespace error : Failed to parse QName 'treatve:' <treatve:-time>2017-06-/4/encor>rle="shticor>r?> ^ Entity: line 13: parser error : StartTag: invalid element name <x/>0:2enco-:<xar>em:97o9<6i7o>":cor>rsis8se"?> ^ Error opening xar archive: 00288-xar-nullptr-xar_unserialize
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00eb371909b41be58b3c951eab022754911adf96 commit 00eb371909b41be58b3c951eab022754911adf96 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-01-19 19:26:02 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-01-19 19:26:18 +0000 app-arch/xar: version bump to v1.8, bug #624642 Assign maintainership to Prefix team Bump to 1.8 version from Apple sources (xar-400) because this package is used by binutils-apple on macOS systems. Bug: https://bugs.gentoo.org/624642 Package-Manager: Portage-2.3.13, Repoman-2.3.3 app-arch/xar/Manifest | 1 + app-arch/xar/metadata.xml | 8 ++++---- app-arch/xar/xar-1.8.ebuild | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 4 deletions(-)}
Yes, 1.8 builds on Linux (with two quick tweaks I did in the ebuild).
Thanks a lot. I suppose you don't mind me making the ebuild multilib since I need it as dep of LLVM.
Please go ahead. I wanted to fixup some things properly, but I'll wait with that, no problem.
Thanks, pushed now.
*** Bug 624426 has been marked as a duplicate of this bug. ***
*** Bug 624428 has been marked as a duplicate of this bug. ***
@arches, please stabilize.
amd64 stable
ia64 stable
x86 stable
Stable on alpha.
hppa stable
CC'ing sparc as they were missed. @maintainer(s), please clean vulnerable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68ff62ebc98928de408f34ecb9f58bca1187ac08 commit 68ff62ebc98928de408f34ecb9f58bca1187ac08 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-06-12 16:11:35 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-06-12 16:11:35 +0000 app-arch/xar: cleanup, leave 1.6.1-r1 for sparc, bug #624642 Bug: https://bugs.gentoo.org/624642 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-arch/xar/xar-1.6.1-r1.ebuild | 2 +- app-arch/xar/xar-1.8.ebuild | 46 ---------------------------------------- 2 files changed, 1 insertion(+), 47 deletions(-)
bug will remain open until we can clean that one. Thanks, Fabian!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64b7eb0ed75c3b7dd9fe73ed6a1b1ae7eb25fdcc commit 64b7eb0ed75c3b7dd9fe73ed6a1b1ae7eb25fdcc Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-16 19:21:59 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-16 19:26:27 +0000 app-arch/xar: stable 1.8-r1 for sparc Bug: https://bugs.gentoo.org/624642 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" app-arch/xar/xar-1.8-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=281fd981efe7ecaede5b712d42272a10f14abaff commit 281fd981efe7ecaede5b712d42272a10f14abaff Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-06-17 06:12:35 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-06-17 06:12:35 +0000 app-arch/xar: drop vulnerable version, bug #624642 Bug: https://bugs.gentoo.org/624642 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-arch/xar/Manifest | 1 - app-arch/xar/xar-1.6.1-r1.ebuild | 40 ---------------------------------------- 2 files changed, 41 deletions(-)
