mhash fails the following test with the following output: /bin/sh: line 4: 3510 Segmentation fault ${dir}$tst FAIL: keygen_test If I dig into it it seems like one pointer gets screwed up by a function (mhash_keygen_ext) which should not touch that pointer afaics and after mutils_memset is run on that pointer mutils_asciify segfault. Commenting away memset and the segfault disapperes. Comment away mhash_keygen_ext and the segfault disapperes and the test fails. I know this test works if I compile mhash with -m32 on the same system. I do not know if this breaks on other 64-bit arches. Portage 2.2_rc51 (hardened/linux/amd64/10.0, gcc-4.4.2, glibc-2.11-r0, 2.6.31-gentoo-r6 x86_64) ================================================================= System uname: Linux-2.6.31-gentoo-r6-x86_64-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-2.0.1 Timestamp of tree: Wed, 25 Nov 2009 04:30:01 +0000 ccache version 2.4 [disabled] app-shells/bash: 4.0_p35 dev-java/java-config: 2.1.9-r1 dev-lang/python: 2.6.4, 3.1.1-r1 dev-python/pycrypto: 2.1.0_beta1 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.8.0 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.5.2-r2 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.13, 2.64 sys-devel/automake: 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.20 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe -ggdb -mtune=native -floop-interchange -floop-strip-mine -floop-block" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/spool/torque" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=native -O2 -pipe -ggdb -mtune=native -floop-interchange -floop-strip-mine -floop-block" DISTDIR="/var/portage/distfiles" FEATURES="assume-digests distlocks fixpackages metadata-transfer news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict test unmerge-logs unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp.sunet.se/pub/os/Linux/distributions/gentoo" LANG="sv_SE.UTF-8" LC_ALL="C" LDFLAGS="-Wl,--as-needed -Wl,-O1 -Wl,--sort-common -Wl,--warn-once,--hash-style=gnu" LINGUAS="sv" MAKEOPTS="-j25 -l10" PKGDIR="/var/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/var/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/java-overlay /usr/local/portage/layman/hardened-development /usr/local/portage/layman/gnome /usr/local/portage/layman/x11 /usr/local/portage/layman/gamerlay /usr/local/portage/mine" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac accessibility acl acpi alsa amd64 amr amrnb amrwb applet archive avahi bash-completion bluetooth bzip2 cairo ccache cdaudio cdda cdr cleartype cli consolekit cracklib crypt cups cxx dbus deskbar device-mapper devicekit devkit dhcpcd digitalradio dirac djvu dri dts dvd dvdr dvi eds encode eselect evo exchange exif faac faad fat fbcondecor ffmpeg fftw flac fuse gdbm gdm gdu gif gimp glib gmp gnome gnome-keyring gnutls gphoto2 gpm grammar graphite gsf gsm gstreamer gtk gudev hal hardened ical iconv iconvacl icu id3tag idn ieee1394 iptc jabber java6 jingle jpeg jpeg2k justify kate kvm lcms libnotify logrotate lvm lzma mad maps math matroska mktemp mms mmx mmxext moonlight mp2 mp3 mpeg msn mtp mudflap multilib musepack musicbrainz nautilus ncurses network-cron networkmanager nfs nls nptl nptlonly ntfs offensive ogg opencore-amr opengl openmp openntpd ots pam pango parted pcre pdf perl pic pidgin png policykit pppd pulseaudio python quicktime raw readline reflection samba session smp sms speex spell spl sse sse2 ssl ssse3 startup-notification subversion svg sysfs test tex theora thesaurus threads tiff totem tracker truetype udev unicode upnp urandom usb userlocales v4l vhook videos vim-syntax vorbis wmf x264 xcb xcomposite xmp xmpp xorg xulrunner xv xvid xvmc zeroconf zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="sv" SANE_BACKENDS="net" USERLAND="GNU" VIDEO_CARDS="nouveau" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 211939 [details, diff] fix, do not zero freed memory
(In reply to comment #1) > Created an attachment (id=211939) [details] > fix, do not zero freed memory > My only question is why does this test unmodified work on x86 but not on amd64?
Memory alignment and/or the things are in "harmless" places (due to different code/data size and thus positioning for 32/64 bit systems). I does not have installed support for x86 (32bit), so I cannot debug this.
(In reply to comment #3) > Memory alignment and/or the things are in "harmless" places (due to different > code/data size and thus positioning for 32/64 bit systems). I does not have > installed support for x86 (32bit), so I cannot debug this. > For me I could get the result with CFLAGS="-m32", but that may be because I use multilib?
(In reply to comment #3) > Memory alignment and/or the things are in "harmless" places (due to different > code/data size and thus positioning for 32/64 bit systems). Ah, you are probably right. Saw that keygen_test.c does mutils_free(tmp), making it a dangling pointer. mhash_keygen_ext corrupts this, so on other way to "work around" this or fix, is to straight after the mutils_free(tmp) set "tmp = NULL". However my C-fu is not THAT great that I can say what is the correct way of fixing this.
I can confirm the situation on tinderbox64 (and yet the package works on tinderbox(32)). AMD64 team you might want to look into this.
The test does "mutils_free(tmp);" (which is a simple wrapper around free()), then memsets the memory the now-dangling pointer points at to zero. It then does "tmp = mutils_asciify(key, keysize);", and mutils_asciify returns a freshly malloc'd pointer. So the memset is just wrong and should be removed (as the attached patch does). See also the upstream ticket: http://sourceforge.net/tracker/?func=detail&aid=2908478&group_id=4286&atid=104286 You may not crash as this is memory corruption of malloc's internals. Valgrind's memcheck should always complain without the patch and be happy with it (checked on amd64, but this should be a way to test the fix on a system where malloc won't crash because of this). Note the patch is of test code, not library/application code, so fixing this is not terribly urgent (ignoring the test failure is safe here, it's the test itself that is broken).
It still fails in mhash-0.9.9-r1 :-(
Please do not CC amd64 on your own
*** Bug 383997 has been marked as a duplicate of this bug. ***
Fixed in cvs.
