Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 745162 - dev-libs/libxml2-2.9.10-r3: Unicode handling in causes itstool crashes
Summary: dev-libs/libxml2-2.9.10-r3: Unicode handling in causes itstool crashes
Status: IN_PROGRESS
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sam James
URL: https://gitlab.gnome.org/GNOME/libxml...
Whiteboard: Workaround patch from Fedora in place...
Keywords: PATCH
: 734968 744739 745135 (view as bug list)
Depends on:
Blocks: 734968 745135
  Show dependency tree
 
Reported: 2020-09-28 19:04 UTC by Alex Belits
Modified: 2021-01-12 22:27 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch used in Red Hat and Debian builds (python3-unicode-errors.patch,1.51 KB, patch)
2020-09-28 19:06 UTC, Alex Belits
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Belits 2020-09-28 19:04:42 UTC
Build of app-editors/pluma-2.24.1 fails on itstool crash. Further investigation had shown that a segmentation fault was caused by a known libxml2 bug.

Reproducible: Always

Steps to Reproduce:
1. Build app-editors/pluma-2.24.1
Actual Results:  
Build fails on a segmentation fault in itstool.

Expected Results:  
Pluma 2.24.1 built.
Comment 1 Alex Belits 2020-09-28 19:06:19 UTC
Created attachment 662872 [details, diff]
Patch used in Red Hat and Debian builds
Comment 2 Alex Belits 2020-09-29 20:47:04 UTC
https://gitlab.gnome.org/GNOME/libxml2/-/issues/187 seems to be a similar but different issue. In both cases malformed document causes segfault, however this problem is with structure and not broken unicode. Looking at the same file in libxml2 source, I can see a bunch of places where strings are passed from vsnprintf() to Python with no checks.

In at least two instances null termination of vsnprintf() results also has off-by-one errors in truncation detection. Fortunately, the error is to the safe side, however that truncation potentially can produce _another_ invalid unicode from valid one.
Comment 3 OzTiram 2020-11-28 18:11:37 UTC
I can confirm this behaviour. I applied the patch from 
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/libxml2/files/2.9.9-python3-unicode-errors.patch?id=47c1fed5929fd9633e535c9da15d34c1f09d065a

and it solved the problem.
Comment 5 Sam James archtester gentoo-dev Security 2020-12-02 23:56:51 UTC
I can re-apply the old patch, but is this *actually* reported upstream?
Comment 6 Sam James archtester gentoo-dev Security 2020-12-03 00:08:40 UTC
(In reply to Sam James from comment #5)
> I can re-apply the old patch, but is this *actually* reported upstream?

Ah: https://gitlab.gnome.org/GNOME/libxml2/-/issues/64.

(https://745162.bugs.gentoo.org/attachment.cgi?id=662872)
Comment 7 Larry the Git Cow gentoo-dev 2020-12-03 00:14:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da4038c33b2c7684f5766d6e8f1d1089e863e87c

commit da4038c33b2c7684f5766d6e8f1d1089e863e87c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-12-03 00:13:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-03 00:14:49 +0000

    dev-libs/libxml2: restore itstool-segfault patch
    
    We stopped applying this patch during a roll
    of a new patchset (my fault), but it seems to still
    be needed. Noticed when building some of MATE.
    
    Bug: https://bugs.gentoo.org/745162
    Package-Manager: Portage-3.0.9, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 .../libxml2-2.9.8-python3-unicode-errors.patch     | 34 ++++++++++++++++++++++
 ...2-2.9.10-r3.ebuild => libxml2-2.9.10-r4.ebuild} |  3 ++
 2 files changed, 37 insertions(+)
Comment 8 Sam James archtester gentoo-dev Security 2021-01-12 22:26:05 UTC
*** Bug 744739 has been marked as a duplicate of this bug. ***
Comment 9 Sam James archtester gentoo-dev Security 2021-01-12 22:26:49 UTC
*** Bug 734968 has been marked as a duplicate of this bug. ***
Comment 10 Sam James archtester gentoo-dev Security 2021-01-12 22:26:57 UTC
*** Bug 745135 has been marked as a duplicate of this bug. ***