Build of app-editors/pluma-2.24.1 fails on itstool crash. Further investigation had shown that a segmentation fault was caused by a known libxml2 bug.
Steps to Reproduce:
1. Build app-editors/pluma-2.24.1
Build fails on a segmentation fault in itstool.
Pluma 2.24.1 built.
Created attachment 662872 [details, diff]
Patch used in Red Hat and Debian builds
https://gitlab.gnome.org/GNOME/libxml2/-/issues/187 seems to be a similar but different issue. In both cases malformed document causes segfault, however this problem is with structure and not broken unicode. Looking at the same file in libxml2 source, I can see a bunch of places where strings are passed from vsnprintf() to Python with no checks.
In at least two instances null termination of vsnprintf() results also has off-by-one errors in truncation detection. Fortunately, the error is to the safe side, however that truncation potentially can produce _another_ invalid unicode from valid one.
I can confirm this behaviour. I applied the patch from
and it solved the problem.
So that patch (the same as https://bugs.gentoo.org/attachment.cgi?id=662872) was already there but dropped in
I can re-apply the old patch, but is this *actually* reported upstream?
(In reply to Sam James from comment #5)
> I can re-apply the old patch, but is this *actually* reported upstream?
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2020-12-03 00:13:24 +0000
Commit: Sam James <email@example.com>
CommitDate: 2020-12-03 00:14:49 +0000
dev-libs/libxml2: restore itstool-segfault patch
We stopped applying this patch during a roll
of a new patchset (my fault), but it seems to still
be needed. Noticed when building some of MATE.
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Sam James <firstname.lastname@example.org>
.../libxml2-2.9.8-python3-unicode-errors.patch | 34 ++++++++++++++++++++++
...2-2.9.10-r3.ebuild => libxml2-2.9.10-r4.ebuild} | 3 ++
2 files changed, 37 insertions(+)
*** Bug 744739 has been marked as a duplicate of this bug. ***
*** Bug 734968 has been marked as a duplicate of this bug. ***
*** Bug 745135 has been marked as a duplicate of this bug. ***