[Bug 1828282] Re: busybox 1.30.1 crashes bzip2 test case with glibc 2.29, always

Bug Watch Updater 1828282 at bugs.launchpad.net
Thu May 23 11:45:29 UTC 2019 

Launchpad has imported 1 comments from the remote bug at
https://bugs.busybox.net/show_bug.cgi?id=11896.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2019-05-23T10:56:10+00:00 Dimitri John Ledkov wrote:

Originally reported at
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1828282 with
initial suspicion at glibc, however later diagnosed to be a busybox
issue.

The full analysis is at
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1828282/comments/1

In short bz2_issue_11.bz2 test case always fails on s390x since bunzip2
depends on uninitialised values, which happen to always be "wrong" on
s390x.

This is observable with valgrind too:

# valgrind busybox bunzip2 <bz2_issue_11.bz2 2>&1 >/dev/null
==40965== Memcheck, a memory error detector
==40965== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==40965== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==40965== Command: busybox bunzip2
==40965== 
==40965== Conditional jump or move depends on uninitialised value(s)
==40965==    at 0x17C1D4: get_next_block (decompress_bunzip2.c:393)
==40965==    by 0x17C37F: get_next_block (decompress_bunzip2.c:419)
==40965== 
bunzip2: bunzip error -5
==40965== 
==40965== HEAP SUMMARY:
==40965==     in use at exit: 0 bytes in 0 blocks
==40965==   total heap usage: 7 allocs, 7 frees, 4,539,696 bytes allocated
==40965== 
==40965== All heap blocks were freed -- no leaks are possible
==40965== 
==40965== For counts of detected and suppressed errors, rerun with: -v
==40965== Use --track-origins=yes to see where uninitialised values come from
==40965== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)


For the time being we are skipping the bz2_issue_11.bz2 test case in ubuntu.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1828282/comments/6


** Changed in: busybox
       Status: Unknown => Confirmed

** Changed in: busybox
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1828282

Title:
  busybox 1.30.1 crashes bzip2 test case with glibc 2.29, always

Status in BusyBox:
  Confirmed
Status in Ubuntu on IBM z Systems:
  Invalid
Status in busybox package in Ubuntu:
  Triaged
Status in glibc package in Ubuntu:
  Invalid

Bug description:
  Steps to reproduce:

  1) Get a system with glibc 2.29

  2) Get busybox 1.30.1 installed (e.g. eoan, or download busybox
  package from
  https://launchpad.net/ubuntu/+source/busybox/1:1.30.1-4ubuntu3/+build/16724246
  and use $ apt install ./busybox*.deb to install)

  3) Get busybox 1.30.1 source code, e.g. $ pull-lp-source busybox
  Or like download the orig tarball from https://launchpad.net/ubuntu/+source/busybox/1:1.30.1-4ubuntu3

  4) Run the bunzip2 testsuite:

  cd testsuite/
  ECHO=/bin/echo ./bunzip2.tests

  Observe that with glibc 2.29 the:
  PASS: bunzip2: bz2_issue_11.bz2 corrupted example

  is XFAIL or FAIL, on s390x, whereas it passes on all other arches.

  If one uses glibc 2.28 (ie. use Cosmic, and install busybox & use
  matching test suite from eoan using links above) one can observe that
  the testcase always passes.

  We suspect this might be a glibc 2.29 s390x-specific setjmp
  regression. Probably due to setjmp usage in
  ./archival/libarchive/decompress_bunzip2.c

  The tests were done on a z13 machine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/busybox/+bug/1828282/+subscriptions

More information about the foundations-bugs mailing list