[Debian-med-packaging] Bug#954127: fermi-lite broken on armhf

[Steve Langasek]

Package: fermi-lite
Version: 0.1-9
Severity: grave
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu focal ubuntu-patch

Dear maintainers,

In Ubuntu, the fermi-lite autopkgtest has started failing on armhf with
version 0.1-9; where it previously succeeded, it now produces a segfault.

Investigation shows a problem with an assumption about the behavior when
implicitly casting from an unsigned integer type to a signed integer type:
when v->n is 0 in this function, because v->n is of type size_t, v->n - 1
yields UINT32_MAX, not -1.

The attached patch fixes the segfault.

Since the code here doesn't seem to have changed since the previous version
of the package whose autopkgtests succeeded, I assume this is due to a
behavior change in the compiler.  However, as far as I can see the new and
old behavior are valid under the C standard, so this is a fermi-lite bug,
not a compiler bug.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
diff -Nru fermi-lite-0.1/debian/patches/ensure-signed-comparison fermi-lite-0.1/debian/patches/ensure-signed-comparison
--- fermi-lite-0.1/debian/patches/ensure-signed-comparison	1969-12-31 16:00:00.000000000 -0800
+++ fermi-lite-0.1/debian/patches/ensure-signed-comparison	2020-03-17 01:09:35.000000000 -0700
@@ -0,0 +1,21 @@
+Description: Ensure that our variable checking for >= 0 is signed
+ The type of v->n is size_t, which is an unsigned type, and we are assigning
+ v->n - 1 to i and looping while this is >= 0.  If v->n == 0, on some
+ architectures (armhf) this results in i being set to a positive value
+ (specifically, UINT32_MAX).
+Author: Steve Langasek <steve.langasek at ubuntu.com>
+Last-Update: 2020-03-17
+
+Index: fermi-lite-0.1/mag.c
+===================================================================
+--- fermi-lite-0.1.orig/mag.c
++++ fermi-lite-0.1/mag.c
+@@ -506,7 +506,7 @@
+ 
+ 	for (j = 0; j < 2; ++j) {
+ 		sum_n = sum_l = 0;
+-		for (i = v->n - 1; i >= 0; --i) {
++		for (i = (int64_t)v->n - 1; i >= 0; --i) {
+ 			const magv_t *p = &v->a[srt[i]<<32>>32];
+ 			int tmp1, tmp2;
+ 			tmp1 = tmp2 = 0;
diff -Nru fermi-lite-0.1/debian/patches/series fermi-lite-0.1/debian/patches/series
--- fermi-lite-0.1/debian/patches/series	2020-02-15 04:17:54.000000000 -0800
+++ fermi-lite-0.1/debian/patches/series	2020-03-17 01:04:57.000000000 -0700
@@ -3,4 +3,5 @@
 rename_bseq1_t.patch
 bcf_seqlib.patch
 simde
+ensure-signed-comparison
 sync_instead_of_atomic