[Debian-med-packaging] Bug#1118526: tests: kallistro: corrupted size vs. prev_size
Tj
tj.iam.tj at proton.me
Tue Oct 21 16:50:31 BST 2025
Source: kallisto
Version: 0.48.0+dfsg-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: tj.iam.tj at proton.me
Following up with analysis after the test failure was mentioned by
Andreas in Matrix "Debian Tiny Tasks".
I do not have time to attack it and not familiar with the code-base but
this analysis should help.
Referring to the failed build log:
https://salsa.debian.org/med-team/kallisto/-/jobs/8480324#L2345
"corrupted size vs. prev_size" :- The direct cause is out-of-bounds writes into malloc control structure fields.
E.g: given `A = calloc(1, 16); B = calloc(1,16)` and A contiguous with B.
If `struct *S = A` and `sizeof(A) == sizeof(*S)` then S[0] is valid but S[1] is out-of-bounds and a
write may trample on the control structure preamble of B.
>From what I can deduce it occurs in `ext/bifrost/src/CompactDBG.tcc::CompactDBG::construct()` template after line 3323 and before line 3331.
Most likely the reference to `size()` in line 3329.
if (opt.verbose) cout << "CompactedDBG::construct(): After join tips using mercy k-mers: " << size() << " unitigs" << endl;
https://salsa.debian.org/med-team/kallisto/-/blob/72ff60faebbab43eba75e55fe393d88de42116a5/ext/bifrost/src/CompactedDBG.tcc#L3323
Disabling `opt.verbose` would be an easy way to (dis)prove that.
More information about the Debian-med-packaging
mailing list