[xml/sgml-pkgs] Bug#902051: Bug#902051: libxslt: generate-id() not returning unique IDs

Mattia Rizzolo mattia at debian.org
Tue Jan 19 04:47:40 GMT 2021 

Hi MaJiang,

On Tue, Dec 03, 2019 at 11:21:27AM +0800, ma.jiang at zte.com.cn wrote:
> We have managed to get a unique IDs (without multi-thread). Hope this could help to get a reproducible build.

Thank you for chiming in, and sorry for not getting back to you much
much sooner!!

> Now the ID is generated by a ptr diff. 
> val = (long)((char *)cur - (char *)&base_address);
> cur is the address of a xmlNsPtr node stored in a hash table(of course, eventually it's in the heap), base_address is a static variable(in a data section);

Right.

> After some debug, we found there are two major disturbances that prevent a reproducible build.
> First, hash functions use a random seed get from time(). So the address of nodes in hash tables(related to cur) is not stable across multi-builds.
> Second, ASLR (Address Space Layout Randomization) changes the base addresses of data section and heap  every time we start a new process.
> 
> To fix the first problem, we could fake a fixed time. We currently use libfaketime, and of course eventually  something like https://gitlab.gnome.org/GNOME/libxslt/commit/e57df303eca25a2a3f9e0625c29f4b20177858cc   should be applied.
> 
> To fix the second problem, we could change the ptr diff algorithm to 
> val = (long)((char *)cur -  heapStartAddr);
> After this change, ALSR could not disturb ID generation anymore, because we have eliminated the base address of heap.

Unfortunately, that doesn't seem to be enough in this case I tried.
I did the thing with the current debian package where the
SOURCE_DATE_EPOCH commit you linked is already applied, I removed our
(broken as this bug report reports) patch, then added yours instead.

As a test case I used the debian-faq package, and that produces
non-deterministic IDs.


Which makes me curious, in which circumstances would your patch produce
deterministic IDs?

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
More about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20210119/ef0c0649/attachment.sig>

More information about the debian-xml-sgml-pkgs mailing list