[Pkg-erlang-devel] Bug#747593: Conflicting parameter declarations of erts_gzinflate_buffer
Michael Tautschnig
mt at debian.org
Sat May 10 09:23:58 UTC 2014
Package: erlang
Version: 1:17.0-dfsg-3
Usertags: goto-cc
During a rebuild of all packages in a clean sid chroot (and cowbuilder+pbuilder)
the build failed with the following error. Please note that we use our research
compiler tool-chain (using tools from the cbmc package), which permits extended
reporting on type inconsistencies at link time.
[...]
LD /srv/jenkins-slave/workspace/sid-goto-cc-erlang/erlang-17.0-dfsg/bin/x86_64-pc-linux-gnu/beam.smp
error: conflicting function declarations "erts_gzinflate_buffer"
old definition in module beam_load file beam/beam_load.c line 46
struct erl_drv_binary * (char *, signed int)
new definition in module gzio file drivers/common/gzio.c line 752
struct erl_drv_binary * (char *start, unsigned long int size)
Reviewing the code at
http://sources.debian.net/src/erlang/1:17.0-dfsg-3/erts/emulator/beam/beam_load.c#L46
http://sources.debian.net/src/erlang/1:17.0-dfsg-3/erts/emulator/drivers/common/gzio.c#L751
this appears particularly dangerous as the implementation of
erts_gzinflate_buffer may read arbitrary memory beyond the desired allocation,
because the high bytes of "size" will be uninitialised on systems with
sizeof(long)!=sizeof(int).
The maintainer may wish to adjust severity.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 859 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-erlang-devel/attachments/20140510/a2d6e250/attachment.sig>
More information about the Pkg-erlang-devel
mailing list