[Debian GNUstep maintainers] Bug#1118063: libobjc4: Invoking a method returning a floating point type or struct on a nil receiver returns garbage value

Yavor Doganov yavor at gnu.org
Tue Oct 14 15:35:03 BST 2025 

Package: libobjc4
Version: 12.2.0-14+deb12u1
Severity: important
Tags: upstream
Forwarded: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121624
X-Debbugs-Cc: pkg-gnustep-maintainers at lists.alioth.debian.org
Control: affects -1 gnustep-gui lynkeos.app

While testing the new upstream lynkeos.app release I found out that
the program is unusable since text is missing in most of the UI
elements.  Further investigation showed that the culprit is
gnustep-gui's GSXib5KeyedUnarchiver parsing the app's XIB files:

- (id) decodeFontSizeForElement: (GSXibElement*)element
{
  NSDictionary *attributes = [element attributes];
  CGFloat       size       = [[attributes objectForKey: @"size"] floatValue];

  if (size == 0)
    {
      ...

That's perfectly fine code, it relies on the semantics of the language
that invoking a method returning a scalar type on a nil receiver
should return 0.  But it returns a gigantic garbage value instead;
subsequently the condition (size == 0) is false and all goes havoc.

I was initially confused that this is a compiler bug since I could not
reproduce it with a simple test program built with clang-19 on a sid
system but *linked* with the GCC runtime.  Examining the assembly
revealed that clang generates code which is doing a check if the
receiver is nil, skipping the library call if that's the case.

If the patch for the frontend that is proposed upstream is committed,
we should binNMU all reverse dependencies when it propagates to the
default compiler and is available on all architectures.  A lot of
GNUstep methods return floating point types or "simple" structs with
two CGFloat members.  There are probably a ton of hidden bugs due to
this problem.

-- System Information:
Debian Release: 12.12
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable-debug'), (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 6.1.0-40-686-pae (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libobjc4 depends on:
ii  gcc-12-base  12.2.0-14+deb12u1
ii  libc6        2.36-9+deb12u13
ii  libgc1       1:8.2.2-3
ii  libgcc-s1    12.2.0-14+deb12u1

libobjc4 recommends no packages.

libobjc4 suggests no packages.

-- no debconf information

More information about the pkg-GNUstep-maintainers mailing list