[Pkg-rust-maintainers] Bug#959877: rustc: soundness bug reintroduced by debian due to system LLVM

Jakub Kądziołka kuba at kadziolka.net
Wed May 6 13:45:18 BST 2020 

Package: rustc
Version: 1.42.0+dfsg1-1
Severity: important
Tags: security

[ NOTE: I have tried to check whether this reproduces on the 1.43
package that reportbug can see on experimental, but apt claims there's
no new version on experimental. ]

Steps to reproduce:

1. Download this file from rustc's test suite:
$ wget https://raw.githubusercontent.com/rust-lang/rust/f8d394e5184fe3af761ea1e5ba73f993cfb36dfe/src/test/ui/issues/issue-69225-SCEVAddExpr-wrap-flag.rs

2. Compile it.
$ rustc -C opt-level=3 issue-69225-SCEVAddExpr-wrap-flag.rs

3. Run the binary.
$ ./issue-69225-SCEVAddExpr-wrap-flag

Actual output:
Segmentation fault

Expected output (from rustc 1.42.0 obtained via rustup):
thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 16777216', issue-69225-SCEVAddExpr-wrap-flag.rs:24:17
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

This bug stems from a miscompilation introduced in LLVM 9. The fix got
backported into the LLVM vendored by Rust in 1.41.1:
https://github.com/rust-lang/llvm-project/commit/7d5e7c023053660ffe494d72ce471e48ecc7f49b

This discussion on Rust's zulip might also be relevant:
https://rust-lang.zulipchat.com/#narrow/stream/187780-t-compiler.2Fwg-llvm/topic/The.20LLVM.20release.20process

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages rustc depends on:
ii  binutils              2.34-6
ii  gcc                   4:9.2.1-3.1
ii  libc6                 2.30-4
ii  libc6-dev [libc-dev]  2.30-4
ii  libgcc-s1             10-20200502-1
ii  libstd-rust-dev       1.42.0+dfsg1-1

Versions of packages rustc recommends:
pn  cargo                 <none>
pn  rust-gdb | rust-lldb  <none>

Versions of packages rustc suggests:
pn  lld-9     <none>
pn  rust-doc  <none>
pn  rust-src  <none>

-- no debconf information

More information about the Pkg-rust-maintainers mailing list