[Pkg-rust-maintainers] Bug#959877: Bug#959877: rustc: soundness bug reintroduced by debian due to system LLVM

Ximin Luo infinity0 at debian.org
Wed May 20 12:47:12 BST 2020 

Control: reassign -1 llvm-toolchain-9
Control: affects -1 rustc
Control: tags -1 + upstream patch

LLVM maintainer, please backport the following upstream patch to LLVM 9: https://github.com/rust-lang/llvm-project/commit/7d5e7c023053660ffe494d72ce471e48ecc7f49b

Since rust has already backported it to their LLVM, I assume it applies cleanly, but if it doesn't please let me know and I'll try to fix it.

X

Jakub Kądziołka:
> Package: rustc
> Version: 1.42.0+dfsg1-1
> Severity: important
> Tags: security
> 
> [ NOTE: I have tried to check whether this reproduces on the 1.43
> package that reportbug can see on experimental, but apt claims there's
> no new version on experimental. ]
> 
> Steps to reproduce:
> 
> 1. Download this file from rustc's test suite:
> $ wget https://raw.githubusercontent.com/rust-lang/rust/f8d394e5184fe3af761ea1e5ba73f993cfb36dfe/src/test/ui/issues/issue-69225-SCEVAddExpr-wrap-flag.rs
> 
> 2. Compile it.
> $ rustc -C opt-level=3 issue-69225-SCEVAddExpr-wrap-flag.rs
> 
> 3. Run the binary.
> $ ./issue-69225-SCEVAddExpr-wrap-flag
> 
> Actual output:
> Segmentation fault
> 
> Expected output (from rustc 1.42.0 obtained via rustup):
> thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 16777216', issue-69225-SCEVAddExpr-wrap-flag.rs:24:17
> note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
> 
> This bug stems from a miscompilation introduced in LLVM 9. The fix got
> backported into the LLVM vendored by Rust in 1.41.1:
> https://github.com/rust-lang/llvm-project/commit/7d5e7c023053660ffe494d72ce471e48ecc7f49b
> 
> This discussion on Rust's zulip might also be relevant:
> https://rust-lang.zulipchat.com/#narrow/stream/187780-t-compiler.2Fwg-llvm/topic/The.20LLVM.20release.20process
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages rustc depends on:
> ii  binutils              2.34-6
> ii  gcc                   4:9.2.1-3.1
> ii  libc6                 2.30-4
> ii  libc6-dev [libc-dev]  2.30-4
> ii  libgcc-s1             10-20200502-1
> ii  libstd-rust-dev       1.42.0+dfsg1-1
> 
> Versions of packages rustc recommends:
> pn  cargo                 <none>
> pn  rust-gdb | rust-lldb  <none>
> 
> Versions of packages rustc suggests:
> pn  lld-9     <none>
> pn  rust-doc  <none>
> pn  rust-src  <none>
> 
> -- no debconf information
> 
> _______________________________________________
> Pkg-rust-maintainers mailing list
> Pkg-rust-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-rust-maintainers
> 


-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

More information about the Pkg-rust-maintainers mailing list