[R-pkg-team] Bug in r-base and r-cran-rcppparallel
Bastian Blank
waldi at debian.org
Wed Feb 10 17:55:57 GMT 2021
Control: clone -1 -2
Control: reassign -1 r-base 4.0.3-1
Control: retitle -1 r-base: dyn.load not useful for system libraries
Control: affects -1 r-cran-rcppparallel 5.0.2+dfsg-3
Control: severity -1 important
Control: reassign -2 r-cran-rcppparallel 5.0.2+dfsg-3
Control: retitle -2 r-cran-rcppparallel: generates broken load path for libtbb and fails on several architectures
Control: severity -2 serious
Hi Andreas
This are actually two bugs:
- r-base dyn.load not accepting relative library names on Linux systems
and
- r-cran-rcppparallel trying to workaround the bug in dyn.load by
deducting the full path of libtbb from the architecture instead of the
correct multiarch setting and failing.
This has nothing to do with r-cran-rstan or r-cran-rstanarm, but it
seems to be the first one to find out. I've attached patches to fix
both problems, properly re-assigned and adjusted the bugs.
This behaviour of R dyn.load might even be considered a security
vulnerability, because loading libraries from the working directory is a
problem.
Bastian
--
Kirk to Enterprise -- beam down yeoman Rand and a six-pack.
-------------- next part --------------
diff -Nru r-base-4.0.3/debian/changelog r-base-4.0.3/debian/changelog
--- r-base-4.0.3/debian/changelog 2020-10-10 12:04:31.000000000 +0000
+++ r-base-4.0.3/debian/changelog 2021-02-10 17:37:12.000000000 +0000
@@ -1,3 +1,10 @@
+r-base (4.0.3-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Make dyn.load follow system library path. (closes: #-1)
+
+ -- Bastian Blank <waldi at debian.org> Wed, 10 Feb 2021 17:37:12 +0000
+
r-base (4.0.3-1) unstable; urgency=medium
* New upstream version released this morning
diff -Nru r-base-4.0.3/debian/patches/dynload-system r-base-4.0.3/debian/patches/dynload-system
--- r-base-4.0.3/debian/patches/dynload-system 1970-01-01 00:00:00.000000000 +0000
+++ r-base-4.0.3/debian/patches/dynload-system 2021-02-10 17:07:48.000000000 +0000
@@ -0,0 +1,42 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ r-base (4.0.3-1.fix1) UNRELEASED; urgency=medium
+ .
+ * Test
+Author: Debian <bbl at debian-sid.uc1w5jib0zdu1hjrgnhfp3r5vb.ax.internal.cloudapp.net>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: 2021-02-10
+
+--- r-base-4.0.3.orig/src/unix/dynload.c
++++ r-base-4.0.3/src/unix/dynload.c
+@@ -220,14 +220,6 @@ static void getFullDLLPath(SEXP call, ch
+ {
+ if(path[0] == '~')
+ strcpy(buf, R_ExpandFileName(path));
+- else if(path[0] != '/') {
+-#ifdef HAVE_GETCWD
+- if(!getcwd(buf, PATH_MAX))
+-#endif
+- errorcall(call, _("cannot get working directory!"));
+- strcat(buf, "/");
+- strcat(buf, path);
+- }
+ else strcpy(buf, path);
+ }
+
diff -Nru r-base-4.0.3/debian/patches/series r-base-4.0.3/debian/patches/series
--- r-base-4.0.3/debian/patches/series 2020-04-03 14:27:57.000000000 +0000
+++ r-base-4.0.3/debian/patches/series 2021-02-10 17:07:48.000000000 +0000
@@ -1,3 +1,4 @@
# gfortran8-changes
# ppc64_change
# powerpc_change
+dynload-system
-------------- next part --------------
diff -Nru r-cran-rcppparallel-5.0.2+dfsg/debian/changelog r-cran-rcppparallel-5.0.2+dfsg/debian/changelog
--- r-cran-rcppparallel-5.0.2+dfsg/debian/changelog 2020-09-30 13:39:50.000000000 +0000
+++ r-cran-rcppparallel-5.0.2+dfsg/debian/changelog 2021-02-10 17:43:22.000000000 +0000
@@ -1,3 +1,10 @@
+r-cran-rcppparallel (5.0.2+dfsg-3.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Load libtbb from system patch. (closes: #-1)
+
+ -- Bastian Blank <waldi at debian.org> Wed, 10 Feb 2021 17:43:22 +0000
+
r-cran-rcppparallel (5.0.2+dfsg-3) unstable; urgency=medium
* Fix patch to make sure '-L' option will not be left out
diff -Nru r-cran-rcppparallel-5.0.2+dfsg/debian/control r-cran-rcppparallel-5.0.2+dfsg/debian/control
--- r-cran-rcppparallel-5.0.2+dfsg/debian/control 2020-09-30 13:39:50.000000000 +0000
+++ r-cran-rcppparallel-5.0.2+dfsg/debian/control 2021-02-10 17:43:22.000000000 +0000
@@ -7,7 +7,7 @@
Priority: optional
Build-Depends: debhelper-compat (= 13),
dh-r,
- r-base-dev,
+ r-base-dev (>= 4.0.3-1.1~),
libtbb-dev
Standards-Version: 4.5.0
Vcs-Browser: https://salsa.debian.org/r-pkg-team/r-cran-rcppparallel
diff -Nru r-cran-rcppparallel-5.0.2+dfsg/debian/patches/use_debian_packaged_libtbb.patch r-cran-rcppparallel-5.0.2+dfsg/debian/patches/use_debian_packaged_libtbb.patch
--- r-cran-rcppparallel-5.0.2+dfsg/debian/patches/use_debian_packaged_libtbb.patch 2020-09-30 13:39:50.000000000 +0000
+++ r-cran-rcppparallel-5.0.2+dfsg/debian/patches/use_debian_packaged_libtbb.patch 2021-02-10 17:43:22.000000000 +0000
@@ -3,8 +3,10 @@
Description: Do not try to build removed tbb code copy but
rather link to Debian packaged version
---- r-cran-rcppparallel.orig/src/Makevars.in
-+++ r-cran-rcppparallel/src/Makevars.in
+Index: r-cran-rcppparallel-5.0.2+dfsg/src/Makevars.in
+===================================================================
+--- r-cran-rcppparallel-5.0.2+dfsg.orig/src/Makevars.in
++++ r-cran-rcppparallel-5.0.2+dfsg/src/Makevars.in
@@ -1,6 +1,7 @@
PKG_CPPFLAGS = -I../inst/include
@@ -13,7 +15,7 @@
ifeq ($(OS), Windows_NT)
-@@ -86,20 +87,10 @@
+@@ -86,20 +87,10 @@ endif
all: tbb $(SHLIB)
tbb:
@@ -36,9 +38,11 @@
endif
---- r-cran-rcppparallel.orig/R/build.R
-+++ r-cran-rcppparallel/R/build.R
-@@ -53,13 +53,8 @@
+Index: r-cran-rcppparallel-5.0.2+dfsg/R/build.R
+===================================================================
+--- r-cran-rcppparallel-5.0.2+dfsg.orig/R/build.R
++++ r-cran-rcppparallel-5.0.2+dfsg/R/build.R
+@@ -53,37 +53,8 @@ tbbCxxFlags <- function() {
# Return the linker flags requried for TBB on this platform
tbbLdFlags <- function() {
@@ -49,15 +53,17 @@
- } else {
- ""
- }
-+ tbb <- tbbLibPath()
-+ paste("-L", asBuildPath(dirname(tbb)), " -ltbb -ltbbmalloc", sep = "")
- }
-
- # Determine the platform-specific path to the TBB library
-@@ -71,15 +66,7 @@
- "Windows" = paste("tbb", suffix, ".dll", sep = ""),
- "SunOS" = paste("libtbb", suffix, ".so", sep = "")
- )
+-}
+-
+-# Determine the platform-specific path to the TBB library
+-tbbLibPath <- function(suffix = "") {
+- sysname <- Sys.info()['sysname']
+- tbbSupported <- list(
+- "Darwin" = paste("libtbb", suffix, ".dylib", sep = ""),
+- "Linux" = paste("libtbb", suffix, ".so.2", sep = ""),
+- "Windows" = paste("tbb", suffix, ".dll", sep = ""),
+- "SunOS" = paste("libtbb", suffix, ".so", sep = "")
+- )
- if ((sysname %in% names(tbbSupported)) && !isSparc()) {
- libDir <- "lib/"
- if (sysname == "Windows")
@@ -67,7 +73,41 @@
- } else {
- NULL
- }
-+ libDir <- paste("/usr/lib/", version$arch, "-linux-gnu/libtbb.so", sep = "")
+-}
+-
+-isSparc <- function() {
+- Sys.info()['sysname'] == "SunOS" && Sys.info()[["machine"]] != "i86pc"
++ tbb <- tbbLibPath()
++ paste(" -ltbb -ltbbmalloc", sep = "")
}
- isSparc <- function() {
+ # Helper function to ape the behavior of the R build system
+Index: r-cran-rcppparallel-5.0.2+dfsg/R/hooks.R
+===================================================================
+--- r-cran-rcppparallel-5.0.2+dfsg.orig/R/hooks.R
++++ r-cran-rcppparallel-5.0.2+dfsg/R/hooks.R
+@@ -5,22 +5,8 @@ mallocDllInfo <- NULL
+ .onLoad <- function(libname, pkgname) {
+
+ # load tbb and tbbmalloc on supported platforms
+- tbb <- tbbLibPath()
+- if (!is.null(tbb)) {
+- if (!file.exists(tbb)) {
+- warning(paste("TBB library", tbb, "not found."))
+- } else {
+- dllInfo <<- dyn.load(tbb, local = FALSE, now = TRUE)
+- }
+- }
+- tbbMalloc <- tbbLibPath("malloc")
+- if (!is.null(tbbMalloc)) {
+- if (!file.exists(tbbMalloc)) {
+- warning(paste("TBB malloc library", tbbMalloc, "not found."))
+- } else {
+- mallocDllInfo <<- dyn.load(tbbMalloc, local = FALSE, now = TRUE)
+- }
+- }
++ dllInfo <<- dyn.load("libtbb.so.2", local = FALSE, now = TRUE)
++ mallocDllInfo <<- dyn.load("libtbbmalloc.so.2", local = FALSE, now = TRUE)
+
+ # load the package library
+ library.dynam("RcppParallel", pkgname, libname)
More information about the R-pkg-team
mailing list