[Reproducible-builds] Bug#803503: libfile-stripnondeterminism-perl: substr outside of string at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm

Daniel Stender debian at danielstender.com
Fri Oct 30 19:00:41 UTC 2015 

Source: strip-nondeterminism
Version: 0.013-1
Severity: normal

I've got an error here on dh_strip_nondeterminism, it's from the buildlog
of afl/1,94b-2 (unreleased), the tried-to-processed file is
debian/afl/usr/share/doc/afl/vuln_samples/unzip-t-mem-corruption.zip [1]:

<buildlog>
   dh_strip_nondeterminism
substr outside of string at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm line 113.
Use of uninitialized value in unpack at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm line 113.
IO error: reading local extra field : at /usr/bin/dh_strip_nondeterminism line 87.
Can't write to /tmp/dwjyFRebW6.zip at /usr/share/perl5/Archive/Zip/Archive.pm line 440.
Archive::Zip::Archive::overwrite(Archive::Zip::Archive=HASH(0xf9eb48)) called at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm line 160
File::StripNondeterminism::handlers::zip::normalize("debian/afl/usr/share/doc/afl/vuln_samples/unzip-t-mem-corrupt"...) called at /usr/bin/dh_strip_nondeterminism line 87
eval {...} called at /usr/bin/dh_strip_nondeterminism line 87
</buildlog>

Note: docs/vuln_samples/ is a special collection of files triggering vulnerabilities
(the filename already says it), maybe this shows something which could be improved.

Best,
DS

[1] https://packages.debian.org/sid/amd64/afl/filelist

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libfile-stripnondeterminism-perl depends on:
ii  libarchive-zip-perl  1.53-1
ii  perl                 5.20.2-6

libfile-stripnondeterminism-perl recommends no packages.

libfile-stripnondeterminism-perl suggests no packages.

-- no debconf information

More information about the Reproducible-builds mailing list