Bug#803503: libfile-stripnondeterminism-perl: substr outside of string at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm

Chris Lamb lamby at debian.org
Tue Oct 30 05:15:58 GMT 2018 

Hi Daniel,

> Yep, still there are messages on this (2.52b-4, just let the dh helper 
> run over the docs package):

So, why you `-Nafl-doc` instead of letting it print the warning
messages…?

Or, rather, are we corrupting the .png file here...? If not, we can
just silence this warning to close this issue, no? We can't trust
this header anyway...

Anyway, can confirm this and I am attaching the
docs/vuln_samples/msie-zlib-dos.png file for posterity:

   dh_strip_nondeterminism
	Using 1540845961 as canonical time
        […]
debian/afl-doc/usr/share/doc/afl-doc/vuln_samples/msie-zlib-dos.png: invalid length in ' 2,u' header at /usr/share/perl5/File/StripNondeterminism/handlers/png.pm line 130.
substr outside of string at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm line 155.
Use of uninitialized value in unpack at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm line 155.
IO error: reading local extra field :  
 at /usr/bin/dh_strip_nondeterminism line 90.
Can't write to /tmp/rHhftxVN2q.zip 
 at /usr/share/perl5/Archive/Zip/Archive.pm line 439.
	Archive::Zip::Archive::overwrite(Archive::Zip::Archive=HASH(0x55d6b2580c40)) called at /usr/share/perl5/File/StripNondeterminism/handlers/zip.pm line 218
	File::StripNondeterminism::handlers::zip::normalize("debian/afl-doc/usr/share/doc/afl-doc/vuln_samples/unzip-t-mem"...) called at /usr/bin/dh_strip_nondeterminism line 90
	eval {...} called at /usr/bin/dh_strip_nondeterminism line 90
        […]

As an aside, this made me check:

  https://codesearch.debian.net/search?q=override_dh_strip_nondeterminism&perpkg=1 

:)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msie-zlib-dos.png
Type: image/png
Size: 434 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20181030/dd01760e/attachment.png>

More information about the Reproducible-builds mailing list