bug#43513: json-c build failure (on armhf-linux) while trying to build u-boot

[Danny Milosavljevic]

Hi Ludo,

On Fri, 25 Sep 2020 18:02:54 +0200
Ludovic Courtès <ludo@gnu.org> wrote:

> What are the odds of a build succeeding in the presence of broken
> getdents/readdir?  Wouldn’t such builds simply fail (as in the CMake
> case), as opposed to succeeding but somehow producing invalid binaries?

I don't know what hashing mechanism ext4 uses, but I guess the odds are not
that high IF THE DIRECTORY IS RANDOM.  If it's crafted by a malicious person,
all bets are off.

However, notice that glibc can only fail out of readdir once it gets an *actual*
value >= 2**32.  It's totally possible in principle to have a directory with
200 entries, the first 100 of which have d_off < 2**32, and the 101st has
d_off >= 2**32.  Readdir will only stop after having given back 100 entries
to the caller.  The caller most likely will process those 100 entries.
That's it, you've just forgotten to install/copy/read/whatever half the files.

Technically the caller could examine errno to find out that something bad
happened while using readdir, but odds are that they don't (I haven't seen
anyone do that in my entire career)--and also the error code they are using
is undocumented[1].  So even a person who would check wouldn't expect this
error value (errno == EOVERFLOW).  In short, it won't work in practice.

> We can still disabled emulated builds on ci.guix.gnu.org, but let’s
> first make sure we understand the practical impact of this bug.

We need non-emulated builds to compare.

If a real ARM machine uses substitutes for anything, it probably picks up
now-untrustworthy builds made by x86_64 for ARM and builds on top of those.

Or don't they use substitutes?
In that case everything would be OK-ish.
Otherwise huge mess...

[1] "man getdents64" does not list EOVERFLOW--at least not for me.

pgpWIShjyWPho.pgp
Description: OpenPGP digital signature