1173396 – fonttosfnt writes nondeterministic .otb files from ASLR

Bug 1173396 - fonttosfnt writes nondeterministic .otb files from ASLR

Summary: fonttosfnt writes nondeterministic .otb files from ASLR

Status:	NEW

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	X.Org (show other bugs)
Version:	Current
Hardware:	x86-64 openSUSE Factory

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Antonio Larrosa
QA Contact:	Gfx Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1061219
	Show dependency tree / graph

Clone This Bug

Reported:	2020-06-26 09:00 UTC by Bernhard Wiedemann
Modified:	2020-06-26 10:33 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Wiedemann 2020-06-26 09:00:20 UTC

While working on reproducible builds for openSUSE, I found that
when building the xorg-x11-fonts-converted package,
there were slight differences between each build

Steps to Reproduce:
fonttosfnt -b -c -g 2 -m 2 -o Adobe-Courier-Bold-Oblique.otb /usr/share/fonts/75dpi/courBO08-ISO8859-1.pcf.gz ; md5sum Adobe-Courier-Bold-Oblique.otb
filterdiff 'hexdump -C' {a,b}.otb
 00000040  e3 43 7d a3 00 00 0a f0  00 00 00 36 63 6d 61 70  |.C}........6cmap|
 00000050  00 ee 01 48 00 00 0b 28  00 00 00 3c 67 6c 79 66  |...H...(...<glyf|
 00000060  00 00 00 00 00 00 0b 64  00 00 00 00 68 65 61 64  |.......d....head|
-00000070  6f 36 b6 de 00 00 0b 64  00 00 00 36 68 68 65 61  |o6.....d...6hhea|
+00000070  bc 09 6f 3e 00 00 0b 64  00 00 00 36 68 68 65 61  |..o>...d...6hhea|
 00000080  10 69 05 40 00 00 0b 9c  00 00 00 24 68 6d 74 78  |.i.@.......$hmtx|
 00000090  1c a0 fe 21 00 00 0b c0  00 00 03 00 6c 6f 63 61  |...!........loca|
 000000a0  00 00 00 00 00 00 0e c0  00 00 01 82 6d 61 78 70  |............maxp|
@@ -180,9 +180,9 @@
 00000b30  00 00 00 0c 00 04 00 30  00 00 00 08 00 04 00 02  |.......0........|
 00000b40  00 04 00 00 00 7e 00 ff  ff ff 00 00 00 00 00 20  |.....~......... |
 00000b50  00 a0 ff ff 00 00 ff e1  ff c0 00 01 00 00 00 00  |................|
-00000b60  00 00 00 00 00 01 00 00  00 01 00 00 bd 55 7b 6c  |.............U{l|
-00000b70  5f 0f 3c f5 00 01 08 00  00 00 0b 64 04 d1 29 50  |_.<........d..)P|
-00000b80  00 00 0b 64 04 d1 29 50  ff 00 ff 00 07 80 09 80  |...d..)P........|
+00000b60  00 00 00 00 00 01 00 00  00 01 00 00 70 82 c3 0c  |............p...|
+00000b70  5f 0f 3c f5 00 01 08 00  00 00 0b 64 ab 3a 85 80  |_.<........d.:..|
+00000b80  00 00 0b 64 ab 3a 85 80  ff 00 ff 00 07 80 09 80  |...d.:..........|
 00000b90  00 01 00 01 00 00 00 00  00 00 00 00 00 01 00 00  |................|
 00000ba0  09 80 ff 00 00 66 06 80  ff 00 ff 00 07 80 00 01  |.....f..........|

The first chunk is just the checksum-adjustment
caused by diffs in the 2nd chunk.

I already tried to add a memset after all malloc and calloc calls,
but that did not make a difference.


https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/aslr
has examples of how ASLR influenced outputs in the past.

Running fonttosfnt under setarch -R to disable ASLR does make the output reproducible:

for i in $(seq 1 5) ; do 
  setarch -R fonttosfnt -b -c -g 2 -m 2 -o Adobe-Courier-Bold-Oblique.otb \
  /usr/share/fonts/75dpi/courBO08-ISO8859-1.pcf.gz ; 
  md5sum Adobe-Courier-Bold-Oblique.otb ; done | sort | uniq -c
      5 b320eb3a6f93fe19be575ad536fcba3e  Adobe-Courier-Bold-Oblique.otb