1180734 – libpinyin binaries vary from ASLR

Bug 1180734 - libpinyin binaries vary from ASLR

Summary: libpinyin binaries vary from ASLR

Status:	NEW

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Current
Hardware:	Other All

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Cliff Zhao
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1061219
	Show dependency tree / graph

Clone This Bug

Reported:	2021-01-09 19:04 UTC by Bernhard Wiedemann
Modified:	2021-01-09 19:04 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Wiedemann 2021-01-09 19:04:10 UTC

While working on reproducible builds for openSUSE and SLE-15-SP3,
I found that our libpinyin binaries vary from ASLR
See https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/aslr
on that topic.


diff looks thus:
--- old /usr/lib64/libpinyin/data/pinyin_index.bin (hex)
+++ new /usr/lib64/libpinyin/data/pinyin_index.bin (hex)
@@ -10067,8 +10067,8 @@
 00087d10  38 8d 04 0a 08 04 01 a1  02 84 00 46 04 03 02 53  |8..........F...S|
 00087d20  00 53 04 f5 01 46 04 16  02 00 07 8d 04 0a 08 04  |.S...F..........|
 00087d30  01 a1 02 84 00 46 04 03  02 53 00 53 04 f5 01 46  |.....F...S.S...F|
-00087d40  04 66 40 05 21 00 0d 8d  04 0a 08 04 01 a1 02 84  |.f@.!...........|
-00087d50  00 46 04 03 02 53 00 53  04 f5 01 46 04 66 40 0e  |.F...S.S...F.f@.|
+00087d40  04 3a 15 05 21 00 0d 8d  04 0a 08 04 01 a1 02 84  |.:..!...........|
+00087d50  00 46 04 03 02 53 00 53  04 f5 01 46 04 3a 15 0e  |.F...S.S...F.:..|
 00087d60  00 8d 04 0a 08 04 01 a1  02 84 00 46 04 04 01 10  |...........F....|
 00087d70  14 8d 04 0a 08 04 01 a1  02 84 00 46 04 04 01 a1  |...........F....|
 00087d80  02 f1 20 00 0d 8d 04 0a  08 04 01 a1 02 84 00 46  |.. ............F|
@@ -17511,9 +17511,9 @@
 000a55d0  13 00 15 00 16 38 0d 00  0a 00 04 00 01 00 04 00  |.....8..........|
 000a55e0  06 00 03 00 13 00 13 00  15 00 06 00 16 02 00 07  |................|
 000a55f0  8d 04 0a 08 04 01 a1 02  84 00 46 04 03 02 53 00  |..........F...S.|
-000a5600  53 04 f5 01 46 04 66 40  05 21 00 0d 8d 04 0a 08  |S...F.f@.!......|
+000a5600  53 04 f5 01 46 04 3a 15  05 21 00 0d 8d 04 0a 08  |S...F.:..!......|
 000a5610  04 01 a1 02 84 00 46 04  03 02 53 00 53 04 f5 01  |......F...S.S...|
-000a5620  46 04 66 40 0e 00 0d 00  0a 00 04 00 01 00 04 00  |F.f@............|
+000a5620  46 04 3a 15 0e 00 0d 00  0a 00 04 00 01 00 04 00  |F.:.............|
 000a5630  06 00 04 00 10 14 0d 00  0a 00 04 00 01 00 04 00  |................|

my notes say, it comes from
"../utils/storage/gen_binary_files" "--table-dir" "../data"
from utils/storage/gen_binary_files.cpp:    generate_binary_files(ADDON_SYSTEM_PINYIN_INDEX,

utils/utils_helper.h:inline bool save_phrase_index(const pinyin_table_info_t * phrase_files,

src/storage/phrase_index.cpp ::store does not store end of data -> likely leftover data

also affects ibus-libzhuyin libzhuyin fcitx-libpinyin


The cheap way out is probably to run gen_binary_files under setarch -R
but the proper fix would be in the code to not write random bytes in there.