Bug 1255079
| Summary: | pkcon - can not confirm installation/removing component | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Ladislav Kolacek <lkolacek> | ||||
| Component: | PackageKit | Assignee: | Richard Hughes <rhughes> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 7.2 | CC: | ashankar, codonell, lkolacek, mcepl, mclasen, mnewsome, pfrankli, richard, tpelka, vbenes | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | ppc64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | PackageKit-1.0.7-6.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-11-04 06:20:00 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1295396, 1297830, 1313485 | ||||||
| Attachments: |
|
||||||
|
Description
Ladislav Kolacek
2015-08-19 14:47:30 UTC
We're using the same unbuffered input code as PolicyKit, polkitagenttextlistener.c -- I'm guessing that experiences the same bug on ppc64? I assume you can't reproduce this on any other architecture? If termios.h isn't working, this points to a bigger bug with glibc. Reassigning.... Created attachment 1129774 [details]
test case
Richard,
Awesome test case. That's exactly what we need.
The code you posted is BE-unsafe, and ppc64 is a BE target.
44 gint c;
45 c = getc (tty);
This stores the value read from the tty in BE to an integer sized object.
46 if (c == '\n') {
47 /* ok, done */
48 break;
49 } else if (c == EOF) {
50 g_warning ("Got unexpected EOF.");
51 break;
52 } else {
53 g_string_append_len (str, (const gchar *) &c, 1);
The '&c' points to start of the integer sized object, which has a value of 0x0 for a character sized object e.g. { &c->[0x0], 0x0, 0x0, 0x59 'Y' }. This makes the code BE-unsafe.
To fix this requires a type conversion.
You need to do this:
gchar gc = (gchar) c;
g_string_append_len (str, (const gchar *) &gc, 1);
Knowing that `c` won't have a value of EOF, you can safely cast it to a gchar and convert the value (potentially loosing the value of the EOF, but you already checked for it earlier). Then the address of `gc` will point to the valid character value.
This is a somewhat classic BE-unsafe thing to do, which works fine on LE targets like x86_64 e.g. { &c->[0x59], 0x0, 0x0, 0x0}. This should also work fine on ppc64le.
You should audit your code for BE-unsafe operations like this since ppc64 is not going away any time soon.
Hi Carlos -- thanks for the detailed report, I learned a lesson today. Thanks! Is this sort of BE-unsafe casting not getting flagged by compiler warnings or coverity checks ? PolicyKit has the same bug so I filed it here: https://bugzilla.redhat.com/show_bug.cgi?id=1311648 commit 710a9445777793e49160587882860cbb7b43e311
Author: Richard Hughes <richard>
Date: Mon May 16 15:27:35 2016 +0100
Make pk_console_get_prompt() big endian safe
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1255079
I could remove and reinstall gpm-libs just with pkcon. Confirmation dialog works. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2425.html |