Bug 2120809

Summary: F38FailsToInstall: asymptote
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: asymptoteAssignee: Tom "spot" Callaway <spotrh>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jose.p.oliveira.oss, loganjerry, mtasaka, spotrh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-25 09:25:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2121167    
Bug Blocks: 2117177    

Description Miro Hrončok 2022-08-23 18:53:05 UTC 
Hello,

Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok).

Your package (asymptote) Fails To Install in Fedora 38:

can't install asymptote:
  - nothing provides libgsl.so.25()(64bit) needed by asymptote-2.81-2.fc37.x86_64
  
If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem.


If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/), your package may be orphaned in 8+ weeks.


P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors. To reproduce, use the koji/local repo only, e.g. in mock:

    $ mock -r fedora-38-x86_64 --config-opts mirrored=False install asymptote


P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-dependent-packages

Thanks!
Comment 1 Miro Hrončok 2022-08-23 19:10:23 UTC 
This goes beyond this one particular package. Some of "my" packages fail to build in Koschei with:

    Problem: package texlive-scheme-full-9:svn54074-59.fc37.noarch requires texlive-collection-binextra, but none of the providers can be installed
    - package texlive-collection-binextra-9:svn56352-59.fc37.noarch requires asymptote, but none of the providers can be installed
    - conflicting requests
    - nothing provides libgsl.so.25()(64bit) needed by asymptote-2.81-2.fc37.x86_64
Comment 2 Jerry James 2022-08-23 23:43:41 UTC 
There are two segfaults during the asymptote build, both while in the doc subdirectory, in this order:

- pdfetex --file-line-error \\input ./asymptote.texi < /dev/null
- pdflatex CAD

I can't seem to make the first segfault happen outside of the build.  Perhaps there is some file I need to delete to make it start over.  The second is easily repeatable, and has this backtrace:

(gdb) bt
#0  0x0000555555bc9e20 in ?? ()
#1  0x0000555555603380 in writeEncodings () at ../../../texk/web2c/pdftexdir/pdftoepdf.cc:671
#2  write_epdf () at ../../../texk/web2c/pdftexdir/pdftoepdf.cc:1074
#3  0x00005555555b930f in writeimage (img=<optimized out>) at ../../../texk/web2c/pdftexdir/writeimg.c:380
#4  zpdfwriteimage (n=<optimized out>)
    at /usr/src/debug/texlive-base-20210325-51.fc37.x86_64/source/work/texk/web2c/pdftex0.c:22520
#5  0x00005555555c455d in zpdfshipout (p=8184, shippingpage=1)
    at /usr/src/debug/texlive-base-20210325-51.fc37.x86_64/source/work/texk/web2c/pdftex0.c:25010
#6  0x00005555555dee01 in maincontrol ()
    at /usr/src/debug/texlive-base-20210325-51.fc37.x86_64/source/work/texk/web2c/pdftex0.c:38813
#7  0x000055555556ae52 in mainbody ()
    at /usr/src/debug/texlive-base-20210325-51.fc37.x86_64/source/work/texk/web2c/pdftexini.c:5657
#8  main (ac=<optimized out>, av=<optimized out>) at ../../../texk/web2c/lib/texmfmp.c:1112
(gdb) up
#1  0x0000555555603380 in writeEncodings () at ../../../texk/web2c/pdftexdir/pdftoepdf.cc:671
671	            if (r->font->isCIDFont()) {
(gdb) print *r
$1 = {enc_objnum = 42, font = 0x555555bc9e30, next = 0x555555bafd20}
(gdb) print *r->font
$2 = <incomplete type>

Valgrind says there are some use-after-free scenarios.  Here is the first:
==45== Invalid read of size 8
==45==    at 0x1B7370: UnknownInlinedFun (pdftoepdf.cc:671)
==45==    by 0x1B7370: write_epdf (pdftoepdf.cc:1074)
==45==    by 0x16D30E: UnknownInlinedFun (writeimg.c:380)
==45==    by 0x16D30E: zpdfwriteimage (pdftex0.c:22520)
==45==    by 0x17855C: zpdfshipout (pdftex0.c:25010)
==45==    by 0x192E00: maincontrol (pdftex0.c:38813)
==45==    by 0x11EE51: UnknownInlinedFun (pdftexini.c:5657)
==45==    by 0x11EE51: main (texmfmp.c:1112)
==45==  Address 0xcfaa240 is 0 bytes inside a block of size 4,680 free'd
==45==    at 0x48448DD: operator delete(void*, unsigned long) (vg_replace_malloc.c:935)
==45==    by 0x1B83EC: UnknownInlinedFun (unique_ptr.h:95)
==45==    by 0x1B83EC: UnknownInlinedFun (shared_ptr_base.h:527)
==45==    by 0x1B83EC: UnknownInlinedFun (shared_ptr_base.h:346)
==45==    by 0x1B83EC: UnknownInlinedFun (shared_ptr_base.h:317)
==45==    by 0x1B83EC: UnknownInlinedFun (shared_ptr_base.h:1071)
==45==    by 0x1B83EC: UnknownInlinedFun (shared_ptr_base.h:1524)
==45==    by 0x1B83EC: UnknownInlinedFun (shared_ptr.h:175)
==45==    by 0x1B83EC: UnknownInlinedFun (pdftoepdf.cc:453)
==45==    by 0x1B83EC: UnknownInlinedFun (pdftoepdf.cc:466)
==45==    by 0x1B83EC: write_epdf (pdftoepdf.cc:1010)
==45==    by 0x16D30E: UnknownInlinedFun (writeimg.c:380)
==45==    by 0x16D30E: zpdfwriteimage (pdftex0.c:22520)
==45==    by 0x17855C: zpdfshipout (pdftex0.c:25010)
==45==    by 0x192E00: maincontrol (pdftex0.c:38813)
==45==    by 0x11EE51: UnknownInlinedFun (pdftexini.c:5657)
==45==    by 0x11EE51: main (texmfmp.c:1112)
==45==  Block was alloc'd at
==45==    at 0x4841FF5: operator new(unsigned long) (vg_replace_malloc.c:422)
==45==    by 0x4A361E9: GfxFont::makeFont(XRef*, char const*, Ref, Dict*) (in /usr/lib64/libpoppler.so.123.0.0)
==45==    by 0x1B8224: UnknownInlinedFun (pdftoepdf.cc:444)
==45==    by 0x1B8224: UnknownInlinedFun (pdftoepdf.cc:466)
==45==    by 0x1B8224: write_epdf (pdftoepdf.cc:1010)
==45==    by 0x16D30E: UnknownInlinedFun (writeimg.c:380)
==45==    by 0x16D30E: zpdfwriteimage (pdftex0.c:22520)
==45==    by 0x17855C: zpdfshipout (pdftex0.c:25010)
==45==    by 0x192E00: maincontrol (pdftex0.c:38813)
==45==    by 0x11EE51: UnknownInlinedFun (pdftexini.c:5657)
==45==    by 0x11EE51: main (texmfmp.c:1112)

GfxFont::makeFont returns a shared_ptr.  We stash the shared_ptr in variable gfont on line 444 of source/texk/web2c/pdftexdir/pdftoepdf.cc.  Then on line 446, we call gfont.get() to extract the underlying pointer from the shared_ptr ... and then throw the shared_ptr away.  It goes out of scope, there are no references left, and the font object gets deallocated.  Then we pass a pointer to the now deallocated font object down into addFont().  It's unsurprising that this code segfaults.
Comment 3 Mamoru TASAKA 2022-08-25 03:30:50 UTC 
asymptote now built with texlive-base modification:
https://koji.fedoraproject.org/koji/buildinfo?buildID=2050712
Comment 4 Miro Hrončok 2022-08-25 09:25:28 UTC 
Hello,

Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok).

All subpackages of a package against which this bug was filled are now installable or removed from Fedora 38.

Thanks for taking care of it!