Bug 11896 - bunzip2: bunzip fails testsuite on s390x Conditional jump or move depends on uninitialised value(s)
Summary: bunzip2: bunzip fails testsuite on s390x Conditional jump or move depends on ...
Status: RESOLVED FIXED
Alias: None
Product: Busybox
Classification: Unclassified
Component: Other (show other bugs)
Version: 1.30.x
Hardware: All Linux
: P5 normal
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-23 10:56 UTC by Dimitri John Ledkov
Modified: 2019-05-27 23:49 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dimitri John Ledkov 2019-05-23 10:56:10 UTC 
Originally reported at https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1828282 with initial suspicion at glibc, however later diagnosed to be a busybox issue.

The full analysis is at https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1828282/comments/1

In short bz2_issue_11.bz2 test case always fails on s390x since bunzip2 depends on uninitialised values, which happen to always be "wrong" on s390x.

This is observable with valgrind too:

# valgrind busybox bunzip2 <bz2_issue_11.bz2 2>&1 >/dev/null
==40965== Memcheck, a memory error detector
==40965== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==40965== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==40965== Command: busybox bunzip2
==40965== 
==40965== Conditional jump or move depends on uninitialised value(s)
==40965==    at 0x17C1D4: get_next_block (decompress_bunzip2.c:393)
==40965==    by 0x17C37F: get_next_block (decompress_bunzip2.c:419)
==40965== 
bunzip2: bunzip error -5
==40965== 
==40965== HEAP SUMMARY:
==40965==     in use at exit: 0 bytes in 0 blocks
==40965==   total heap usage: 7 allocs, 7 frees, 4,539,696 bytes allocated
==40965== 
==40965== All heap blocks were freed -- no leaks are possible
==40965== 
==40965== For counts of detected and suppressed errors, rerun with: -v
==40965== Use --track-origins=yes to see where uninitialised values come from
==40965== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)


For the time being we are skipping the bz2_issue_11.bz2 test case in ubuntu.
Comment 1 Denys Vlasenko 2019-05-23 12:55:43 UTC 
Fixed in git, lots of thanks!
Comment 2 Dimitri John Ledkov 2019-05-23 14:07:05 UTC 
Nice!

It is valgrind clean now, but the testsuite fails:

$ ./bunzip2.tests 
PASS: bunzip2: doesnt exist
PASS: bunzip2: unknown suffix
PASS: bunzip2: already exists
PASS: bunzip2: stream unpack
PASS: bunzip2: delete src
PASS: bunzip2: test_bz2 file
PASS: bunzip2: pbzip_4m_zeros file
PASS: bunzip2: bz2_issue_11.bz2 corrupted example
FAIL: bunzip2: bz2_issue_12.bz2 corrupted example

Maybe, now that this is fixed, the issue_12 expectation should be changed?

It currently expects "bunzip2: bunzip error -3:1", yet we now generate "bunzip2: bunzip error -5:1" (just like issue_11 corrupted example)
Comment 3 Dimitri John Ledkov 2019-05-27 23:49:37 UTC 
Test suite got fixed in master too, all is good:
https://git.busybox.net/busybox/commit/?id=b2c123d484dbe261758f27ced213f4649173803b

Thanks a lot for the quick fixes! Included in Ubuntu devel series.