Bug#708074: libfile-libmagic-perl: FTBFS

Tue May 14 19:36:50 UTC 2013

clone 708074 -1
retitle -1 libfile-libmagic-perl: FTBFS with libmagic1_1:5.14-1: test failures
severity -1 serious
tags -1 sid
thanks

Cc'ing the libmagic1 maintainer. Is this a bug in libmagic1, or is
libfile-libmagic-perl abusing the interface by repeatedly calling
magic_open() and magic_load() ? See below.

On Mon, May 13, 2013 at 08:57:07PM +0200, gregor herrmann wrote:
> On Sun, 12 May 2013 23:37:26 +0100, Dominic Hargreaves wrote:
> 
> > This package FTBFS with perl 5.18 from experimental (in a clean

> > Devel::CheckLib needs to be upgraded.
> 
> Unfortunately this is not enough; after updating
> inc/Devel/CheckLib.pm, one test fails (silently and somewhere in the
> (XS?) code itself):

> t/6-oo.t             (Wstat: 139 Tests: 11 Failed: 0)

This is a segmentation fault during the tests. It also happens on sid
with Perl 5.14 and is a regression introduced by libmagic1_1:5.14-1.

I'm therefore cloning a new bug for it and raising the severity.

The crash seems to happen when a process calls magic_open() / magic_load()
twice with different cookies. I was able to reduce it to this test case:

% cat foo.mgc 
0   string  Foo    A foo file

% cat t.c
#include <stdio.h>
#include <magic.h>

int main(void) {
    magic_t m1, m2;
    if ((m1 = magic_open(MAGIC_NONE)) == NULL) {
        fprintf(stderr, "magic_open failed for m1");
        return 1;
    }

    if ((m2 = magic_open(MAGIC_NONE)) == NULL) {
        fprintf(stderr, "magic_open failed for m2");
        return 1;
    }

    if (magic_load(m1, "foo.mgc") < 0) {
        fprintf(stderr, "Fatal: %s\n", magic_error(m1));
        return 1;
    }

    if (magic_load(m2, "foo.mgc") < 0) {
        fprintf(stderr, "Fatal: %s\n", magic_error(m2));
        return 1;
    }
    printf("OK\n");
    return 0;
}

% gcc t.c -lmagic
% ./a.out
zsh: segmentation fault (core dumped)  ./a.out

(On wheezy with libmagic1_5.11-2 this prints "OK" as expected.)

Backtrace with a libmagic1 recompiled with debugging symbols:

Core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f279a22cc68 in addentry (ms=0xbad180, me=0x7fff2a310110, mentry=0x7fff2a3101b0, 
    mentrycount=0x7fff2a310160) at apprentice.c:916
916     mentry[i][mentrycount[i]++] = *me;
(gdb) bt
#0  0x00007f279a22cc68 in addentry (ms=0xbad180, me=0x7fff2a310110, mentry=0x7fff2a3101b0, 
    mentrycount=0x7fff2a310160) at apprentice.c:916
#1  0x00007f279a22d05e in load_1 (ms=0xbad180, action=0, fn=0xbad2f0 "foo.mgc", errs=0x7fff2a310154, 
    mentry=0x7fff2a3101b0, mentrycount=0x7fff2a310160) at apprentice.c:1002
#2  0x00007f279a22da35 in apprentice_load (ms=0xbad180, fn=0xbad2f0 "foo.mgc", action=0)
    at apprentice.c:1177
#3  0x00007f279a22be20 in apprentice_1 (ms=0xbad180, fn=0xbad2f0 "foo.mgc", action=0) at apprentice.c:424
#4  0x00007f279a22c34e in file_apprentice (ms=0xbad180, fn=0xbad2f0 "foo.mgc", action=0)
    at apprentice.c:582
#5  0x00007f279a22b2c6 in magic_load (ms=0xbad180, magicfile=0x400aa6 "foo.mgc") at magic.c:254
#6  0x0000000000400983 in main () at t.c:21

I'm attaching the test case files for convenience.
-- 
Niko Tyni   ntyni at debian.org
-------------- next part --------------
0   string  Foo    A foo file
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.c
Type: text/x-csrc
Size: 619 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20130514/6a7ebc00/attachment.c>