FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian GCC

 
 
LinkBack Thread Tools
 
Old 05-11-2010, 10:03 PM
Daniel Gibson
 
Default Bug#581240: Calculation of MD5 sums seriously broken

Package: gdc-4.3
Version: 1:1.046-4.3.4-5
Severity: serious


The MD5-sums calculated by std.md5 are seriously broken - they're not
only wrong, they're different on each run..
gdc-4.1 and the closed-source dmd do *not* have this bug. Because
md5.d in the gdc-4.1 and gdc-4.3 package sources are identical I file
this as a bug in the compiler, not libphobos.
I consider this a serious bug because it makes std.md5 unusable and
probably affects other code as well (why should it only break the MD5
code).

I attached a simple testcase to demonstrate this bug. When it's build
with gdc-4.1 I get the following output:
"900150983CD24FB0D6963F7D28E17F72", when it's built with gdc-4.3 I
get:
"9BB8D85B9EC69BAAE48AFD6DC642C4B7
Error: AssertError Failure md5test.d(8)"
or "73295B9A9D13003D9E6065260759FBD4
Error: AssertError Failure md5test.d(8)"
... (a different sum on each run).

Cheers,
- Daniel


--- System information. ---
Architecture: i386
Kernel: Linux 2.6.32-3-686

Debian Release: squeeze/sid
500 testing security.debian.org
500 testing ftp.de.debian.org

--- Package information. ---
Depends (Version) | Installed
=========================================-+-====================
gcc-4.3-base (>= 4.3.4-1) | 4.3.4-10
g++-4.3 (>= 4.3.4-1) | 4.3.4-10
libphobos-4.3-dev (= 1:1.046-4.3.4-5) | 1:1.046-4.3.4-5
libc6 (>= 2.3) | 2.10.2-6
libgcc1 (>= 1:4.1.1) | 1:4.4.2-9
libgmp3c2 | 2:4.3.2+dfsg-1
libmpfr1ldbl | 2.4.2-3
libstdc++6 (>= 4.1.1) | 4.4.2-9


Package's Recommends field is empty.

Package's Suggests field is empty.
 
Old 05-12-2010, 04:10 AM
Iain Buclaw
 
Default Bug#581240: Calculation of MD5 sums seriously broken

On 11 May 2010 23:03, Daniel Gibson <metalcaedes@gmail.com> wrote:

Package: gdc-4.3

Version: 1:1.046-4.3.4-5

Severity: serious





The MD5-sums calculated by std.md5 are seriously broken - they're not

only wrong, they're different on each run..

gdc-4.1 and the closed-source dmd do *not* have this bug. Because

md5.d in the gdc-4.1 and gdc-4.3 package sources are identical I file

this as a bug in the compiler, not libphobos.

I consider this a serious bug because it makes std.md5 unusable and

probably affects other code as well (why should it only break the MD5

code).



I attached a simple testcase to demonstrate this bug. When it's build

with gdc-4.1 I get the following output:

"900150983CD24FB0D6963F7D28E17F72", when it's built with gdc-4.3 I

get:

"9BB8D85B9EC69BAAE48AFD6DC642C4B7

Error: AssertError Failure md5test.d(8)"

or "73295B9A9D13003D9E6065260759FBD4

Error: AssertError Failure md5test.d(8)"

... (a different sum on each run).



Cheers,

- Daniel





Thank-you for your report, this seems to be a problem with gdc's inline asm.
Attached is the minimal code to reproduce, however, it seems that I can get it in even less.

asm{** naked ;** mov EAX x ;** ret ;}
Haven't looked into it properly yet, but conjures the thought of data not being initialised properly.


First advancements though, turning off asm in std.md5 seems like a likely quick-fix for the time being. Just comparing, GCC can produce the rol opcode from shifts. Actually, produces _exactly_ the same code as the inline assembly in the D file (with the exception of a different call frame setup). So is not likely we are loosing any optimisation either way.

I'd hate to think where else in phobos is affected by this...*

Regards
--
Iain Buclaw

*(p < e ? p++ : p) = (c & 0x0f) + '0';
 
Old 05-13-2010, 08:46 AM
Iain Buclaw
 
Default Bug#581240: Calculation of MD5 sums seriously broken

[iain@netbook ~]$ cat md5test.d*import std.md5;import std.stdio;
void main(){ // testcase from md5.d unittests
ubyte[16] digest; sum (digest, "abc"); writefln(digestToString(digest));
** *assert(digest == cast(ubyte[])x"900150983cd24fb0d6963f7d28e17f72");}[iain@netbook ~]$ gdmd-4.3 -unittest md5test.d && ./md5test900150983CD24FB0D6963F7D28E17F72


I'm happy to say this is resolved (for me). Attaching updated gdc-4.3.dpatch which addresses the issue.

Regards


--
Iain Buclaw

*(p < e ? p++ : p) = (c & 0x0f) + '0';
 
Old 05-13-2010, 08:52 AM
Iain Buclaw
 
Default Bug#581240: Calculation of MD5 sums seriously broken

On 13 May 2010 09:46, Iain Buclaw <ibuclaw@ubuntu.com> wrote:


I'm happy to say this is resolved (for me). Attaching updated gdc-4.3.dpatch which addresses the issue.


And a patch against debian's gccsvn ( for the lazy .
--
Iain Buclaw

*(p < e ? p++ : p) = (c & 0x0f) + '0';
 
Old 05-16-2010, 12:38 AM
Daniel Gibson
 
Default Bug#581240: Calculation of MD5 sums seriously broken

On Thu, May 13, 2010 at 10:46 AM, Iain Buclaw <ibuclaw@ubuntu.com> wrote:
> [iain@netbook ~]$ cat md5test.d
> import std.md5;
> import std.stdio;
> void main(){
> // testcase from md5.d unittests
> ubyte[16] digest;
> sum (digest, "abc");
> writefln(digestToString(digest));
> ** *assert(digest == cast(ubyte[])x"900150983cd24fb0d6963f7d28e17f72");
> }
> [iain@netbook ~]$ gdmd-4.3 -unittest md5test.d && ./md5test
> 900150983CD24FB0D6963F7D28E17F72
>
> I'm happy to say this is resolved (for me). Attaching updated gdc-4.3.dpatch
> which addresses the issue.
>
> Regards
>
> --
> Iain Buclaw
>
> *(p < e ? p++ : p) = (c & 0x0f) + '0';
>

Works for me, too :-)

Cheers,
- Daniel



--
To UNSUBSCRIBE, email to debian-gcc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTikiN6qcNYY93a1y9sFEvAAM_taKYG-boEYqLfIF@mail.gmail.com">http://lists.debian.org/AANLkTikiN6qcNYY93a1y9sFEvAAM_taKYG-boEYqLfIF@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 09:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org