Bug 1041201

Summary: clamav testsuite fails with zlib-1.2.9 and newer
Product: [openSUSE] openSUSE Tumbleweed Reporter: Dominique Leuenberger <dimstar>
Component: OtherAssignee: Reinhard Max <max>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: astieger, fvogt, jsegitz, security-team, tchvatal, toganm
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1030236    

Description Dominique Leuenberger 2017-05-29 08:29:44 UTC 
Since the update of gcc to version 7, openSUSE:Factory/clamav fails to build

See a complete log file at https://build.opensuse.org/package/live_build_log/openSUSE:Factory/clamav/standard/x86_64
Comment 1 Reinhard Max 2017-07-04 11:49:42 UTC 
It is a segfault in a binary that is part of the testsuite, not in ClamAV itself:

--- snip (unit_tests/test-suite.log) ---
99%: Checks: 988, Failures: 1, Errors: 1
check_bytecode.c:127:F:arithmetic:test_inflate_jit:0: cli_bytecode_run failed, expected: 0, have: 28

check_bytecode.c:108:E:arithmetic:test_inflate_int:0: (after this point) Received signal 11 (Segmentation fault)
--- snap ---

I tried to debug the core dump, but even after installing all debuginfo packages that gdb requested and making sure I have a binary with debug symbols, I don't get any useful (for me) information:

--- snip ---
Reading symbols from /home/abuild/rpmbuild/BUILD/clamav-0.99.2/unit_tests/.libs/check_clamav...done.
[New LWP 30499]
[New LWP 30500]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/home/abuild/rpmbuild/BUILD/clamav-0.99.2/unit_tests/.libs/check_clamav'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f8f0fc8d13d in ?? ()
[Current thread is 1 (Thread 0x7f8f137f6b80 (LWP 30499))]
(gdb) bt
#0  0x00007f8f0fc8d13d in ?? ()
#1  0x00007ffff7f4faf0 in ?? ()
#2  0x0000000000000000 in ?? ()
(gdb) thread 2
[Switching to thread 2 (Thread 0x7f8f0fc8c700 (LWP 30500))]
#0  clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:80
80      ../sysdeps/unix/sysv/linux/x86_64/clone.S: No such file or directory.
(gdb) bt
#0  clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:80
#1  0x00007f8f123e8410 in ?? () at pthread_create.c:353 from /lib64/libpthread.so.0
#2  0x00007f8f0fc8c700 in ?? ()
#3  0x0000000000000000 in ?? ()
--- snap ---
Comment 2 Reinhard Max 2017-07-04 14:45:38 UTC 
When I --disable-llvm the tests still fail, but the segfault doesn't happen anymore:

check_bytecode.c:127:F:arithmetic:test_inflate_jit:0: cli_bytecode_run failed, expected: 0, have: 28

check_bytecode.c:127:F:arithmetic:test_inflate_int:0: cli_bytecode_run failed, expected: 0, have: 28
Comment 3 Reinhard Max 2017-07-05 12:34:35 UTC 
Ubuntu thinks this is related to the recent upgrade of libz:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1698763

I tend to agree, because I confirmed that the test failures and also happen when I build clamav using gcc6 on Factory. Also, the names of the failing tests (test_inflate_jit, test_inflate_int) seem to indicate that they are somehow related to compression.
Comment 4 Reinhard Max 2017-07-05 16:01:08 UTC 
Bisecting zlib reveals that this was the change that breaks the ClamAV testsuite:

https://github.com/madler/zlib/commit/b516b4bdd7c0c9f0858adfebf732089014f7b282

Dunno if this commit actually broke zlib or if ClamAV just depends on broken/undefined behaviour of zlib here.

Tomáš, can you make any sense of this from the zlib side?

If not, I'll report this to ClamAV upstream.
Comment 5 Reinhard Max 2017-07-05 16:10:53 UTC 
The commit mentioned above is from last October and happened between versions 1.2.8 and 1.2.9 of zlib.
Our Factory package went straight from 1.2.8 to 1.2.11 on 2017-05-24.
Comment 6 Reinhard Max 2017-07-06 14:39:28 UTC 
My upstream bug report:
https://bugzilla.clamav.net/show_bug.cgi?id=11865
Comment 8 Tomáš Chvátal 2017-07-07 08:10:15 UTC 
Sorry I have no exact idea. But it seems the check function is behaving as expected. Thus it more looks like clamav is expecting zlib to pass over something that was undefined.
Comment 9 Marcus Meissner 2017-07-11 09:45:58 UTC 
The crash seems to be in bytecode generated code, and the additional inflateStateCheck in the commit  https://github.com/madler/zlib/commit/b516b4bdd7c0c9f0858adfebf732089014f7b282
is the likely cause.

I looked at the code and it does seem to operate the zlib streams okish.
Comment 11 Ludwig Nussel 2017-08-03 13:15:13 UTC 
ping! The package still fails
Comment 14 Reinhard Max 2017-09-14 16:17:30 UTC 
Done.
Comment 15 Bernhard Wiedemann 2017-12-03 09:00:32 UTC 
This is an autogenerated message for OBS integration:
This bug (1041201) was mentioned in
https://build.opensuse.org/request/show/547654 15.0 / clamav