Bug ID 1173396
Summary fonttosfnt writes nondeterministic .otb files from ASLR
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS openSUSE Factory
Status NEW
Severity Normal
Priority P5 - None
Component X.Org
Assignee sndirsch@suse.com
Reporter bwiedemann@suse.com
QA Contact gfx-bugs@suse.de
CC eich@suse.com
Blocks 1061219
Found By Development
Blocker --- 

While working on reproducible builds for openSUSE, I found that
when building the xorg-x11-fonts-converted package,
there were slight differences between each build

Steps to Reproduce:
fonttosfnt -b -c -g 2 -m 2 -o Adobe-Courier-Bold-Oblique.otb
/usr/share/fonts/75dpi/courBO08-ISO8859-1.pcf.gz ; md5sum
Adobe-Courier-Bold-Oblique.otb
filterdiff 'hexdump -C' {a,b}.otb
 00000040  e3 43 7d a3 00 00 0a f0  00 00 00 36 63 6d 61 70  |.C}........6cmap|
 00000050  00 ee 01 48 00 00 0b 28  00 00 00 3c 67 6c 79 66  |...H...(...<glyf|
 00000060  00 00 00 00 00 00 0b 64  00 00 00 00 68 65 61 64  |.......d....head|
-00000070  6f 36 b6 de 00 00 0b 64  00 00 00 36 68 68 65 61  |o6.....d...6hhea|
+00000070  bc 09 6f 3e 00 00 0b 64  00 00 00 36 68 68 65 61  |..o>...d...6hhea|
 00000080  10 69 05 40 00 00 0b 9c  00 00 00 24 68 6d 74 78  |.i.@.......$hmtx|
 00000090  1c a0 fe 21 00 00 0b c0  00 00 03 00 6c 6f 63 61  |...!........loca|
 000000a0  00 00 00 00 00 00 0e c0  00 00 01 82 6d 61 78 70  |............maxp|
@@ -180,9 +180,9 @@
 00000b30  00 00 00 0c 00 04 00 30  00 00 00 08 00 04 00 02  |.......0........|
 00000b40  00 04 00 00 00 7e 00 ff  ff ff 00 00 00 00 00 20  |.....~......... |
 00000b50  00 a0 ff ff 00 00 ff e1  ff c0 00 01 00 00 00 00  |................|
-00000b60  00 00 00 00 00 01 00 00  00 01 00 00 bd 55 7b 6c  |.............U{l|
-00000b70  5f 0f 3c f5 00 01 08 00  00 00 0b 64 04 d1 29 50  |_.<........d..)P|
-00000b80  00 00 0b 64 04 d1 29 50  ff 00 ff 00 07 80 09 80  |...d..)P........|
+00000b60  00 00 00 00 00 01 00 00  00 01 00 00 70 82 c3 0c  |............p...|
+00000b70  5f 0f 3c f5 00 01 08 00  00 00 0b 64 ab 3a 85 80  |_.<........d.:..|
+00000b80  00 00 0b 64 ab 3a 85 80  ff 00 ff 00 07 80 09 80  |...d.:..........|
 00000b90  00 01 00 01 00 00 00 00  00 00 00 00 00 01 00 00  |................|
 00000ba0  09 80 ff 00 00 66 06 80  ff 00 ff 00 07 80 00 01  |.....f..........|

The first chunk is just the checksum-adjustment
caused by diffs in the 2nd chunk.

I already tried to add a memset after all malloc and calloc calls,
but that did not make a difference.


https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/aslr
has examples of how ASLR influenced outputs in the past.

Running fonttosfnt under setarch -R to disable ASLR does make the output
reproducible:

for i in $(seq 1 5) ; do 
  setarch -R fonttosfnt -b -c -g 2 -m 2 -o Adobe-Courier-Bold-Oblique.otb \
  /usr/share/fonts/75dpi/courBO08-ISO8859-1.pcf.gz ; 
  md5sum Adobe-Courier-Bold-Oblique.otb ; done | sort | uniq -c
      5 b320eb3a6f93fe19be575ad536fcba3e  Adobe-Courier-Bold-Oblique.otb

You are receiving this mail because: