[Bug 1173396] New: fonttosfnt writes nondeterministic .otb files from ASLR
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1173396 Bug ID: 1173396 Summary: fonttosfnt writes nondeterministic .otb files from ASLR Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: X.Org Assignee: sndirsch@suse.com Reporter: bwiedemann@suse.com QA Contact: gfx-bugs@suse.de CC: eich@suse.com Blocks: 1061219 Found By: Development Blocker: --- While working on reproducible builds for openSUSE, I found that when building the xorg-x11-fonts-converted package, there were slight differences between each build Steps to Reproduce: fonttosfnt -b -c -g 2 -m 2 -o Adobe-Courier-Bold-Oblique.otb /usr/share/fonts/75dpi/courBO08-ISO8859-1.pcf.gz ; md5sum Adobe-Courier-Bold-Oblique.otb filterdiff 'hexdump -C' {a,b}.otb 00000040 e3 43 7d a3 00 00 0a f0 00 00 00 36 63 6d 61 70 |.C}........6cmap| 00000050 00 ee 01 48 00 00 0b 28 00 00 00 3c 67 6c 79 66 |...H...(...<glyf| 00000060 00 00 00 00 00 00 0b 64 00 00 00 00 68 65 61 64 |.......d....head| -00000070 6f 36 b6 de 00 00 0b 64 00 00 00 36 68 68 65 61 |o6.....d...6hhea| +00000070 bc 09 6f 3e 00 00 0b 64 00 00 00 36 68 68 65 61 |..o>...d...6hhea| 00000080 10 69 05 40 00 00 0b 9c 00 00 00 24 68 6d 74 78 |.i.@.......$hmtx| 00000090 1c a0 fe 21 00 00 0b c0 00 00 03 00 6c 6f 63 61 |...!........loca| 000000a0 00 00 00 00 00 00 0e c0 00 00 01 82 6d 61 78 70 |............maxp| @@ -180,9 +180,9 @@ 00000b30 00 00 00 0c 00 04 00 30 00 00 00 08 00 04 00 02 |.......0........| 00000b40 00 04 00 00 00 7e 00 ff ff ff 00 00 00 00 00 20 |.....~......... | 00000b50 00 a0 ff ff 00 00 ff e1 ff c0 00 01 00 00 00 00 |................| -00000b60 00 00 00 00 00 01 00 00 00 01 00 00 bd 55 7b 6c |.............U{l| -00000b70 5f 0f 3c f5 00 01 08 00 00 00 0b 64 04 d1 29 50 |_.<........d..)P| -00000b80 00 00 0b 64 04 d1 29 50 ff 00 ff 00 07 80 09 80 |...d..)P........| +00000b60 00 00 00 00 00 01 00 00 00 01 00 00 70 82 c3 0c |............p...| +00000b70 5f 0f 3c f5 00 01 08 00 00 00 0b 64 ab 3a 85 80 |_.<........d.:..| +00000b80 00 00 0b 64 ab 3a 85 80 ff 00 ff 00 07 80 09 80 |...d.:..........| 00000b90 00 01 00 01 00 00 00 00 00 00 00 00 00 01 00 00 |................| 00000ba0 09 80 ff 00 00 66 06 80 ff 00 ff 00 07 80 00 01 |.....f..........| The first chunk is just the checksum-adjustment caused by diffs in the 2nd chunk. I already tried to add a memset after all malloc and calloc calls, but that did not make a difference. https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/aslr has examples of how ASLR influenced outputs in the past. Running fonttosfnt under setarch -R to disable ASLR does make the output reproducible: for i in $(seq 1 5) ; do setarch -R fonttosfnt -b -c -g 2 -m 2 -o Adobe-Courier-Bold-Oblique.otb \ /usr/share/fonts/75dpi/courBO08-ISO8859-1.pcf.gz ; md5sum Adobe-Courier-Bold-Oblique.otb ; done | sort | uniq -c 5 b320eb3a6f93fe19be575ad536fcba3e Adobe-Courier-Bold-Oblique.otb -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1173396 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|sndirsch@suse.com |alarrosa@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com