Page MenuHomePhorge

libkolabxml's build is different every time unless ASLR is disabled
Open, NormalPublic

Description

This problem emerged when trying to make a reproducible build in openSUSE. From the downstream bug report (https://bugzilla.opensuse.org/show_bug.cgi?id=1060506):

When working on the reproducible builds project for openSUSE I found that
libkolabxml packages differ for every build
unless ASLR is disabled in the build system.
This indicates either usage of unitinialized memory (compare [1])
or using (randomized) pointers in output.

/usr/lib64/libkolabxml.so.1.1.6 differs because of

/home/abuild/rpmbuild/BUILD/libkolabxml-1.1.6/build/kolabformat-xcal-schema.cxx 2018-10-30 08:42:53.622040000 +0000
@@ -9014,9 +9014,9 @@

   0x00, 0x01, 0x6d, 0x09, 0x00, 0x01, 0x3f, 0x07, 0x00, 0x01, 0x23, 0x07,
   0x00, 0x01, 0x53, 0x0a, 0x00, 0x01, 0x68, 0x07, 0x00, 0x01, 0x7f, 0x09,
   0x00, 0x01, 0x4e, 0x04, 0x00, 0x01, 0xfe, 0xff, 0xff, 0xff, 0x1d, 0x00,
-  0x06, 0x0e, 0x00, 0x06, 0xe8, 0x08, 0x00, 0x01, 0xff, 0xff, 0xff, 0xff,
+  0x06, 0x0e, 0x00, 0x06, 0x25, 0x07, 0x00, 0x01, 0xff, 0xff, 0xff, 0xff,
   0x00, 0x03, 0x0c, 0x00, 0x06, 0x58, 0x53, 0x41, 0x6e, 0x6e, 0x6f, 0x74,
-  0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x03, 0x11, 0x09, 0x00, 0x05, 0x3c,
+  0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x03, 0xb6, 0x01, 0x00, 0x05, 0x3c,
   0x00, 0xff, 0x78, 0x73, 0x3a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,

[...]

which probably comes from

# Compile Schemas
add_custom_command(OUTPUT kolabformat-xcal-schema.cxx
        COMMAND ${XSDBIN} --verbose --array-name iCalendar_schema --output-dir ${CMAKE_BINARY_DIR} ${SCHEMAS}

which might be from ./compiled/xsdbin.cxx
and/or involving the xsd package

[1] https://build.opensuse.org/package/view_file/M17N/gcin/gcin-reproducible.patch?rev=a7627ca3dad0fea774882571fcab1bb2

Details

Ticket Type
Task

Event Timeline

Here is a partial hexdump-diff of the binary:
http://rb.zq1.de/compare.factory-20170617/libkolabxml-compare.out
It makes the differing ASCII portions more visible and recognizable that start after xml:lang="en">.

Those look as if sorting of entries is randomized.

vanmeeuwen lowered the priority of this task from 60 to Normal.Mar 28 2019, 8:12 AM