Debian Bug report logs - #518927
Please update dtoa.c in all packages that use it

Package: general; Maintainer for general is debian-devel@lists.debian.org;

Reported by: "Alexander E. Patrakov" <patrakov@gmail.com>

Date: Mon, 9 Mar 2009 09:45:04 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, <debian-devel@lists.debian.org>:
Bug#518927; Package general. (Mon, 09 Mar 2009 09:45:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Alexander E. Patrakov" <patrakov@gmail.com>:
New Bug report received and forwarded. Copy sent to <debian-devel@lists.debian.org>. (Mon, 09 Mar 2009 09:45:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Alexander E. Patrakov" <patrakov@gmail.com>
To: submit@bugs.debian.org
Cc: flameeyes@gmail.com
Subject: Please update dtoa.c in all packages that use it
Date: Mon, 9 Mar 2009 14:42:53 +0500
Package: general
Severity: normal

Hi,

many source packages contain the "dtoa.c" file that bears the following
copyright notice:

 * The author of this software is David M. Gay.
 *
 * Copyright (c) 1991, 2000, 2001 by Lucent Technologies.

All these packages will be miscompiled by gcc-4.4, because dtoa.c
violates strict aliasing rules. See more details at
http://patrakov.blogspot.com/2009/03/dont-use-old-dtoac.html

Please do a whole-archive search for source files (you'll mostly find
copies of dtoa.c, gdtoa.c and various internal headers) that contain the
string "#define word1(x) ((U*)&x)->L[0]", and clone this bug
accordingly.

System information: irrelevant.

Diego Elio Pettenò: you received this mail because I want you to do the
same thing for Gentoo.

-- 
Alexander E. Patrakov




Information forwarded to debian-bugs-dist@lists.debian.org, <debian-devel@lists.debian.org>:
Bug#518927; Package general. (Thu, 12 Mar 2009 12:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Diego E. 'Flameeyes'" Pettenò <flameeyes@gmail.com>:
Extra info received and forwarded to list. Copy sent to <debian-devel@lists.debian.org>. (Thu, 12 Mar 2009 12:51:02 GMT) Full text and rfc822 format available.

Message #10 received at 518927@bugs.debian.org (full text, mbox):

From: "Diego E. 'Flameeyes'" Pettenò <flameeyes@gmail.com>
To: 518927@bugs.debian.org
Subject: Software that bundles old dtoa.c
Date: Thu, 12 Mar 2009 13:49:52 +0100
[Message part 1 (text/plain, inline)]
A not-so-quick scan through the Gentoo source tree, pointed at the
following software as containing the old dtoa.c file (checked against
the word1 define):

Mozilla-derived software (nspr, xulrunner (1.8 and 1.9), seamonkey,
thunderbird, sunbird, nvu), Ruby (1.8 and 1.9), Qt 4.5, kdelibs 3.5,
VirtualBox 2.1, WebKit GTK, Mono 2.2, Poly/ML 5.2.1

The fact that they _contain_ the source file does not mean they build
it, and even if they built it, it does not mean it is susceptible to
this problem: some software, like Ruby and VirtualBox, build with
-fno-strict-aliasing enabled by default.

The scan isn't entirely over yet though, I'm still missing some
X11-related packages and the whole of XFCE.

-- 
Diego "Flameeyes" Pettenò
http://blog.flameeyes.eu/

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 03:16:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.