User:Sam/Bug wall of fame

I often want to refer to bugs which are notable in some way (wild UB cases, bizarre in some way, or related to a certain topic). Here's a rolling list of them.

Bugs found by Portage's native file copying
Portage has a C extension controlled by  to use copy-on-write (CoW) if possible when merging files from the image directory to the live filesystem.

It has a history of finding bugs in kernels and filesystems because of how extensively the CoW syscalls get stresstested when doing many thousands of merges a day collectively if you consider the number of users on various filesystems in Gentoo.


 * Bug in btrfs's btrfs_file_llseek


 * Broken seek on glusterfs
 * https://github.com/gluster/glusterfs/issues/894
 * https://github.com/gluster/glusterfs/issues/894


 * ZFS and Portage bug combined
 * Portage side:
 * ZFS side: https://github.com/openzfs/zfs/issues/3125
 * ZFS side: https://github.com/openzfs/zfs/issues/3125


 * ZFS sendfile with Linux 5.10
 * https://github.com/openzfs/zfs/issues/11151
 * https://github.com/openzfs/zfs/issues/11151


 * ZFS sendfile with Linux 5.16
 * (sort of, these bugs tend to end up getting reused by people hitting different issues a while later...)
 * https://github.com/openzfs/zfs/issues/12971


 * ZFS SEEK_DATA failed sometimes
 * coreutils-9's default --reflink=auto ended up leading to Go getting mangled (and segfaulting) when merging to the live filesystem
 * https://github.com/openzfs/zfs/issues/11900
 * https://github.com/openzfs/zfs/issues/11900#issuecomment-927568640
 * https://github.com/openzfs/zfs/pull/12745

Notable bugs found by arch testing
Many of the bugs in this list could've affected any platform or architecture, and it just happened to work in other places. The idea is to try demonstrate the value of portability and testing on various systems in Gentoo.

(Of course, things which fail on niche architectures/platforms often violate some generic C rule or other, but many of the things listed here for are definitely and unambiguously broken on e.g. amd64 and it's just lucky nobody else hit it first.

Think e.g. "a crash happens on arm by chance, but it can easily happen on amd64 with X input, and it revealed missing bounds checks." or similar.)


 * had a buffer overflow in get_cert_name, (CVE-2020-12823)