Package: gdc-4.3
Version: 1:1.046-4.3.4-5
Severity: serious
The MD5-sums calculated by std.md5 are seriously broken - they're not
only wrong, they're different on each run..
gdc-4.1 and the closed-source dmd do *not* have this bug. Because
md5.d in the gdc-4.1 and gdc-4.3 package sources are identical I file
this as a bug in the compiler, not libphobos.
I consider this a serious bug because it makes std.md5 unusable and
probably affects other code as well (why should it only break the MD5
code).
I attached a simple testcase to demonstrate this bug. When it's build
with gdc-4.1 I get the following output:
"900150983CD24FB0D6963F7D28E17F72", when it's built with gdc-4.3 I
get:
"9BB8D85B9EC69BAAE48AFD6DC642C4B7
Error: AssertError Failure md5test.d(8)"
or "73295B9A9D13003D9E6065260759FBD4
Error: AssertError Failure md5test.d(8)"
... (a different sum on each run).
Cheers,
- Daniel
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.32-3-686
Debian Release: squeeze/sid
500 testing security.debian.org
500 testing ftp.de.debian.org
--- Package information. ---
Depends (Version) | Installed
=========================================-+-====================
gcc-4.3-base (>= 4.3.4-1) | 4.3.4-10
g++-4.3 (>= 4.3.4-1) | 4.3.4-10
libphobos-4.3-dev (= 1:1.046-4.3.4-5) | 1:1.046-4.3.4-5
libc6 (>= 2.3) | 2.10.2-6
libgcc1 (>= 1:4.1.1) | 1:4.4.2-9
libgmp3c2 | 2:4.3.2+dfsg-1
libmpfr1ldbl | 2.4.2-3
libstdc++6 (>= 4.1.1) | 4.4.2-9
Package's Recommends field is empty.
Package's Suggests field is empty.
import std.md5;
import std.stdio;
void main(){
// testcase from md5.d unittests
ubyte[16] digest;
sum (digest, "abc");
writefln(digestToString(digest));
assert(digest == cast(ubyte[])x"900150983cd24fb0d6963f7d28e17f72");
}
