Comment 10 for bug 674146

Because there were sprintf/strcat etc. calls around, I tried rebuilding dpkg with -fno-stack-protector -U_FORTIFY_SOURCE, but this didn't help; parse_error_msg corrupts r6 instead of r8.

With a corrupted status file and Debian sid's dpkg I would get for instance:
warning, in file '/var/lib/dpkg/status' near line 18 package 'libsepol1-dev':
 missing maintainer
dpkg-query: parse error, in file '/var/lib/dpkg/status' near line 26 package 'libtext-wrapi18n-perl':
 duplicate value for `Maintainer' field

I've build Ubuntu's dpkg under Debian sid + experimental gcc-4.5/g++-4.5/deps + -mthumb -march=armv7-a and got:
dpkg-query: H�

so apparently, memory corruption; I apparently could run through parse_warn(), but it died somewhere in parsedb().

under Ubuntu natty with -marm -march=armv5t I got:
*** stack smashing detected ***: /usr/bin/dpkg-query terminated
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted

The stack smashing occurs in parse_warn(); after the call to str_escape_fmt() and the subsequent strcat(), but corruption would likely have been earlier.

I am not sure how to interpret the datapoints; Ubuntu has different issues with different flags, Debian has no issue with 4.4 and the Debian default flags, but has issues with 4.5 and our flags.

I guess I could try Debian + 4.5 with Debian's default flags.

In any case, I agre the Ubuntu issues need to be reduced to simpler test cases

(Is anybody working on avoiding the corrupted status in the first place?)