Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

utils: lockfile: avoid stack overflow for lockfile buffer #1169

Merged
merged 1 commit into from Mar 10, 2023
Merged

utils: lockfile: avoid stack overflow for lockfile buffer #1169

merged 1 commit into from Mar 10, 2023

Conversation

cyphar
Copy link
Contributor

@cyphar cyphar commented Jun 20, 2022

There appears to have been some change on openSUSE (likely some new
hardening flags for builds, or some glibc hardening) such that incorrect
buffer handling results in a segfault even if the buffer is never
overflowed.

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

@cyphar
utils: lockfile: avoid stack overflow for lockfile buffer
812bba8 
There appears to have been some change on openSUSE (likely some new
hardening flags for builds, or some glibc hardening) such that incorrect
buffer handling results in a segfault even if the buffer is never
overflowed.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar
Copy link
Contributor Author

cyphar commented Jun 22, 2022

Here's the key info from the coredump:

Core was generated by `rtorrent'.
Program terminated with signal SIGABRT, Aborted.
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
[Current thread is 1 (Thread 0x7f78c8364d00 (LWP 2112))]
Missing separate debuginfos, use: zypper install libsasl2-3-debuginfo-2.1.28-1.5.x86_64
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f78c90fa743 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f78c90a76f6 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f78c9090814 in __GI_abort () at abort.c:79
#4  0x00007f78c90ed79e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f78c9233524 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#5  0x00007f78c919287a in __GI___fortify_fail (msg=msg@entry=0x7f78c92334ca "buffer overflow detected") at fortify_fail.c:26
#6  0x00007f78c9190e36 in __GI___chk_fail () at chk_fail.c:28
#7  0x00007f78c91909f5 in ___snprintf_chk (s=<optimized out>, maxlen=maxlen@entry=255, flag=flag@entry=2, slen=<optimized out>, format=format@entry=0x55e8f96e815d ":+%i\n")
    at snprintf_chk.c:29
#8  0x000055e8f9673192 in snprintf (__fmt=0x55e8f96e815d ":+%i\n", __n=255, __s=<optimized out>) at /usr/include/bits/stdio2.h:71
#9  utils::Lockfile::try_lock (this=0x55e8faa6f090) at utils/lockfile.cc:101
#10 core::DownloadStore::enable (lock=<optimized out>, this=0x55e8faa6f070) at core/download_store.cc:74
#11 Control::initialize (this=0x55e8faa6a780) at /usr/src/debug/rtorrent-0.9.8-5.5.x86_64/src/control.cc:115
#12 0x000055e8f963f43b in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/rtorrent-0.9.8-5.5.x86_64/src/main.cc:469

I suspect this is caused by FORTIFY_SOURCE=2.

bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Jun 23, 2022
@bmwiedemann
Update rtorrent to version 0.9.8 / rev 11 via SR 984398
f7bd215 
https://build.opensuse.org/request/show/984398
by user jengelh + dimstar_suse
- Backport fix which resolves a crashing issue on startup on openSUSE.
  rakshasa/rtorrent#1169
  + 0001-utils-lockfile-avoid-stack-overflow-for-lockfile-buf.patch
@thesamesam thesamesam mentioned this pull request Jan 25, 2023
Open
@thesamesam
Copy link

Note that this is actually with _FORTIFY_SOURCE=3 (not 2).

@rakshasa rakshasa merged commit 92bec88 into rakshasa:master Mar 10, 2023
@cyphar cyphar deleted the lockfile-segfault branch March 11, 2023 04:03
stickz added a commit to stickz/swizzin that referenced this pull request Apr 4, 2023
@stickz
rTorrent: Resolve lockfile crash
268f905 
Backports fix for lock file crash merged into rTorrent master. rakshasa/rtorrent#1169
stickz added a commit to stickz/swizzin that referenced this pull request Apr 4, 2023
@stickz
rTorrent: Resolve lockfile crash
22a2399 
Backports fix for lock file crash merged into rTorrent master. rakshasa/rtorrent#1169
@stickz stickz mentioned this pull request Apr 4, 2023
Merged
liaralabs pushed a commit to swizzin/swizzin that referenced this pull request Apr 11, 2023
@stickz
rTorrent: resolve lockfile crash (#973)
577695e 
Backports fix for lock file crash merged into rTorrent master. rakshasa/rtorrent#1169
Elegant996 added a commit to Elegant996/rtorrent that referenced this pull request May 15, 2023
@Elegant996
utils: lockfile: avoid stack overflow for lockfile buffer
565f419 
See rakshasa/rtorrent#1169
Elegant996 added a commit to Elegant996/rtorrent that referenced this pull request May 23, 2023
@Elegant996
utils: lockfile: avoid stack overflow for lockfile buffer
9ddb071 
See rakshasa/rtorrent#1169
crabtw added a commit to crabtw/nix-system-config that referenced this pull request Jul 17, 2023
@crabtw
Disable fortify3 for rtorrent
6816dfb 
rakshasa/rtorrent#1169
vamega pushed a commit to vamega/rtorrent that referenced this pull request Jul 19, 2023
utils: lockfile: avoid stack overflow for lockfile buffer
dd4a960 
Original patch by @cyphar was submitted to rakshasa/rtorrent at
rakshasa/rtorrent#1169.

Observed the segfault on nixos-unstable.
This was referenced Jul 19, 2023
Merged
Merged
Elegant996 added a commit to Elegant996/rtorrent that referenced this pull request Jul 31, 2023
@Elegant996
utils: lockfile: avoid stack overflow for lockfile buffer
0fb2fcf 
See rakshasa/rtorrent#1169
@bibimagic bibimagic mentioned this pull request May 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cyphar @thesamesam @rakshasa