Dear Maintainer, this buffer is caused by a variable of length 256 being snprintf'ed to with a length of 512.
This got fixed upstream in [1] and was also reported here [2]. This issue is visible in the build log [3] with this warning: at proto_xboard.cc:1086:13: ... specified bound 512 exceeds destination size 256 ... There is another location in the build log with a similar warning: at util.cc:785:15: ...specified bound 1024 exceeds destination size 280 ... Kind regards, Bernhard [1] https://github.com/fbergo/eboard/commit/ed33049aff2cefd7508bcda8ab738b8ec871c948 [2] https://bugs.launchpad.net/ubuntu/+source/eboard/+bug/1306419 [3] https://buildd.debian.org/status/fetch.php?pkg=eboard&arch=amd64&ver=1.1.3-0.3&stamp=1558101455&raw=0 (rr) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fd306ea0537 in __GI_abort () at abort.c:79 #2 0x00007fd306ef9828 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007fd306f88712 in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe "buffer overflow detected") at fortify_fail.c:26 #4 0x00007fd306f87110 in __GI___chk_fail () at chk_fail.c:28 #5 0x00007fd306f86d45 in ___snprintf_chk (s=s@entry=0x557098bb5664 "~/.eboard/eng-out", maxlen=maxlen@entry=512, flag=flag@entry=1, slen=slen@entry=256, format=format@entry=0x557097beb6bc "%s/.eboard/craftylog") at snprintf_chk.c:29 #6 0x0000557097bd3a8c in snprintf (__fmt=0x557097beb6bc "%s/.eboard/craftylog", __n=512, __s=0x557098bb5664 "~/.eboard/eng-out") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:67 #7 CraftyProtocol::readDialog() (this=0x557098bb5410) at proto_xboard.cc:1086 #8 0x0000557097bd3780 in XBoardProtocol::run() (this=0x557098bb5410) at proto_xboard.cc:450 ...
# Bullseye/testing amd64 qemu VM 2020-09-04 apt update apt dist-upgrade apt install systemd-coredump lightdm xserver-xorg openbox xterm ccache cmake make g++-multilib gdb pkg-config coreutils python3-pexpect manpages-dev git ninja-build capnproto libcapnp-dev fakeroot mc gdb eboard eboard-dbgsym libgtk2.0-0-dbgsym libglib2.0-0-dbgsym apt build-dep eboard reboot echo 1 > /proc/sys/kernel/perf_event_paranoid mkdir /home/benutzer/source/rr/git -p cd /home/benutzer/source/rr/git git clone https://github.com/mozilla/rr.git cd cd /home/benutzer/source/rr/git/ mkdir obj && cd obj cmake ../rr make -j4 mkdir /home/benutzer/source/eboard/orig -p cd /home/benutzer/source/eboard/orig apt source eboard cd export DISPLAY=:0 /home/benutzer/source/rr/git/obj/bin/rr eboard /home/benutzer/source/rr/git/obj/bin/rr replay /home/benutzer/.local/share/rr/eboard-1 set width 0 set pagination off directory /home/benutzer/source/eboard/orig/eboard-1.1.3 cont benutzer@debian:~$ /home/benutzer/source/rr/git/obj/bin/rr eboard rr: Saving execution to trace directory `/home/benutzer/.local/share/rr/eboard-1'. *** buffer overflow detected ***: terminated Abgebrochen benutzer@debian:~$ /home/benutzer/source/rr/git/obj/bin/rr replay /home/benutzer/.local/share/rr/eboard-1 ... (rr) cont Continuing. *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden. (rr) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fd306ea0537 in __GI_abort () at abort.c:79 #2 0x00007fd306ef9828 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007fd306f88712 in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe "buffer overflow detected") at fortify_fail.c:26 #4 0x00007fd306f87110 in __GI___chk_fail () at chk_fail.c:28 #5 0x00007fd306f86d45 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at snprintf_chk.c:29 #6 0x0000557097bd3a8c in ?? () #7 0x0000557097bd3780 in ?? () #8 0x0000557097bab471 in ?? () #9 0x00007fd3074a6fd2 in g_closure_invoke () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #10 0x00007fd3074ba784 in ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #11 0x00007fd3074c554f in g_signal_emit_valist () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #12 0x00007fd3074c5edf in g_signal_emit () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #13 0x00007fd307e5e7ba in gtk_widget_activate () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #14 0x00007fd307d59eed in gtk_menu_shell_activate_item () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #15 0x00007fd307d5a1b9 in ?? () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #16 0x00007fd307d47a8b in ?? () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #17 0x00007fd3074a6fd2 in g_closure_invoke () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #18 0x00007fd3074b9f06 in ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #19 0x00007fd3074c5078 in g_signal_emit_valist () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #20 0x00007fd3074c5edf in g_signal_emit () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #21 0x00007fd307e5f9e4 in ?? () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #22 0x00007fd307d45cbc in gtk_propagate_event () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #23 0x00007fd307d460b3 in gtk_main_do_event () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #24 0x00007fd307bb810c in ?? () from /lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 #25 0x00007fd3073bb5fd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #26 0x00007fd3073bb880 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #27 0x00007fd3073bbb53 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #28 0x00007fd307d4512a in gtk_main () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #29 0x0000557097b799d1 in ?? () #30 0x00007fd306ea1cca in __libc_start_main (main=0x557097b79800, argc=1, argv=0x7ffdc6104028, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdc6104018) at ../csu/libc-start.c:308 #31 0x0000557097b7a16a in ?? () benutzer@debian:~$ /home/benutzer/source/rr/git/obj/bin/rr replay /home/benutzer/.local/share/rr/eboard-1 ... (rr) set width 0 (rr) set pagination off (rr) directory /home/benutzer/source/eboard/orig/eboard-1.1.3 Source directories searched: /home/benutzer/source/eboard/orig/eboard-1.1.3:$cdir:$cwd (rr) cont Continuing. *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden. (rr) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fd306ea0537 in __GI_abort () at abort.c:79 #2 0x00007fd306ef9828 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007fd306f88712 in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe "buffer overflow detected") at fortify_fail.c:26 #4 0x00007fd306f87110 in __GI___chk_fail () at chk_fail.c:28 #5 0x00007fd306f86d45 in ___snprintf_chk (s=s@entry=0x557098bb5664 "~/.eboard/eng-out", maxlen=maxlen@entry=512, flag=flag@entry=1, slen=slen@entry=256, format=format@entry=0x557097beb6bc "%s/.eboard/craftylog") at snprintf_chk.c:29 #6 0x0000557097bd3a8c in snprintf (__fmt=0x557097beb6bc "%s/.eboard/craftylog", __n=512, __s=0x557098bb5664 "~/.eboard/eng-out") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:67 #7 CraftyProtocol::readDialog() (this=0x557098bb5410) at proto_xboard.cc:1086 #8 0x0000557097bd3780 in XBoardProtocol::run() (this=0x557098bb5410) at proto_xboard.cc:450 #9 0x0000557097bab471 in MainWindow::openEngine(EngineProtocol*, EngineBookmark*) (this=0x55709876ac00, xpp=0x557098bb5410, ebm=0x0) at mainwindow.cc:1046 #13 0x00007fd3074c5edf in <emit signal ??? on instance 0x557098848660 [GtkMenuItem]> (instance=instance@entry=0x557098848660, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3554 #10 0x00007fd3074a6fd2 in g_closure_invoke (closure=0x557098855970, return_value=0x0, n_param_values=1, param_values=0x7ffdc61034b0, invocation_hint=0x7ffdc6103430) at ../../../gobject/gclosure.c:810 #11 0x00007fd3074ba784 in signal_emit_unlocked_R (node=node@entry=0x5570988449e0, detail=detail@entry=0, instance=instance@entry=0x557098848660, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffdc61034b0) at ../../../gobject/gsignal.c:3742 #12 0x00007fd3074c554f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffdc6103660) at ../../../gobject/gsignal.c:3498 #14 0x00007fd307e5e7ba in IA__gtk_widget_activate (widget=widget@entry=0x557098848660 [GtkMenuItem]) at ../../../../gtk/gtkwidget.c:5041 #15 0x00007fd307d59eed in IA__gtk_menu_shell_activate_item (menu_shell=0x55709884d430 [GtkMenu], menu_item=0x557098848660 [GtkMenuItem], force_deactivate=<optimized out>) at ../../../../gtk/gtkmenushell.c:1278 #16 0x00007fd307d5a1b9 in gtk_menu_shell_button_release (widget=0x55709884d430 [GtkMenu], event=0x557098b31b20) at ../../../../gtk/gtkmenushell.c:703 #21 0x00007fd3074c5edf in <emit signal ??? on instance 0x55709884d430 [GtkMenu]> (instance=instance@entry=0x55709884d430, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3554 #17 0x00007fd307d47a8b in _gtk_marshal_BOOLEAN__BOXED (closure=0x557098808a60, return_value=0x7ffdc61039a0, n_param_values=<optimized out>, param_values=0x7ffdc6103a00, invocation_hint=<optimized out>, marshal_data=<optimized out>) at ../../../../gtk/gtkmarshalers.c:84 #18 0x00007fd3074a6fd2 in g_closure_invoke (closure=0x557098808a60, return_value=0x7ffdc61039a0, n_param_values=2, param_values=0x7ffdc6103a00, invocation_hint=0x7ffdc6103980) at ../../../gobject/gclosure.c:810 #19 0x00007fd3074b9f06 in signal_emit_unlocked_R (node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x55709884d430, emission_return=emission_return@entry=0x7ffdc6103b20, instance_and_params=instance_and_params@entry=0x7ffdc6103a00) at ../../../gobject/gsignal.c:3780 #20 0x00007fd3074c5078 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffdc6103bd0) at ../../../gobject/gsignal.c:3508 #22 0x00007fd307e5f9e4 in gtk_widget_event_internal (widget=widget@entry=0x55709884d430 [GtkMenu], event=event@entry=0x557098b31b20) at ../../../../gtk/gtkwidget.c:5010 #23 0x00007fd307e5fcc9 in IA__gtk_widget_event (widget=widget@entry=0x55709884d430 [GtkMenu], event=event@entry=0x557098b31b20) at ../../../../gtk/gtkwidget.c:4807 #24 0x00007fd307d45cbc in IA__gtk_propagate_event (widget=0x55709884d430 [GtkMenu], event=0x557098b31b20) at ../../../../gtk/gtkmain.c:2503 #25 0x00007fd307d460b3 in IA__gtk_main_do_event (event=0x557098b31b20) at ../../../../gtk/gtkmain.c:1698 #26 IA__gtk_main_do_event (event=<optimized out>) at ../../../../gtk/gtkmain.c:1503 #27 0x00007fd307bb810c in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../../../../../gdk/x11/gdkevents-x11.c:2425 #28 0x00007fd3073bb5fd in g_main_dispatch (context=0x5570987c4790) at ../../../glib/gmain.c:3309 #29 g_main_context_dispatch (context=context@entry=0x5570987c4790) at ../../../glib/gmain.c:3974 #30 0x00007fd3073bb880 in g_main_context_iterate (context=0x5570987c4790, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4047 #31 0x00007fd3073bbb53 in g_main_loop_run (loop=0x557098b601b0) at ../../../glib/gmain.c:4241 #32 0x00007fd307d4512a in IA__gtk_main () at ../../../../gtk/gtkmain.c:1270 #33 0x0000557097b799d1 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at main.cc:93 (rr) reverse-finish Run back to call of #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 in ../sysdeps/unix/sysv/linux/raise.c (rr) Run back to call of #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 0x00007fd306ea0532 in __GI_abort () at abort.c:79 79 abort.c: Datei oder Verzeichnis nicht gefunden. (rr) Run back to call of #0 0x00007fd306ea0532 in __GI_abort () at abort.c:79 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 155 ../sysdeps/posix/libc_fatal.c: Datei oder Verzeichnis nicht gefunden. (rr) Run back to call of #0 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 0x00007fd306f8870d in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe "buffer overflow detected") at fortify_fail.c:26 26 fortify_fail.c: Datei oder Verzeichnis nicht gefunden. (rr) Run back to call of #0 0x00007fd306f8870d in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe "buffer overflow detected") at fortify_fail.c:26 0x00007fd306f8710b in __GI___chk_fail () at chk_fail.c:28 28 chk_fail.c: Datei oder Verzeichnis nicht gefunden. (rr) Run back to call of #0 0x00007fd306f8710b in __GI___chk_fail () at chk_fail.c:28 ___snprintf_chk (s=s@entry=0x557098bb5664 "~/.eboard/eng-out", maxlen=maxlen@entry=512, flag=flag@entry=1, slen=slen@entry=256, format=format@entry=0x557097beb6bc "%s/.eboard/craftylog") at snprintf_chk.c:29 29 snprintf_chk.c: Datei oder Verzeichnis nicht gefunden. (rr) Run back to call of #0 ___snprintf_chk (s=s@entry=0x557098bb5664 "~/.eboard/eng-out", maxlen=maxlen@entry=512, flag=flag@entry=1, slen=slen@entry=256, format=format@entry=0x557097beb6bc "%s/.eboard/craftylog") at snprintf_chk.c:29 0x0000557097bd3a87 in snprintf (__fmt=0x557097beb6bc "%s/.eboard/craftylog", __n=512, __s=0x557098bb5664 "~/.eboard/eng-out") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:67 warning: Source file is more recent than executable. 67 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, (rr) Run till exit from #0 0x0000557097bd3a87 in snprintf (__fmt=0x557097beb6bc "%s/.eboard/craftylog", __n=512, __s=0x557098bb5664 "~/.eboard/eng-out") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:67 CraftyProtocol::readDialog (this=0x557098bb5410) at proto_xboard.cc:1086 1086 snprintf(EngineRunDir,512,"%s/.eboard/craftylog",global.env.Home.c_str()); (rr) list proto_xboard.h:118 113 TimeControl timecontrol; 114 int MaxDepth; 115 bool ThinkAlways; 116 variant Variant; 117 char EngineCommandLine[512]; 118 char EngineRunDir[256]; <<<<<<<<<< 119 char ComputerName[64]; 120 121 bool supports_setboard; 122 bool requires_usermove; (rr) list proto_xboard.cc:1086 1081 XBoardProtocol::readDialog(); 1082 resolvePaths(); 1083 snprintf(EngineCommandLine,512,"crafty bookpath=%s logpath=%s tbpath=%s", 1084 BookPath,LogPath,LogPath); 1085 if (!global.env.Home.empty()) 1086 snprintf(EngineRunDir,512,"%s/.eboard/craftylog",global.env.Home.c_str()); <<<<<<<<<< 1087 else 1088 strcpy(EngineRunDir,"/tmp"); 1089 1090 if (ebm) { https://github.com/fbergo/eboard/commit/ed33049aff2cefd7508bcda8ab738b8ec871c948 https://bugs.launchpad.net/ubuntu/+source/eboard/+bug/1306419
