Clint Adams writes: Hi!
> On Mon, May 18, 2026 at 07:21:10PM -0500, Josh Kilmer wrote: >>I ran into a segfault from cp -pR, under fakeroot, with files that >>have extended attributes. The sequence of events is as follows: >> >>* cp (either directly or via a lib) attempts a fchownat, which fails >>with errno set to EPERM (1) >>* the fakeroot wrapper hides the return value but keeps errno (This is legal) >>* cp calls down into attr_copy_fd from libattr >>* attr_copy_fd attempts to flistxattr on a NULL buffer of size 0, this >>returns 33 (size of buffer) and leaves errno unchanged (still EPERM) >>* the fakeroot wrapper catches the stale EPERM, clears errno, and >>returns 0 to indicate an empty xattr (which is incorrect) >>* attr_copy_fd does not have any special handling for returned size of >>0, so it continues and allocates a 1 byte buffer (size+1) >>* attr_copy_fd then attempts to flistxattr on the 1 byte buffer with >>size 0. This successfully returns 33 again, as is correct when size is >>0. >>* fakeroot correctly forwards the successful call now that errno is 0 >>* attr_copy_fd overwrites it's size variable with the new result (33), >>and reads well past the allocated buffer into a segfault. (It also >>skips over it's end pointer and reads much more than 33 bytes, but >>that's another issue) Do you have a recipe, preferrably a shell script example that shows this? >>This appears to have been inadvertently introduced by changes in >>#1136815. Some of the introduced !r checks probably need to be changed >>to r > 0 to allow positive return values to be returned unmodified. This makes sense, have you tried that? I'm happy to try if I can reproduce the problem. >>I'd also like to note that it's *not* legal for syscalls to clear >>errno, which may now happen if you have a pre-set errno coming into a >>modified syscall Where does this happen that is not OK? It's true that my patch now "tests" getxattr/setxattr to see if it may succeed and I thought that was a neat solution. >> but I've not run into any issues tied to it. It would be nice to fix it anyway, WDYT? >>I am using Arch Linux which is downstream from this package, but not >>currently running any patches Greetings, Janneke -- Janneke Nieuwenhuizen <[email protected]> | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | AvatarĀ® https://AvatarAcademy.com
