Bug#568665: make corrupts commands with latest eglibc (strcpy of overlapping strings)

Sat, 06 Feb 2010 10:31:32 -0800 

Package: make
Version: 3.81-7
Severity: normal

make uses strcpy() on overlapping strings, recent (e)glibc doesn't tolerate this
(I'm running the latest eglibc from Ubuntu, but the bug may probably show with
the version in Debian experimental, too).

I stumbled upon this while building package xulrunner (1.9.1.6-2).
The following demonstrates the bug:

$ make -n -C xulrunner-1.9.1.6/modules/libpr0n/build export
make: Entering directory 
`/var/tmp/build/make-dfsg-3.81/xulrunner-1.9.1.6/modules/libpr0n/build'
{ \
  echo "#define IMG_BUILD_DECODER_png";  echo "#define IMG_BUILD_DECODER_gif";  
echo "#define IMG_BUILD_DECODER_jpeg";  echo "#define IMG_BUILD_DECODER_bmp";  
echo "#define IMG_BUILD_DECODER_xbm"; \
  echo "#define IMG_BUILD_ENCODER_png";  echo "#define IMG_BUILD_ENCODER_jpeg"; 
\ImgBu nsImgBuildDefines.tmp
....

Note the corruption at the end of the last line shown. Output should have been:

make: Entering directory 
`/var/tmp/build/make-dfsg-3.81/xulrunner-1.9.1.6/modules/libpr0n/build'
{ \
  echo "#define IMG_BUILD_DECODER_png";  echo "#define IMG_BUILD_DECODER_gif";  
echo "#define IMG_BUILD_DECODER_jpeg";  echo "#define IMG_BUILD_DECODER_bmp";  
echo "#define IMG_BUILD_DECODER_xbm"; \
  echo "#define IMG_BUILD_ENCODER_png";  echo "#define IMG_BUILD_ENCODER_jpeg"; 
\
 } > nsImgBuildDefines.tmp
....

Patch attached, but note that there may be other such misuses of strcpy()
still lurking in the code.



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32.6 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages make depends on:
ii  libc6                    2.11.1-0ubuntu2 Embedded GNU C Library: Shared lib

make recommends no packages.

Versions of packages make suggests:
ii  make-doc                      3.81-5     Documentation for the GNU version 

-- no debconf information

--- make-dfsg-3.81-ORIG/job.c	2010-02-06 18:38:32.000000000 +0100
+++ make-dfsg-3.81/job.c	2010-02-06 18:40:56.000000000 +0100
@@ -1594,7 +1594,7 @@
       /* There are no more references in this line to worry about.
 	 Copy the remaining uninteresting text to the output.  */
       if (out != in)
-	strcpy (out, in);
+	memmove(out, in, strlen(in)+1);
 
       /* Finally, expand the line.  */
       lines[i] = allocated_variable_expand_for_file (cmds->command_lines[i],

Reply via email to