Dear Maintainer,
this buffer is caused by a variable of length 256 being
snprintf'ed to with a length of 512.
This got fixed upstream in [1] and was also reported here [2].
This issue is visible in the build log [3] with this warning:
at proto_xboard.cc:1086:13:
... specified bound 512 exceeds destination size 256 ...
There is another location in the build log with a similar warning:
at util.cc:785:15:
...specified bound 1024 exceeds destination size 280 ...
Kind regards,
Bernhard
[1]
https://github.com/fbergo/eboard/commit/ed33049aff2cefd7508bcda8ab738b8ec871c948
[2] https://bugs.launchpad.net/ubuntu/+source/eboard/+bug/1306419
[3]
https://buildd.debian.org/status/fetch.php?pkg=eboard=amd64=1.1.3-0.3=1558101455=0
(rr) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x7fd306ea0537 in __GI_abort () at abort.c:79
#2 0x7fd306ef9828 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at
../sysdeps/posix/libc_fatal.c:155
#3 0x7fd306f88712 in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe
"buffer overflow detected") at fortify_fail.c:26
#4 0x7fd306f87110 in __GI___chk_fail () at chk_fail.c:28
#5 0x7fd306f86d45 in ___snprintf_chk (s=s@entry=0x557098bb5664
"~/.eboard/eng-out", maxlen=maxlen@entry=512, flag=flag@entry=1,
slen=slen@entry=256, format=format@entry=0x557097beb6bc "%s/.eboard/craftylog")
at snprintf_chk.c:29
#6 0x557097bd3a8c in snprintf (__fmt=0x557097beb6bc
"%s/.eboard/craftylog", __n=512, __s=0x557098bb5664 "~/.eboard/eng-out") at
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67
#7 CraftyProtocol::readDialog() (this=0x557098bb5410) at proto_xboard.cc:1086
#8 0x557097bd3780 in XBoardProtocol::run() (this=0x557098bb5410) at
proto_xboard.cc:450
...
# Bullseye/testing amd64 qemu VM 2020-09-04
apt update
apt dist-upgrade
apt install systemd-coredump lightdm xserver-xorg openbox xterm ccache cmake
make g++-multilib gdb pkg-config coreutils python3-pexpect manpages-dev git
ninja-build capnproto libcapnp-dev fakeroot mc gdb eboard eboard-dbgsym
libgtk2.0-0-dbgsym libglib2.0-0-dbgsym
apt build-dep eboard
reboot
echo 1 > /proc/sys/kernel/perf_event_paranoid
mkdir /home/benutzer/source/rr/git -p
cd/home/benutzer/source/rr/git
git clone https://github.com/mozilla/rr.git
cd
cd /home/benutzer/source/rr/git/
mkdir obj && cd obj
cmake ../rr
make -j4
mkdir /home/benutzer/source/eboard/orig -p
cd/home/benutzer/source/eboard/orig
apt source eboard
cd
export DISPLAY=:0
/home/benutzer/source/rr/git/obj/bin/rr eboard
/home/benutzer/source/rr/git/obj/bin/rr replay
/home/benutzer/.local/share/rr/eboard-1
set width 0
set pagination off
directory /home/benutzer/source/eboard/orig/eboard-1.1.3
cont
benutzer@debian:~$ /home/benutzer/source/rr/git/obj/bin/rr eboard
rr: Saving execution to trace directory
`/home/benutzer/.local/share/rr/eboard-1'.
*** buffer overflow detected ***: terminated
Abgebrochen
benutzer@debian:~$ /home/benutzer/source/rr/git/obj/bin/rr replay
/home/benutzer/.local/share/rr/eboard-1
...
(rr) cont
Continuing.
*** buffer overflow detected ***: terminated
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht
gefunden.
(rr) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x7fd306ea0537 in __GI_abort () at abort.c:79
#2 0x7fd306ef9828 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7fd307007c28 "*** %s ***: terminated\n") at
../sysdeps/posix/libc_fatal.c:155
#3 0x7fd306f88712 in __GI___fortify_fail (msg=msg@entry=0x7fd307007bbe
"buffer overflow detected") at fortify_fail.c:26
#4 0x7fd306f87110 in __GI___chk_fail () at chk_fail.c:28
#5 0x7fd306f86d45 in ___snprintf_chk (s=, maxlen=, flag=, slen=, format=) at
snprintf_chk.c:29
#6 0x557097bd3a8c in ?? ()
#7 0x557097bd3780 in ?? ()
#8 0x557097bab471 in ?? ()
#9 0x7fd3074a6fd2 in g_closure_invoke () from
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x7fd3074ba784 in ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x7fd3074c554f in g_signal_emit_valist () from
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x7fd3074c5edf in g_signal_emit () from
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x7fd307e5e7ba in gtk_widget_activate () from
/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#14 0x7fd307d59eed in gtk_menu_shell_activate_item () from
/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#15 0x7fd307d5a1b9 in ?? () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#16 0x7fd307d47a8b in ?? () from /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#17 0x7fd3074a6fd2 in g_closure_invoke () from
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#18 0x7fd3074b9f06 in ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#19