commit: cc1c95985ddcf95cc24fb9e784b935b6bab6fda0 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Jan 11 06:59:45 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Jan 11 07:48:30 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc1c9598
sys-apps/install-xattr: backport UB fix Bug: https://github.com/gentoo/elfix/pull/3 Signed-off-by: Sam James <sam <AT> gentoo.org> ...stall-xattr-avoid-accessing-empty-storage.patch | 46 ++++++++++++++++++++ .../0002-install-xattr-fix-small-memory-leak.patch | 50 ++++++++++++++++++++++ ...attr-0.8.ebuild => install-xattr-0.8-r1.ebuild} | 24 ++++++----- sys-apps/install-xattr/install-xattr-0.8.ebuild | 4 +- sys-apps/install-xattr/install-xattr-9999.ebuild | 23 +++++----- 5 files changed, 123 insertions(+), 24 deletions(-) diff --git a/sys-apps/install-xattr/files/0.8/0001-install-xattr-avoid-accessing-empty-storage.patch b/sys-apps/install-xattr/files/0.8/0001-install-xattr-avoid-accessing-empty-storage.patch new file mode 100644 index 000000000000..b77f74635e48 --- /dev/null +++ b/sys-apps/install-xattr/files/0.8/0001-install-xattr-avoid-accessing-empty-storage.patch @@ -0,0 +1,46 @@ +https://github.com/gentoo/elfix/pull/3 + +From 2a0dffbf0080dc74f82910a74f051d835cfd653f Mon Sep 17 00:00:00 2001 +From: Sam James <s...@gentoo.org> +Date: Fri, 6 Jan 2023 03:06:50 +0000 +Subject: [PATCH 1/2] install-xattr: avoid accessing empty storage + +UBSAN reports: +``` +install-xattr.c:124:16: runtime error: load of address 0x55555556d440 with insufficient space for an object of type 'char' +0x55555556d440: note: pointer points here + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 00 00 + ^ + #0 0x555555557a27 in copyxattr /home/sam/git/elfix//install-xattr.c:124 + #1 0x555555556a4d in main /home/sam/git/elfix//install-xattr.c:410 + #2 0x7ffff77c864f (/usr/lib64/libc.so.6+0x2364f) + #3 0x7ffff77c8708 in __libc_start_main (/usr/lib64/libc.so.6+0x23708) + #4 0x555555557114 in _start (/home/sam/git/elfix//install-xattr+0x3114) +``` + +Triggered with: +``` +mkdir /tmp/a +touch /tmp/foo +./install-xattr -c /tmp/foo /tmp/foo2 /tmp/a +``` + +I don't see this with Clang or < GCC 12, but I do with GCC 13 (13.0.0_pre20230101 p5); +I suspect it's because of object-size improvements. + +Signed-off-by: Sam James <s...@gentoo.org> +--- a/install-xattr.c ++++ b/install-xattr.c +@@ -119,6 +119,10 @@ copyxattr(const char *source, const char *target) + lxattr = xmalloc(lsize); + xlistxattr(source, lxattr, lsize); + ++ /* There's no xattrs at all. */ ++ if (lsize == 0) ++ return; ++ + i = 0; + while (1) { + while (lxattr[i++] == 0) +-- +2.39.0 diff --git a/sys-apps/install-xattr/files/0.8/0002-install-xattr-fix-small-memory-leak.patch b/sys-apps/install-xattr/files/0.8/0002-install-xattr-fix-small-memory-leak.patch new file mode 100644 index 000000000000..91c9d8885b9e --- /dev/null +++ b/sys-apps/install-xattr/files/0.8/0002-install-xattr-fix-small-memory-leak.patch @@ -0,0 +1,50 @@ +https://github.com/gentoo/elfix/pull/3 + +From 776afeae92d2afd3340cd753abc58ccd8daba48f Mon Sep 17 00:00:00 2001 +From: Sam James <s...@gentoo.org> +Date: Fri, 6 Jan 2023 06:39:30 +0000 +Subject: [PATCH 2/2] install-xattr: fix small memory leak + +There's another with strdup/malloc but it gets a bit messier +to fix so let's leave that for now (this is mostly about correctness +anyway, as the runtime of install-xattr is very small): +``` +Direct leak of 4097 byte(s) in 1 object(s) allocated from: + #0 0x7f4a2c22e257 in __interceptor_malloc /usr/src/debug/sys-devel/gcc-13.0.0_pre20230101/gcc-13-20230101/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7f4a2c1d2b40 in __interceptor_realpath /usr/src/debug/sys-devel/gcc-13.0.0_pre20230101/gcc-13-20230101/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3904 + #2 0x55da3adf5629 in realpath /usr/include/bits/stdlib.h:42 + #3 0x55da3adf5629 in main /home/sam/git/elfix/install-xattr.c:252 +``` + +Signed-off-by: Sam James <s...@gentoo.org> +--- a/install-xattr.c ++++ b/install-xattr.c +@@ -248,7 +248,6 @@ main(int argc, char* argv[]) + char *target = NULL; /* the target file or directory */ + char *path; /* path to the target file */ + +- char *mypath = realpath("/proc/self/exe", NULL); /* path to argv[0] */ + char *install; /* path to the system install */ + + struct stat s; /* test if a file is a regular file or a directory */ +@@ -353,7 +352,9 @@ main(int argc, char* argv[]) + case -1: + err(1, "fork() failed"); + +- case 0: ++ case 0: { ++ char *mypath = realpath("/proc/self/exe", NULL); /* path to argv[0] */ ++ + /* find system install avoiding mypath and portage_helper_path! */ + if (portage_helper_path) + portage_helper_canpath = realpath(portage_helper_path, NULL); +@@ -363,6 +364,7 @@ main(int argc, char* argv[]) + argv[0] = install; /* so coreutils' lib/program.c behaves */ + execv(install, argv); /* The kernel will free(install). */ + err(1, "execv() failed"); ++ } + + default: + wait(&status); +-- +2.39.0 diff --git a/sys-apps/install-xattr/install-xattr-0.8.ebuild b/sys-apps/install-xattr/install-xattr-0.8-r1.ebuild similarity index 61% copy from sys-apps/install-xattr/install-xattr-0.8.ebuild copy to sys-apps/install-xattr/install-xattr-0.8-r1.ebuild index 734046b5f3d7..057386422bd1 100644 --- a/sys-apps/install-xattr/install-xattr-0.8.ebuild +++ b/sys-apps/install-xattr/install-xattr-0.8-r1.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -DESCRIPTION="Wrapper to coreutil's install to preserve Filesystem Extended Attributes" +DESCRIPTION="Wrapper to coreutils install to preserve Filesystem Extended Attributes" HOMEPAGE="https://dev.gentoo.org/~blueness/install-xattr/"; inherit flag-o-matic toolchain-funcs @@ -13,17 +13,23 @@ if [[ ${PV} == "9999" ]] ; then inherit git-r3 else SRC_URI="https://dev.gentoo.org/~blueness/install-xattr/${P}.tar.bz2"; - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" - S=${WORKDIR}/${PN} + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + S="${WORKDIR}"/${PN} fi LICENSE="GPL-3" SLOT="0" +PATCHES=( + # Backports from master, drop on next release + "${FILESDIR}"/${PV} +) + src_prepare() { default + tc-export CC - append-cppflags "-D_FILE_OFFSET_BITS=64" + append-lfs-flags } src_compile() { @@ -37,10 +43,6 @@ src_install() { if [[ ${PV} == "9999" ]] ; then cd "${WORKDIR}/${P}/misc/${PN}" || die fi - DESTDIR=${ED} emake install -} -# We need to fix how tests are done -src_test() { - true + emake DESTDIR="${ED}" install } diff --git a/sys-apps/install-xattr/install-xattr-0.8.ebuild b/sys-apps/install-xattr/install-xattr-0.8.ebuild index 734046b5f3d7..7408313100e1 100644 --- a/sys-apps/install-xattr/install-xattr-0.8.ebuild +++ b/sys-apps/install-xattr/install-xattr-0.8.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -13,7 +13,7 @@ if [[ ${PV} == "9999" ]] ; then inherit git-r3 else SRC_URI="https://dev.gentoo.org/~blueness/install-xattr/${P}.tar.bz2"; - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" S=${WORKDIR}/${PN} fi diff --git a/sys-apps/install-xattr/install-xattr-9999.ebuild b/sys-apps/install-xattr/install-xattr-9999.ebuild index 44b01b811bb3..bef83b301b9f 100644 --- a/sys-apps/install-xattr/install-xattr-9999.ebuild +++ b/sys-apps/install-xattr/install-xattr-9999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -DESCRIPTION="Wrapper to coreutil's install to preserve Filesystem Extended Attributes" +DESCRIPTION="Wrapper to coreutils install to preserve Filesystem Extended Attributes" HOMEPAGE="https://dev.gentoo.org/~blueness/install-xattr/"; inherit flag-o-matic toolchain-funcs @@ -13,17 +13,22 @@ if [[ ${PV} == "9999" ]] ; then inherit git-r3 else SRC_URI="https://dev.gentoo.org/~blueness/install-xattr/${P}.tar.bz2"; - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" - S=${WORKDIR}/${PN} + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + S="${WORKDIR}"/${PN} fi LICENSE="GPL-3" SLOT="0" +PATCHES=( + "${FILESDIR}"/${PV} +) + src_prepare() { default + tc-export CC - append-cppflags "-D_FILE_OFFSET_BITS=64" + append-lfs-flags } src_compile() { @@ -37,10 +42,6 @@ src_install() { if [[ ${PV} == "9999" ]] ; then cd "${WORKDIR}/${P}/misc/${PN}" || die fi - DESTDIR=${ED} emake install -} -# We need to fix how tests are done -src_test() { - true + emake DESTDIR="${ED}" install }
