Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#68615 - [pacman] 5.2.2-1 - buffer overflow detected, abort/core dumped
Attached to Project:
Pacman
Opened by Troy Engel (TE) - Friday, 13 November 2020, 15:32 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 13 November 2020, 15:59 GMT
Opened by Troy Engel (TE) - Friday, 13 November 2020, 15:32 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 13 November 2020, 15:59 GMT
|
DetailsDescription:
I made a mistake in a one-liner, trying to get a list of package owners of the font files on my system to share with a friend: $ FLIST=$(fc-list -f "%{file}\n"); for file in "${FLIST}"; do pacman -Qo "${file}"; done; *** buffer overflow detected ***: terminated This ended up feeding `pacman -Qo` the entire list as one \n string of very long length as I did a quick strace on it to figure out what happened, here's what we see: 1836 execve("/usr/bin/pacman", ["pacman", "-Qo", "/usr/share/fonts/mathjax2/HTM L-CSS/TeX/woff/MathJax_Size3-Regular.woff\n/usr/share/fonts/noto/NotoSansUgariti c-Regular.ttf\n/usr/share/fonts/noto/NotoSansArabic-Black.ttf\n/usr/share/fonts/ (...) (the above is very long, we see it coming in the front door with my mistake) 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Size3-Regular.w off\n/usr/share/fonts/noto/NotoSansUgaritic-Regular.ttf\n/usr/share/fonts/noto/N otoSansArabic-Black.ttf\n/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Siz (...) (abbreviated, now end of same call/line as it starts to crash..) (...) oSerifDevanagari-Thin.ttf\n/usr/share/fonts/adobe-source-code-pro/SourceCodeVari able-Italic.otf\n/usr/share/fonts/noto/NotoSansDevanagari-Thin.ttf\n/usr/share/f onts/noto/NotoSansGu"..., 0x7ffc42a695d0) = -1 ENAMETOOLONG (File name too long) 1836 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 1836 lstat("/usr/share/fonts", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Size3-Regular.woff\n", 0x7ffc42a69490) = -1 ENOENT (No such file or directory) 1836 writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3) = 45 1836 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedcddd8000 1836 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 1836 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 1836 getpid() = 1836 1836 gettid() = 1836 1836 tgkill(1836, 1836, SIGABRT) = 0 1836 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 1836 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=1836, si_uid=1000} --- 1836 +++ killed by SIGABRT (core dumped) +++ I ran a full system update, rebooted to the latest kernel etc. but I can recreate this on-demand (my poor one-liner, mistakes were made) - I don't have an incredibly large amount of fonts installed but apparently enough to cause a very, very long \n string input to pacman to cause an oops. (to note, pacman works fine when I fix the input, it's not a locally corrupt package DB that I can tell, seems OK) (attaching strace and core) |
pacman-strace.txt.gz
This task depends upon