Pacman

Historical bug tracker for the Pacman package manager.

The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues

This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
Tasklist

FS#68615 - [pacman] 5.2.2-1 - buffer overflow detected, abort/core dumped

Attached to Project: Pacman
Opened by Troy Engel (TE) - Friday, 13 November 2020, 15:32 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 13 November 2020, 15:59 GMT
Task Type Bug Report
Category General
Status Unconfirmed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version 5.2.1
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:

I made a mistake in a one-liner, trying to get a list of package owners of the font files on my system to share with a friend:

$ FLIST=$(fc-list -f "%{file}\n"); for file in "${FLIST}"; do pacman -Qo "${file}"; done;
*** buffer overflow detected ***: terminated

This ended up feeding `pacman -Qo` the entire list as one \n string of very long length as I did a quick strace on it to figure out what happened, here's what we see:

1836 execve("/usr/bin/pacman", ["pacman", "-Qo", "/usr/share/fonts/mathjax2/HTM
L-CSS/TeX/woff/MathJax_Size3-Regular.woff\n/usr/share/fonts/noto/NotoSansUgariti
c-Regular.ttf\n/usr/share/fonts/noto/NotoSansArabic-Black.ttf\n/usr/share/fonts/ (...)

(the above is very long, we see it coming in the front door with my mistake)

1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Size3-Regular.w
off\n/usr/share/fonts/noto/NotoSansUgaritic-Regular.ttf\n/usr/share/fonts/noto/N
otoSansArabic-Black.ttf\n/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Siz (...)

(abbreviated, now end of same call/line as it starts to crash..)

(...) oSerifDevanagari-Thin.ttf\n/usr/share/fonts/adobe-source-code-pro/SourceCodeVari
able-Italic.otf\n/usr/share/fonts/noto/NotoSansDevanagari-Thin.ttf\n/usr/share/f
onts/noto/NotoSansGu"..., 0x7ffc42a695d0) = -1 ENAMETOOLONG (File name too long)
1836 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
1836 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
1836 lstat("/usr/share/fonts", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
1836 lstat("/usr/share/fonts/mathjax2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Size3-Regular.woff\n", 0x7ffc42a69490) = -1 ENOENT (No such file or directory)
1836 writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3) = 45
1836 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedcddd8000
1836 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
1836 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
1836 getpid() = 1836
1836 gettid() = 1836
1836 tgkill(1836, 1836, SIGABRT) = 0
1836 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
1836 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=1836, si_uid=1000} ---
1836 +++ killed by SIGABRT (core dumped) +++

I ran a full system update, rebooted to the latest kernel etc. but I can recreate this on-demand (my poor one-liner, mistakes were made) - I don't have an incredibly large amount of fonts installed but apparently enough to cause a very, very long \n string input to pacman to cause an oops. (to note, pacman works fine when I fix the input, it's not a locally corrupt package DB that I can tell, seems OK)

(attaching strace and core)
This task depends upon

Loading...