FS#68615 - [pacman] 5.2.2-1 - buffer overflow detected, abort/core dumped
Attached to Project:
Pacman
Opened by Troy Engel (TE) - Friday, 13 November 2020, 15:32 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 13 November 2020, 15:59 GMT
Opened by Troy Engel (TE) - Friday, 13 November 2020, 15:32 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 13 November 2020, 15:59 GMT
|
Details
Description:
I made a mistake in a one-liner, trying to get a list of package owners of the font files on my system to share with a friend: $ FLIST=$(fc-list -f "%{file}\n"); for file in "${FLIST}"; do pacman -Qo "${file}"; done; *** buffer overflow detected ***: terminated This ended up feeding `pacman -Qo` the entire list as one \n string of very long length as I did a quick strace on it to figure out what happened, here's what we see: 1836 execve("/usr/bin/pacman", ["pacman", "-Qo", "/usr/share/fonts/mathjax2/HTM L-CSS/TeX/woff/MathJax_Size3-Regular.woff\n/usr/share/fonts/noto/NotoSansUgariti c-Regular.ttf\n/usr/share/fonts/noto/NotoSansArabic-Black.ttf\n/usr/share/fonts/ (...) (the above is very long, we see it coming in the front door with my mistake) 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Size3-Regular.w off\n/usr/share/fonts/noto/NotoSansUgaritic-Regular.ttf\n/usr/share/fonts/noto/N otoSansArabic-Black.ttf\n/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Siz (...) (abbreviated, now end of same call/line as it starts to crash..) (...) oSerifDevanagari-Thin.ttf\n/usr/share/fonts/adobe-source-code-pro/SourceCodeVari able-Italic.otf\n/usr/share/fonts/noto/NotoSansDevanagari-Thin.ttf\n/usr/share/f onts/noto/NotoSansGu"..., 0x7ffc42a695d0) = -1 ENAMETOOLONG (File name too long) 1836 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 1836 lstat("/usr/share/fonts", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 1836 lstat("/usr/share/fonts/mathjax2/HTML-CSS/TeX/woff/MathJax_Size3-Regular.woff\n", 0x7ffc42a69490) = -1 ENOENT (No such file or directory) 1836 writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3) = 45 1836 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedcddd8000 1836 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 1836 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 1836 getpid() = 1836 1836 gettid() = 1836 1836 tgkill(1836, 1836, SIGABRT) = 0 1836 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 1836 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=1836, si_uid=1000} --- 1836 +++ killed by SIGABRT (core dumped) +++ I ran a full system update, rebooted to the latest kernel etc. but I can recreate this on-demand (my poor one-liner, mistakes were made) - I don't have an incredibly large amount of fonts installed but apparently enough to cause a very, very long \n string input to pacman to cause an oops. (to note, pacman works fine when I fix the input, it's not a locally corrupt package DB that I can tell, seems OK) (attaching strace and core) |
pacman-strace.txt.gz
This task depends upon