FS#74041 - [moc] building moc with GLIBC 2.35 causes it to crash "*** buffer overflow detected ***: terminated"

Attached to Project: Arch Linux
Opened by gamezelda (gamezelda) - Sunday, 06 March 2022, 17:59 GMT
Last edited by Felix Yan (felixonmars) - Tuesday, 24 May 2022, 03:27 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 11
Private No



I noticed there's a rebuild of moc without changes on staging (moc 1:2.5.2-5), but if you try launching it, it crashes with the following message:

$ mocp
*** buffer overflow detected ***: terminated
fish: Job 1, 'mocp .' terminated by signal SIGABRT (Abort)

I observed the crash a few days ago and it seems to be an issue with the recent GLIBC 2.35 upgrade. I think the fortify rules for `mbsrtowcs` may be wrong and are validating the `len` parameter even when `dest == NULL`, when in this case it's supposed to be ignored.

I didn't have time to look much into it and or open a bug upstream, just hoping to hopefully to save you some time. I attach a patch containing a reduced test case and workaround.

Additional info:
* package version(s): moc 1:2.5.2-5
* config and/or log files etc.:
* link to upstream bug report, if any: none yet

Steps to reproduce:

1. Install moc 1:2.5.2-5
2. Launch "mocp"
3. It crashes due to "*** buffer overflow detected ***: terminated"
This task depends upon

Closed by  Felix Yan (felixonmars)
Tuesday, 24 May 2022, 03:27 GMT
Reason for closing:  Fixed
Additional comments about closing:  moc 1:2.5.2-6
Comment by gamezelda (gamezelda) - Sunday, 06 March 2022, 18:10 GMT
The reduced test case had some mistakes, here's the fixed version.
Comment by helle vaanzinn (glitsj16) - Sunday, 06 March 2022, 21:08 GMT
Thanks for the patch. I could reproduce and confirm the patch fixes this.
Comment by Chris Magyar (mags) - Tuesday, 08 March 2022, 02:56 GMT
Bug reproduced and patch worked.
Comment by Dimitris Chrysostomou (DimitrisC) - Wednesday, 09 March 2022, 16:36 GMT
Hi! So I have the same issue with mocp. How can I use the patch to have it working again?
Comment by Mr_Happy (Mr_Happy) - Wednesday, 09 March 2022, 16:36 GMT
I'm new to this, so how do I apply this patch?
Comment by helle vaanzinn (glitsj16) - Wednesday, 09 March 2022, 17:31 GMT
@DimitrisC @Mr_Happy Here's a quick and dirty procedure to integrate the patch provided by @gamezelda:
(1) get the moc package build files
$ git clone -b packages/moc --single-branch https://github.com/archlinux/svntogit-packages
$ cd svntogit-packages/trunk
(2) use your preferred editor to open the PKGBUILD file
(3) append "glibc-2.35.patch::https://bugs.archlinux.org/task/74041?getfile=21255" to the source array (keeping the quotes)
(4) append 'patch -p0 -i ../glibc-2.35.patch # FS74041' in the prepare() function
(5) save and quit your editor
(6) now you can use `makepkg` as usual to build & install moc

Comment by Mr_Happy (Mr_Happy) - Wednesday, 09 March 2022, 18:04 GMT
@helle vaanzinn,
Thanks! But now I get the following error:
==> Making package: moc 1:2.5.2-5 (Wed 09 Mar 2022 07:03:21 PM CET)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found moc-2.5.2.tar.bz2
-> Found moc-2.5.2.tar.bz2.sig
-> Found moc-ffmpeg4.patch
-> Found moc-https.patch
-> Downloading glibc-2.35.patch...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1070 100 1070 0 0 6724 0 --:--:-- --:--:-- --:--:-- 6772
==> ERROR: Integrity checks (sha1) differ in size from the source array.
Comment by helle vaanzinn (glitsj16) - Wednesday, 09 March 2022, 18:17 GMT
==> ERROR: Integrity checks (sha1) differ in size from the source array
That's to be expected, I assumed basic knowledge of makepkg, my apologies.
Use its `--skipinteg` flag to bypass that.
Comment by Mr_Happy (Mr_Happy) - Wednesday, 09 March 2022, 18:20 GMT
@helle vaanzin,
Sorry ;)
I added 'SKIP' to the sha-array and that moved it along. After that it nagged it couldn´t find the utf8.c file. Had to enter that manually. No it is completed.
Like I said, I'm new to this.
Copied the folders and now it starts. Yeah!
Comment by helle vaanzinn (glitsj16) - Wednesday, 09 March 2022, 18:33 GMT
No worries, being 'new' is way more interesting than being 'old' :-)
Comment by Mr_Happy (Mr_Happy) - Thursday, 10 March 2022, 17:36 GMT
@helle vaanzinn
:D, sure is...
Comment by Dimitris Chrysostomou (DimitrisC) - Thursday, 10 March 2022, 19:08 GMT
@helle vaanzinn
Thank you so much for taking the time and explaining how to do this. Worked great!!
Comment by François (L_Indien) - Friday, 11 March 2022, 16:58 GMT

I just worked around the problem by downgrading the package to just the lower version (version 2.5.2, revision 2930) and it works.

Have a nice evening and weekend.
Comment by pranav (pranav) - Monday, 14 March 2022, 16:12 GMT

hello i followed your guide but i am getting this

==> Starting prepare()...
patching file decoder_plugins/ffmpeg/ffmpeg.c
Hunk #1 succeeded at 984 (offset 287 lines).
Hunk #2 succeeded at 993 with fuzz 2 (offset 288 lines).
Hunk #3 succeeded at 1025 (offset 300 lines).
patching file files.c
can't find file to patch at input line 32
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
|From 78556fc13026220f800384accf04e139f11e099a Mon Sep 17 00:00:00 2001
|From: Joan Bruguera <joanbrugueram@gmail.com>
|Date: Thu, 17 Feb 2022 22:27:34 +0100
|Subject: [PATCH] Workaround mbsrtowcs fortify crash in GLIBC 2.35
|Reproduces with:
| gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test
|And test.c:
| #include <stdio.h>
| #include <stdlib.h>
| #include <wchar.h>
| int main (void)
| {
| const char *hw = "HelloWorld";
| mbstate_t ps = {0};
| mbsrtowcs (NULL, &hw, (size_t)-1, &ps);
| return 0;
| }
| *** buffer overflow detected ***: terminated
| utf8.c | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|diff --git a/utf8.c b/utf8.c
|index 2db18f2..806d528 100644
|--- a/utf8.c
|+++ b/utf8.c
File to patch:
Comment by Dimitris Chrysostomou (DimitrisC) - Monday, 14 March 2022, 17:53 GMT

What I did was to simply enter utf8.c and the script then proceeded and completed!
Don't know if that was the right way but it worked. YMMV
Comment by pranav (pranav) - Tuesday, 15 March 2022, 03:13 GMT

Thanks it worked
Comment by pranav (pranav) - Tuesday, 15 March 2022, 14:10 GMT

sorry to bother you again i am getting a new error

pranav@dell ~> mocp
Running the server...
Trying OSS...

FATAL_ERROR: No valid sound driver!

FATAL_ERROR: Server exited!

i have my alsa packages installed and all cmus,vlc,youtube all are working i have rerun the makepkg but did not work
Comment by Dimitris Chrysostomou (DimitrisC) - Tuesday, 15 March 2022, 14:27 GMT

hmmm! I don't think I can help with that. Sorry.

Maybe have a look at the config file at $HOME/.moc/config if there any alsa settings that might help.

Maybe pulseaudio packages as well.

Comment by Marton Balazs (balmar) - Tuesday, 15 March 2022, 16:26 GMT
Do you have the pulseaudio-alsa package installed? That helped me before with similar errors.
Comment by pranav (pranav) - Tuesday, 15 March 2022, 16:35 GMT

yes i have
Comment by Marton Balazs (balmar) - Tuesday, 15 March 2022, 17:57 GMT
Another thing I found in my notes, not sure if helpful:

Sorry for being a bit OFF in this thread.
Comment by Thomas Schuetz (Murray_B) - Friday, 18 March 2022, 13:09 GMT
I have the same problem. I'm using the current pipewire, including pipewire-alsa and pipewire-pulse. I have no problem with the older moc package and no problems with other audio software.
Comment by gamezelda (gamezelda) - Tuesday, 05 April 2022, 22:04 GMT
I think this may not be a moc but a glibc bug.
I've opened the following bugzilla: https://sourceware.org/bugzilla/show_bug.cgi?id=29030
Comment by Manuel Menendez (hudsonbay) - Saturday, 16 April 2022, 06:12 GMT
worked great. Thanks!!!
Comment by gamezelda (gamezelda) - Saturday, 14 May 2022, 09:06 GMT
The underlying cause of the crash is fixed in glibc 2.35-5, so all that's needed to fix the moc package now is a rebuild (i.e. pkgrel bump without any changes).

(glibc 2.35-5 builds from glibc commit 28ea43f8d64f0dd1f2de75525157730e1532e600, and the fix for the moc crash is glibc commit c8ee1c85c07b3c9eaef46355cb1095300855e8fa which is an ancestor of it)
Comment by Felix Yan (felixonmars) - Saturday, 14 May 2022, 10:06 GMT
Rebuilt as moc 1:2.5.2-6. Sorry for the long delay.