FS#74041 - [moc] building moc with GLIBC 2.35 causes it to crash "*** buffer overflow detected ***: terminated"
Attached to Project:
Arch Linux
Opened by gamezelda (gamezelda) - Sunday, 06 March 2022, 17:59 GMT
Last edited by Felix Yan (felixonmars) - Tuesday, 24 May 2022, 03:27 GMT
Opened by gamezelda (gamezelda) - Sunday, 06 March 2022, 17:59 GMT
Last edited by Felix Yan (felixonmars) - Tuesday, 24 May 2022, 03:27 GMT
|
Details
Description:
I noticed there's a rebuild of moc without changes on staging (moc 1:2.5.2-5), but if you try launching it, it crashes with the following message: $ mocp *** buffer overflow detected ***: terminated fish: Job 1, 'mocp .' terminated by signal SIGABRT (Abort) I observed the crash a few days ago and it seems to be an issue with the recent GLIBC 2.35 upgrade. I think the fortify rules for `mbsrtowcs` may be wrong and are validating the `len` parameter even when `dest == NULL`, when in this case it's supposed to be ignored. I didn't have time to look much into it and or open a bug upstream, just hoping to hopefully to save you some time. I attach a patch containing a reduced test case and workaround. Additional info: * package version(s): moc 1:2.5.2-5 * config and/or log files etc.: * link to upstream bug report, if any: none yet Steps to reproduce: 1. Install moc 1:2.5.2-5 2. Launch "mocp" 3. It crashes due to "*** buffer overflow detected ***: terminated" 
0001-Workaround-mbsrtowcs-for...
(1 KiB)
|
This task depends upon
Closed by Felix Yan (felixonmars)
Tuesday, 24 May 2022, 03:27 GMT
Reason for closing: Fixed
Additional comments about closing: moc 1:2.5.2-6
Tuesday, 24 May 2022, 03:27 GMT
Reason for closing: Fixed
Additional comments about closing: moc 1:2.5.2-6
(1) get the moc package build files
$ git clone -b packages/moc --single-branch https://github.com/archlinux/svntogit-packages
$ cd svntogit-packages/trunk
(2) use your preferred editor to open the PKGBUILD file
(3) append "glibc-2.35.patch::https://bugs.archlinux.org/task/74041?getfile=21255" to the source array (keeping the quotes)
(4) append 'patch -p0 -i ../glibc-2.35.patch # FS74041' in the prepare() function
(5) save and quit your editor
(6) now you can use `makepkg` as usual to build & install moc
HTH
Thanks! But now I get the following error:
==> Making package: moc 1:2.5.2-5 (Wed 09 Mar 2022 07:03:21 PM CET)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found moc-2.5.2.tar.bz2
-> Found moc-2.5.2.tar.bz2.sig
-> Found moc-ffmpeg4.patch
-> Found moc-https.patch
-> Downloading glibc-2.35.patch...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1070 100 1070 0 0 6724 0 --:--:-- --:--:-- --:--:-- 6772
==> ERROR: Integrity checks (sha1) differ in size from the source array.
==> ERROR: Integrity checks (sha1) differ in size from the source array
That's to be expected, I assumed basic knowledge of makepkg, my apologies.
Use its `--skipinteg` flag to bypass that.
Sorry ;)
I added 'SKIP' to the sha-array and that moved it along. After that it nagged it couldn´t find the utf8.c file. Had to enter that manually. No it is completed.
Like I said, I'm new to this.
Copied the folders and now it starts. Yeah!
Thanks!
No worries, being 'new' is way more interesting than being 'old' :-)
:D, sure is...
Thank you so much for taking the time and explaining how to do this. Worked great!!
I just worked around the problem by downgrading the package to just the lower version (version 2.5.2, revision 2930) and it works.
Have a nice evening and weekend.
hello i followed your guide but i am getting this
==> Starting prepare()...
patching file decoder_plugins/ffmpeg/ffmpeg.c
Hunk #1 succeeded at 984 (offset 287 lines).
Hunk #2 succeeded at 993 with fuzz 2 (offset 288 lines).
Hunk #3 succeeded at 1025 (offset 300 lines).
patching file files.c
can't find file to patch at input line 32
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From 78556fc13026220f800384accf04e139f11e099a Mon Sep 17 00:00:00 2001
|From: Joan Bruguera <joanbrugueram@gmail.com>
|Date: Thu, 17 Feb 2022 22:27:34 +0100
|Subject: [PATCH] Workaround mbsrtowcs fortify crash in GLIBC 2.35
|
|Reproduces with:
| gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test
|
|And test.c:
| #include <stdio.h>
| #include <stdlib.h>
| #include <wchar.h>
|
| int main (void)
| {
| const char *hw = "HelloWorld";
| mbstate_t ps = {0};
| mbsrtowcs (NULL, &hw, (size_t)-1, &ps);
| return 0;
| }
|
|Output:
| *** buffer overflow detected ***: terminated
|---
| utf8.c | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/utf8.c b/utf8.c
|index 2db18f2..806d528 100644
|--- a/utf8.c
|+++ b/utf8.c
--------------------------
File to patch:
What I did was to simply enter utf8.c and the script then proceeded and completed!
Don't know if that was the right way but it worked. YMMV
Thanks it worked
sorry to bother you again i am getting a new error
pranav@dell ~> mocp
Running the server...
Trying OSS...
FATAL_ERROR: No valid sound driver!
FATAL_ERROR: Server exited!
i have my alsa packages installed and all cmus,vlc,youtube all are working i have rerun the makepkg but did not work
hmmm! I don't think I can help with that. Sorry.
Maybe have a look at the config file at $HOME/.moc/config if there any alsa settings that might help.
Maybe pulseaudio packages as well.
yes i have
https://bugs.launchpad.net/ubuntu/+source/moc/+bug/1824906
Sorry for being a bit OFF in this thread.
I've opened the following bugzilla: https://sourceware.org/bugzilla/show_bug.cgi?id=29030
(glibc 2.35-5 builds from glibc commit 28ea43f8d64f0dd1f2de75525157730e1532e600, and the fix for the moc crash is glibc commit c8ee1c85c07b3c9eaef46355cb1095300855e8fa which is an ancestor of it)