Bug 1319639

Summary: tweak crashes with buffer overflow detected when using long file names
Product: [Fedora] Fedora EPEL Reporter: Thomas Huth <thuth>
Component: tweakAssignee: Greg Bailey <gbailey>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: gbailey
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: tweak-3.02-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-08 21:31:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Thomas Huth 2016-03-21 08:56:12 UTC 
Description of problem:
tweak crashes when it is started with a very long file name as command line parameter.

Version-Release number of selected component (if applicable):
$ rpm -q tweak
tweak-3.01-2.el7.x86_64

How reproducible:
100 %

Steps to Reproduce:
Simply run tweak with a very long file name as parameter, e.g.:
$ tweak \
/tmp/a_very_very_very_very_very_very_very_very_very_very_very_long_filename.txt

Actual results:
*** buffer overflow detected ***: tweak terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f0974d93b37]
/lib64/libc.so.6(+0x10bcf0)[0x7f0974d91cf0]
/lib64/libc.so.6(+0x10b1f9)[0x7f0974d911f9]
/lib64/libc.so.6(_IO_default_xsputn+0xbc)[0x7f0974cfea1c]
/lib64/libc.so.6(_IO_vfprintf+0x151d)[0x7f0974ccea6d]
/lib64/libc.so.6(__vsprintf_chk+0x88)[0x7f0974d91288]
/lib64/libc.so.6(__sprintf_chk+0x7d)[0x7f0974d911dd]
tweak[0x4018cb]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f0974ca7b15]
tweak[0x401961]
======= Memory map: ========
00400000-0040e000 r-xp 00000000 fd:01 134703683                          /usr/bin/tweak
0060d000-0060e000 r--p 0000d000 fd:01 134703683                          /usr/bin/tweak
0060e000-0060f000 rw-p 0000e000 fd:01 134703683                          /usr/bin/tweak
0060f000-00639000 rw-p 00000000 00:00 0 
01b8b000-01bac000 rw-p 00000000 00:00 0                                  [heap]
7f097486c000-7f0974881000 r-xp 00000000 fd:01 204716368                  /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f0974881000-7f0974a80000 ---p 00015000 fd:01 204716368                  /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f0974a80000-7f0974a81000 r--p 00014000 fd:01 204716368                  /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f0974a81000-7f0974a82000 rw-p 00015000 fd:01 204716368                  /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f0974a82000-7f0974a85000 r-xp 00000000 fd:01 202329376                  /usr/lib64/libdl-2.17.so
7f0974a85000-7f0974c84000 ---p 00003000 fd:01 202329376                  /usr/lib64/libdl-2.17.so
7f0974c84000-7f0974c85000 r--p 00002000 fd:01 202329376                  /usr/lib64/libdl-2.17.so
7f0974c85000-7f0974c86000 rw-p 00003000 fd:01 202329376                  /usr/lib64/libdl-2.17.so
7f0974c86000-7f0974e3c000 r-xp 00000000 fd:01 201327279                  /usr/lib64/libc-2.17.so
7f0974e3c000-7f097503c000 ---p 001b6000 fd:01 201327279                  /usr/lib64/libc-2.17.so
7f097503c000-7f0975040000 r--p 001b6000 fd:01 201327279                  /usr/lib64/libc-2.17.so
7f0975040000-7f0975042000 rw-p 001ba000 fd:01 201327279                  /usr/lib64/libc-2.17.so
7f0975042000-7f0975047000 rw-p 00000000 00:00 0 
7f0975047000-7f097506c000 r-xp 00000000 fd:01 201334206                  /usr/lib64/libtinfo.so.5.9
7f097506c000-7f097526c000 ---p 00025000 fd:01 201334206                  /usr/lib64/libtinfo.so.5.9
7f097526c000-7f0975270000 r--p 00025000 fd:01 201334206                  /usr/lib64/libtinfo.so.5.9
7f0975270000-7f0975271000 rw-p 00029000 fd:01 201334206                  /usr/lib64/libtinfo.so.5.9
7f0975271000-7f0975297000 r-xp 00000000 fd:01 201334196                  /usr/lib64/libncurses.so.5.9
7f0975297000-7f0975496000 ---p 00026000 fd:01 201334196                  /usr/lib64/libncurses.so.5.9
7f0975496000-7f0975497000 r--p 00025000 fd:01 201334196                  /usr/lib64/libncurses.so.5.9
7f0975497000-7f0975498000 rw-p 00026000 fd:01 201334196                  /usr/lib64/libncurses.so.5.9
7f0975498000-7f09754b9000 r-xp 00000000 fd:01 201327184                  /usr/lib64/ld-2.17.so
7f0975694000-7f0975698000 rw-p 00000000 00:00 0 
7f09756b7000-7f09756b9000 rw-p 00000000 00:00 0 
7f09756b9000-7f09756ba000 r--p 00021000 fd:01 201327184                  /usr/lib64/ld-2.17.so
7f09756ba000-7f09756bb000 rw-p 00022000 fd:01 201327184                  /usr/lib64/ld-2.17.so
7f09756bb000-7f09756bc000 rw-p 00000000 00:00 0 
7ffd7758d000-7ffd775ae000 rw-p 00000000 00:00 0                          [stack]
7ffd775cb000-7ffd775cd000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)

Expected results:
No crash

Additional info:
The problem seems to have been fixed upstream already. See this commit for example:
http://tartarus.org/~simon-git/gitweb/?p=tweak.git;a=commitdiff;h=18448721678b21
Comment 1 Fedora Update System 2016-03-23 14:20:26 UTC 
tweak-3.02-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-014cb6f479
Comment 2 Fedora Update System 2016-03-24 15:50:15 UTC 
tweak-3.02-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-014cb6f479
Comment 3 Fedora Update System 2016-04-08 21:31:08 UTC 
tweak-3.02-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.