Bug 2145238
| Summary: | ergo testsuite failure with _FORTIFY_SOURCE=3 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Siddhesh Poyarekar <sipoyare> |
| Component: | ergo | Assignee: | Susi Lehtola <susi.lehtola> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 38 | CC: | susi.lehtola |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-14 16:39:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle. Changing version to 38. fixed in 3.8.2. |
Description of problem: When building ergo with the following copr[1] which adds _FORTIFY_SOURCE=3 to compilation flags, test cases in ergo fail. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. dnf copr enable siddhesh/fortify-source-3 && dnf update redhat-rpm-config 2. build ergo rawhide package (The compile flags difference is the change from -D_FORTIFY_SOURCE=2 to -D_FORTIFY_SOURCE=3, in case you're trying to reproduce it outside of the Fedora build infrastructure) Actual results: FAIL: grid_test =============== *** buffer overflow detected ***: terminated FAIL grid_test (exit status: 134) FAIL: xcmat_test ================ *** buffer overflow detected ***: terminated FAIL xcmat_test (exit status: 134) FAIL: xcmat_r_u_test ==================== *** buffer overflow detected ***: terminated FAIL xcmat_r_u_test (exit status: 134) FAIL: xcmat_sparse_test ======================= *** buffer overflow detected ***: terminated FAIL xcmat_sparse_test (exit status: 134) FAIL: xcmat_nan_inf_test ======================== *** buffer overflow detected ***: terminated FAIL xcmat_nan_inf_test (exit status: 134) Expected results: No buffer overflows. Additional info: Here's the backtrace from grid_test: (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f07956b0373 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f079565e056 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f079564787c in __GI_abort () at abort.c:79 #4 0x00007f07956485b3 in __libc_message (fmt=fmt@entry=0x7f07957bd3ed "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007f079573fc5b in __GI___fortify_fail (msg=msg@entry=0x7f07957bd393 "buffer overflow detected") at fortify_fail.c:24 #6 0x00007f079573e486 in __GI___chk_fail () at chk_fail.c:28 #7 0x00007f079569c15f in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at iovsprintf.c:35 #8 0x00007f07956a8111 in __GI__IO_default_xsputn (n=<optimized out>, data=<optimized out>, f=<optimized out>) at genops.c:399 #9 __GI__IO_default_xsputn (f=0x7fff378af530, data=<optimized out>, n=1) at genops.c:370 #10 0x00007f079567d863 in outstring_func (done=27, length=<optimized out>, string=<optimized out>, s=0x7f07957f2ce0 <_IO_str_chk_jumps>) at ../libio/libioP.h:946 #11 printf_positional (s=s@entry=0x7fff378af530, format=format@entry=0x55e97b511a7a "%s/%s.%06u.%05d", readonly_format=<optimized out>, readonly_format@entry=0, ap=ap@entry=0x7fff378af670, ap_savep=ap_savep@entry=0x7fff378af0d8, done=27, done@entry=0, nspecs_done=<optimized out>, lead_str_end=<optimized out>, work_buffer=<optimized out>, save_errno=<optimized out>, grouping=<optimized out>, thousands_sep=<optimized out>, mode_flags=<optimized out>) at /usr/src/debug/glibc-2.36.9000-13.fc38.x86_64/stdio-common/vfprintf-process-arg.c:213 #12 0x00007f079567f06c in __vfprintf_internal (s=s@entry=0x7fff378af530, format=format@entry=0x55e97b511a7a "%s/%s.%06u.%05d", ap=ap@entry=0x7fff378af670, mode_flags=mode_flags@entry=6) at vfprintf-internal.c:1105 #13 0x00007f079569c20b in __vsprintf_internal (string=string@entry=0x55e97ca75700 "/tmp/ERGO-grid.2973272.0000\203\352\a\245\032\311f\251p\204\036\254", <incomplete sequence \321>, maxlen=maxlen@entry=28, format=0x55e97b511a7a "%s/%s.%06u.%05d", args=args@entry=0x7fff378af670, mode_flags=mode_flags@entry=6) at iovsprintf.c:96 #14 0x00007f079573df41 in ___sprintf_chk (s=s@entry=0x55e97ca75700 "/tmp/ERGO-grid.2973272.0000\203\352\a\245\032\311f\251p\204\036\254", <incomplete sequence \321>, flag=flag@entry=2, slen=slen@entry=28, format=format@entry=0x55e97b511a7a "%s/%s.%06u.%05d") at sprintf_chk.c:40 #15 0x000055e97b4f3274 in sprintf (__fmt=0x55e97b511a7a "%s/%s.%06u.%05d", __s=0x55e97ca75700 "/tmp/ERGO-grid.2973272.0000\203\352\a\245\032\311f\251p\204\036\254", <incomplete sequence \321>) at /usr/include/bits/stdio2.h:30 #16 grid_get_fname(char const*, int) [clone .constprop.0] (filenum=0, base=0x55e97b511a70 "ERGO-grid") at ../dft/grid_reader.cc:110 #17 0x000055e97b4e6b92 in grid_open_stream (molInfo=..., pattern=0x0, reader=0x55e97ca74010, gss=...) at ../dft/grid_reader.cc:179 #18 grid_open_full (mol_info=0x55e97b51d140 <_ZL7MolInfo.lto_priv.0>, pattern=0x0, dmat=0x0, bis=..., gss=...) at ../dft/grid_reader.cc:296 #19 grid_test_synchronisation () at /root/rpmbuild/BUILD/ergo-3.8/source/test/grid_test.cc:254 #20 0x000055e97b4d6f35 in main (argc=1, argv=0x7fff378e2d08) at /root/rpmbuild/BUILD/ergo-3.8/source/test/grid_test.cc:280 Looks like the buffer overflow is in the sprintf call in grid_get_fname. xcmat_test also appears to crash in the exact same place: (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f9b186b0373 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f9b1865e056 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f9b1864787c in __GI_abort () at abort.c:79 #4 0x00007f9b186485b3 in __libc_message (fmt=fmt@entry=0x7f9b187bd3ed "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007f9b1873fc5b in __GI___fortify_fail (msg=msg@entry=0x7f9b187bd393 "buffer overflow detected") at fortify_fail.c:24 #6 0x00007f9b1873e486 in __GI___chk_fail () at chk_fail.c:28 #7 0x00007f9b1869c15f in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at iovsprintf.c:35 #8 0x00007f9b186a8111 in __GI__IO_default_xsputn (n=<optimized out>, data=<optimized out>, f=<optimized out>) at genops.c:399 #9 __GI__IO_default_xsputn (f=0x7f9ae9ffeee0, data=<optimized out>, n=1) at genops.c:370 #10 0x00007f9b1867d863 in outstring_func (done=27, length=<optimized out>, string=<optimized out>, s=0x7f9b187f2ce0 <_IO_str_chk_jumps>) at ../libio/libioP.h:946 #11 printf_positional (s=s@entry=0x7f9ae9ffeee0, format=format@entry=0x561d7117f9d9 "%s/%s.%06u.%05d", readonly_format=<optimized out>, readonly_format@entry=0, ap=ap@entry=0x7f9ae9fff020, ap_savep=ap_savep@entry=0x7f9ae9ffea88, done=27, done@entry=0, nspecs_done=<optimized out>, lead_str_end=<optimized out>, work_buffer=<optimized out>, save_errno=<optimized out>, grouping=<optimized out>, thousands_sep=<optimized out>, mode_flags=<optimized out>) at /usr/src/debug/glibc-2.36.9000-13.fc38.x86_64/stdio-common/vfprintf-process-arg.c:213 #12 0x00007f9b1867f06c in __vfprintf_internal (s=s@entry=0x7f9ae9ffeee0, format=format@entry=0x561d7117f9d9 "%s/%s.%06u.%05d", ap=ap@entry=0x7f9ae9fff020, mode_flags=mode_flags@entry=6) at vfprintf-internal.c:1105 #13 0x00007f9b1869c20b in __vsprintf_internal (string=string@entry=0x7f9ad4312040 "/tmp/ERGO-grid.2973285.0000", maxlen=maxlen@entry=28, format=0x561d7117f9d9 "%s/%s.%06u.%05d", args=args@entry=0x7f9ae9fff020, mode_flags=mode_flags@entry=6) at iovsprintf.c:96 #14 0x00007f9b1873df41 in ___sprintf_chk (s=s@entry=0x7f9ad4312040 "/tmp/ERGO-grid.2973285.0000", flag=flag@entry=2, slen=slen@entry=28, format=format@entry=0x561d7117f9d9 "%s/%s.%06u.%05d") at sprintf_chk.c:40 #15 0x0000561d71159854 in sprintf (__fmt=0x561d7117f9d9 "%s/%s.%06u.%05d", __s=0x7f9ad4312040 "/tmp/ERGO-grid.2973285.0000") at /usr/include/bits/stdio2.h:30 #16 grid_get_fname(char const*, int) [clone .constprop.0] (filenum=0, base=0x561d7117f9cf "ERGO-grid") at ../dft/grid_reader.cc:110 #17 0x0000561d71157693 in grid_open_stream (pattern=0x0, reader=0x7f9ad40018c0, gss=..., molInfo=...) at ../dft/grid_reader.cc:179 #18 grid_open_full (pattern=0x0, bis=..., dmat=0x7f9ad40018a0, gss=..., mol_info=0x7f9ae9fff220) at ../dft/grid_reader.cc:296 #19 dft_integrate<Dft::FullMatrix> (ndmat=1, dmat=0x7f9ae9fff4c8, bis=..., mol=..., gss=..., nThreads=4, cb=0x561d710c2970 <xcCallbackLdaR<Dft::FullMatrix, XCDistributorLda<Dft::FullMatrix> >(DftIntegratorBl_*, double*, int, int, int, KsData<Dft::FullMatrix>*)>, cb_data=0x7f9ae9fff510) at ../dft/integrator.cc:214 #20 0x0000561d711589ef in Dft::integrate (cb_data=0x7f9ae9fff510, cb=<optimized out>, nThreads=4, gss=..., mol=..., bis=..., dmat=0x7f9ae9fff4c8, ndmat=1) at ../dft/integrator.cc:297 #21 dft_get_xc.constprop.0 (dmat=<optimized out>, bis=..., mol=..., gss=..., ksm=0x561d724f20d0, edfty=edfty@entry=0x561d724f1198, nThreads=4, nElectrons=<optimized out>) at ../dft/xc_matrix.cc:293 #22 0x0000561d710c4b00 in dft_get_xc_worker (data=0x561d724f1170) at ../dft/xc_matrix.cc:348 #23 0x00007f9b186ae5d5 in start_thread (arg=<optimized out>) at pthread_create.c:444 #24 0x00007f9b18730b00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81