Bug 2228923

Summary: Buffer Overflow Error attempting to generate a datamatrix png
Product: [Fedora] Fedora Reporter: Beau V.C. Bellamy <bellamy.beau>
Component: dmtx-utilsAssignee: Dan Horák <dan>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 38CC: dan, gerd
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: dmtx-utils-0.7.6-16.fc40 dmtx-utils-0.7.6-16.fc38 dmtx-utils-0.7.6-16.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-25 11:58:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
GDB Backtrace
none
Proposed patch to fix buffer overflow none

Description Beau V.C. Bellamy 2023-08-03 16:00:07 UTC
Created attachment 1981494 [details]
GDB Backtrace

Description of problem:
Attempting to generate a datamatrix with the dmtxwrite utility results in a buffer overflow error and termination.

Version-Release number of selected component (if applicable):
0.7.6-14.fc38

How reproducible:
[user@fedora38 ~]# cat /etc/fedora-release | dmtxwrite -o release.png
*** buffer overflow detected ***: terminated
Aborted (core dumped)


Actual results:
Crash

Expected results:
release.png image created

Additional info:
backtrace attached

Comment 1 Beau V.C. Bellamy 2023-08-04 01:08:28 UTC
Created attachment 1981565 [details]
Proposed patch to fix buffer overflow

Comment 2 Beau V.C. Bellamy 2023-08-04 01:14:11 UTC
dmtxwrite appears completely broken when _FORTIFY_SOURCE=3 is used.  The attached patch attempts to fix the source.

Comment 3 Dan Horák 2023-08-04 07:50:54 UTC
Thanks, seems _FORTIFY_SOURCE=3 is doing its work. Could you open an upstream PR (https://github.com/dmtx/dmtx-utils/pulls) as well so I can I refer it in the package?

Comment 4 Beau V.C. Bellamy 2023-08-05 22:39:07 UTC
Upstream pull request is here: [https://github.com/dmtx/dmtx-utils/pull/16](https://github.com/dmtx/dmtx-utils/pull/16)

Comment 5 Fedora Update System 2023-08-25 11:56:14 UTC
FEDORA-2023-0b659a8dd1 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b659a8dd1

Comment 6 Fedora Update System 2023-08-25 11:58:36 UTC
FEDORA-2023-0b659a8dd1 has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 7 Gerd v. Egidy 2023-08-25 12:51:04 UTC
@dan thanks for fixing this.

I've seen you pushed this for F39 and F40. Would it be possible to also backport this to F38? 

The state dmtx-utils is in without this fix is completely broken. So it can only get better.
This means I wouldn't worry about any regressions from your change or similar.

Comment 8 Fedora Update System 2023-08-25 14:24:59 UTC
FEDORA-2023-c5d305ef35 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c5d305ef35

Comment 9 Fedora Update System 2023-08-25 14:25:00 UTC
FEDORA-2023-852f5f0791 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-852f5f0791

Comment 10 Dan Horák 2023-08-25 14:38:51 UTC
(In reply to Gerd v. Egidy from comment #7)
> @dan thanks for fixing this.
> 
> I've seen you pushed this for F39 and F40. Would it be possible to also
> backport this to F38? 

yes, that was the plan
 
> The state dmtx-utils is in without this fix is completely broken. So it can
> only get better.
> This means I wouldn't worry about any regressions from your change or
> similar.

Comment 11 Fedora Update System 2023-08-26 02:00:20 UTC
FEDORA-2023-c5d305ef35 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-c5d305ef35`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c5d305ef35

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2023-08-26 02:34:43 UTC
FEDORA-2023-852f5f0791 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-852f5f0791`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-852f5f0791

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2023-09-03 01:15:30 UTC
FEDORA-2023-c5d305ef35 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 14 Fedora Update System 2023-09-15 18:40:41 UTC
FEDORA-2023-852f5f0791 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.