Bug 2228923

Summary:

Buffer Overflow Error attempting to generate a datamatrix png

Product:

[Fedora] Fedora

Reporter:

Beau V.C. Bellamy <bellamy.beau>

Component:

dmtx-utils

Assignee:

Dan Horák <dan>

Status:

CLOSED ERRATA

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

medium

Docs Contact:

Priority:

unspecified

Version:

CC:

dan, gerd

Target Milestone:

---

Target Release:

---

Hardware:

x86_64

OS:

Linux

Whiteboard:

Fixed In Version:

dmtx-utils-0.7.6-16.fc40 dmtx-utils-0.7.6-16.fc38 dmtx-utils-0.7.6-16.fc39

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2023-08-25 11:58:36 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
GDB Backtrace	none
Proposed patch to fix buffer overflow	none

Description Beau V.C. Bellamy 2023-08-03 16:00:07 UTC

Created attachment 1981494 [details]
GDB Backtrace

Description of problem:
Attempting to generate a datamatrix with the dmtxwrite utility results in a buffer overflow error and termination.

Version-Release number of selected component (if applicable):
0.7.6-14.fc38

How reproducible:
[user@fedora38 ~]# cat /etc/fedora-release | dmtxwrite -o release.png
*** buffer overflow detected ***: terminated
Aborted (core dumped)


Actual results:
Crash

Expected results:
release.png image created

Additional info:
backtrace attached

Comment 1 Beau V.C. Bellamy 2023-08-04 01:08:28 UTC

Created attachment 1981565 [details]
Proposed patch to fix buffer overflow

Comment 2 Beau V.C. Bellamy 2023-08-04 01:14:11 UTC

dmtxwrite appears completely broken when _FORTIFY_SOURCE=3 is used.  The attached patch attempts to fix the source.

Comment 3 Dan Horák 2023-08-04 07:50:54 UTC

Thanks, seems _FORTIFY_SOURCE=3 is doing its work. Could you open an upstream PR (https://github.com/dmtx/dmtx-utils/pulls) as well so I can I refer it in the package?

Comment 4 Beau V.C. Bellamy 2023-08-05 22:39:07 UTC

Upstream pull request is here: [https://github.com/dmtx/dmtx-utils/pull/16](https://github.com/dmtx/dmtx-utils/pull/16)

Comment 5 Fedora Update System 2023-08-25 11:56:14 UTC

FEDORA-2023-0b659a8dd1 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b659a8dd1

Comment 6 Fedora Update System 2023-08-25 11:58:36 UTC

FEDORA-2023-0b659a8dd1 has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 7 Gerd v. Egidy 2023-08-25 12:51:04 UTC

@dan thanks for fixing this.

I've seen you pushed this for F39 and F40. Would it be possible to also backport this to F38? 

The state dmtx-utils is in without this fix is completely broken. So it can only get better.
This means I wouldn't worry about any regressions from your change or similar.

Comment 8 Fedora Update System 2023-08-25 14:24:59 UTC

FEDORA-2023-c5d305ef35 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c5d305ef35

Comment 9 Fedora Update System 2023-08-25 14:25:00 UTC

FEDORA-2023-852f5f0791 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-852f5f0791

Comment 10 Dan Horák 2023-08-25 14:38:51 UTC

(In reply to Gerd v. Egidy from comment #7)
> @dan thanks for fixing this.
> 
> I've seen you pushed this for F39 and F40. Would it be possible to also
> backport this to F38? 

yes, that was the plan
 
> The state dmtx-utils is in without this fix is completely broken. So it can
> only get better.
> This means I wouldn't worry about any regressions from your change or
> similar.

Comment 11 Fedora Update System 2023-08-26 02:00:20 UTC

FEDORA-2023-c5d305ef35 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-c5d305ef35`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c5d305ef35

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2023-08-26 02:34:43 UTC

FEDORA-2023-852f5f0791 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-852f5f0791`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-852f5f0791

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2023-09-03 01:15:30 UTC

FEDORA-2023-c5d305ef35 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 14 Fedora Update System 2023-09-15 18:40:41 UTC

FEDORA-2023-852f5f0791 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.