Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1741472 - Fix stack overflow in: `inotifytools_replace_filename`
Summary: Fix stack overflow in: `inotifytools_replace_filename`
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: inotify-tools
Version: 30
Hardware: aarch64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Adel Gadllah
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-15 09:13 UTC by Jan Kratochvil
Modified: 2019-09-30 00:01 UTC (History)
4 users (show)

Fixed In Version: inotify-tools-3.14-17.fc30 inotify-tools-3.14-16.fc29 inotify-tools-3.14-2.el6 inotify-tools-3.14-9.el7 inotify-tools-3.14-18.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-14 01:12:16 UTC
Type: Bug


Attachments (Terms of Use)
Debian fix (1.21 KB, patch)
2019-08-27 05:54 UTC, Jan Kratochvil
no flags Details | Diff

Description Jan Kratochvil 2019-08-15 09:13:46 UTC
Description of problem:
Got a crash on Raspberry aarch64.

Version-Release number of selected component (if applicable):
inotify-tools-3.14-16.fc30.aarch64

How reproducible:
Always on aarch64.  Never on x86_64.

Steps to Reproduce:
inotifywait -m -r -e modify,attrib,close_write,move,move_self,create,delete,delete_self --exclude '^(/dev/|/var/www/html/ram/)' /
dnf clean all
dnf distro-sync

Actual results:
/var/cache/dnf/fedora-modular-42f5060c2cfa4ffa/ MOVED_TO,ISDIR repodata
*** stack smashing detected ***: <unknown> terminated
#0  0x0000ffffa6d08c90 in raise () from /usr/lib64/libc.so.6
#1  0x0000ffffa6cf6aa8 in abort () from /usr/lib64/libc.so.6
#2  0x0000ffffa6d42acc in __libc_message () from /usr/lib64/libc.so.6
#3  0x0000ffffa6db4f54 in __fortify_fail_abort () from /usr/lib64/libc.so.6
#4  0x0000ffffa6db4f08 in __stack_chk_fail () from /usr/lib64/libc.so.6
#5  0x0000ffffa6e4f958 in inotifytools_replace_filename (oldname=<optimized out>, newname=<optimized out>) at inotifytools.c:866
#6  0x0000aaaab1b5de98 in main (argc=<optimized out>, argv=<optimized out>) at inotifywait.c:389

Expected results:
No crash.

Additional info:
A fix is at: https://github.com/rvoicilas/inotify-tools/pull/104
Posting it also here as upstream seems to be dead.

Comment 1 Jan Kratochvil 2019-08-26 11:25:42 UTC
A ping as it looks to me easy to fix by any of the two available patches.

Comment 2 Mark McKinstry 2019-08-27 02:28:17 UTC
Thanks for submitting this but I'm going to decline put custom patch in Fedora.

The upstream project appears to be inactive and I don't have the skills to maintain custom patches or a fork. I'm not a C programmer so I can't verify this patch works or have any insight if its good/bad.

https://fedoraproject.org/wiki/Staying_close_to_upstream_projects#Some_Examples_Of_Exceptions has some more info on how we handle inactive upstream projects.

Comment 3 Jan Kratochvil 2019-08-27 05:54:52 UTC
Created attachment 1608380 [details]
Debian fix

(In reply to Mark McKinstry from comment #2)
> The upstream project appears to be inactive and I don't have the skills to
> maintain custom patches or a fork.

OK, so offering a patch from Debian which cannot have any regression as it just increases size of an array from 2 to 3 (or from 3 to 4, depending on arch).


> https://fedoraproject.org/wiki/
> Staying_close_to_upstream_projects#Some_Examples_Of_Exceptions has some more
> info on how we handle inactive upstream projects.

This is "major bug fix" - it does crash after left running monitoring for longer time (=over night).

"Unmaintained Or Unresponsive Upstream Projects" - "it might be acceptable to patch the software" + "sharing patches with other distributions" (see above)

"taking over maintenance if you have the time, skills, and interest" - not really, I do other stuff (LLDB) and I do not want to get close to kernel.

Comment 4 Miro Hrončok 2019-09-02 06:41:57 UTC
Mark, if upstream is dead and you refuse to take patches because you "don't have the skills to maintain custom patches or a fork", is there nay way out. Should you orphan the package or find co-maintainers? Jan, would you be able to help?

Comment 5 Jan Kratochvil 2019-09-02 06:51:22 UTC
I can become a co-maintainer (if there is no one more close to kernel development) as the work on this package seems to be very little and it has even no other open Bugs.

Comment 6 Jan Kratochvil 2019-09-04 08:05:29 UTC
At https://pagure.io/releng/issue/8727 @churchyard says to become a co-maintainer:
# @drago01 or @mmckinst can add you

Comment 7 Mark McKinstry 2019-09-04 20:47:31 UTC
Jan,

I didn't realize you were a package maintainer in Fedora. I've added you as an admin at https://src.fedoraproject.org/rpms/inotify-tools/settings#usersgroups-tab which I think should give you access. Let me know if that doesn't give you the access you need to patch and rebuild.

Comment 8 Fedora Update System 2019-09-05 12:06:43 UTC
FEDORA-EPEL-2019-665999d740 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-665999d740

Comment 9 Fedora Update System 2019-09-05 12:06:46 UTC
FEDORA-EPEL-2019-6923112e79 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6923112e79

Comment 10 Fedora Update System 2019-09-05 12:06:50 UTC
FEDORA-2019-845325db09 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-845325db09

Comment 11 Fedora Update System 2019-09-06 00:22:28 UTC
inotify-tools-3.14-18.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-a009221643

Comment 12 Fedora Update System 2019-09-06 12:11:07 UTC
inotify-tools-3.14-17.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-845325db09

Comment 13 Fedora Update System 2019-09-06 13:21:26 UTC
inotify-tools-3.14-16.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-d1a9722069

Comment 14 Fedora Update System 2019-09-06 17:15:29 UTC
inotify-tools-3.14-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-665999d740

Comment 15 Fedora Update System 2019-09-06 17:15:56 UTC
inotify-tools-3.14-9.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6923112e79

Comment 16 Fedora Update System 2019-09-14 01:12:16 UTC
inotify-tools-3.14-17.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2019-09-14 01:54:20 UTC
inotify-tools-3.14-16.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2019-09-21 03:08:10 UTC
inotify-tools-3.14-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2019-09-21 03:12:47 UTC
inotify-tools-3.14-9.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2019-09-30 00:01:23 UTC
inotify-tools-3.14-18.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.