Bug 2115476 - possible off-by-one exposed when building with _FORTIFY_SOURCE=3
Summary: possible off-by-one exposed when building with _FORTIFY_SOURCE=3
Alias: None
Product: Fedora
Classification: Fedora
Component: clisp
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Jerry James
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2022-08-04 18:42 UTC by Siddhesh Poyarekar
Modified: 2022-08-08 19:25 UTC (History)
3 users (show)

Fixed In Version: clisp-2.49.93-25.20210628gitde01f0f.fc37
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-08-08 19:25:25 UTC
Type: Bug

Attachments (Terms of Use)

Description Siddhesh Poyarekar 2022-08-04 18:42:12 UTC
Description of problem:
Build log:


It looks like the test:

/root/rpmbuild/BUILD/clisp-de01f0f47bb44d3a0f9e842464cf2520b238f356/build/base/lisp.run -B /root/rpmbuild/BUILD/clisp-de01f0f47bb44d3a0f9e842464cf2520b238f356/build -M /root/rpmbuild/BUILD/clisp-de01f0f47bb44d3a0f9e842464cf2520b238f356/build/base/lispinit.mem -N /root/rpmbuild/BUILD/clisp-de01f0f47bb44d3a0f9e842464cf2520b238f356/build/locale -E UTF-8 -Emisc 1:1 -Epathname 1:1 -norc -C -i tests/tests -x "(ext:exit (plusp (or (run-some-tests :dirlist '( \"i18n/\" \"syscalls/\" \"regexp/\" \"readline/\") :srcdir \"../modules/\" :outdir \"./\")\ 0)))"

aborts due to a buffer overflow when the package is built with -D_FORTIFY_SOURCE=3.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Either install redhat-rpm-config from https://copr.fedorainfracloud.org/coprs/siddhesh/mpb.1/


Edit /usr/lib/rpm/redhat/macros and change _FORTIFY_SOURCE=2 to _FORTIFY_SOURCE=3.

Actual results:
Abort due to buffer overflow.

Expected results:
No Abort.

Additional info:

The ENSURE_6X macro allocates name##_bytelen+6 for c_template, which doesn't seem to have enough space for a terminating NULL.  As a result this trips on the fortification check in __strcat_chk.

Comment 1 Jerry James 2022-08-04 19:50:39 UTC
Good find!  Upstream MR: https://gitlab.com/gnu-clisp/clisp/-/merge_requests/4.

Comment 2 Fedora Update System 2022-08-08 19:24:51 UTC
FEDORA-2022-1a7a746b45 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-1a7a746b45

Comment 3 Fedora Update System 2022-08-08 19:25:25 UTC
FEDORA-2022-1a7a746b45 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.