Created attachment 1953736 [details] Coredump from when the :help command is used Description of problem: With neovim-0.8.3-3.fc38.x86_64 when using :help or :help <topic> commands in neovim the program crashes due to a buffer overlow. *** buffer overflow detected ***: terminated [1] 65867 IOT instruction (core dumped) nvim . Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Open nvim (it does not seem to matter if a filepath, directory path, or no path is used) 2.Run :help or :help <topic> (such as :help g:clipboard) 3.Observe the crash. Actual results: Program crashes Expected results: Neovim help docs are shown Additional info: This seems to be introduced by a patch that is applied by the package maintainers. I've compiled neovim 0.8.3 from source on Fedora 38 and it does not have this issue. I have attached a coredump of when this happens: PID: 65867 (nvim) UID: 1000 (chasinglogic) GID: 1000 (chasinglogic) Signal: 6 (ABRT) Timestamp: Sun 2023-03-26 13:45:48 BST (5min ago) Command Line: nvim . Executable: /usr/bin/nvim Control Group: /user.slice/user-1000.slice/user/app.slice/app-org.gnome.Terminal.slice/vte-spawn-1a25f0e7-1491-4ab1-af83-889a25e6ccfb.scope Unit: user User Unit: vte-spawn-1a25f0e7-1491-4ab1-af83-889a25e6ccfb.scope Slice: user-1000.slice Owner UID: 1000 (chasinglogic) Boot ID: c2270be640324b9f8a8ef7ed616e7af9 Machine ID: c041d5c792634062aded0cdbfe41f32d Hostname: fedora Storage: /var/lib/systemd/coredump/core.nvim.1000.c2270be640324b9f8a8ef7ed616e7af9.65867.1679834748000000.zst (present) Size on Disk: 1.7M Package: neovim/0.8.3-3.fc38 build-id: 4a25cec37759f7c6489b3ee8a449d777815d67b2 Message: Process 65867 (nvim) of user 1000 dumped core. Module /home/chasinglogic/.local/share/nvim/telescope-fzy-native.nvim/deps/fzy-lua-native/static/libfzy-linux-x86_64.so from rpm neovim-0.8.3-3.fc38.x86_64 Module libluajit-5.1.so.2 from rpm luajit-2.1.0-0.27beta3.fc38.x86_64 Module libtree-sitter.so.0 from rpm tree-sitter-0.20.7-2.fc38.x86_64 Module libunibilium.so.4 from rpm unibilium-2.1.1-4.fc38.x86_64 Module libtermkey.so.1 from rpm libtermkey-0.22-4.fc38.x86_64 Module libvterm.so.0 from rpm libvterm-0.3-2.fc38.x86_64 Module libmsgpackc.so.2 from rpm msgpack-3.1.0-11.fc38.x86_64 Module libuv.so.1 from rpm libuv-1.44.2-3.fc38.x86_64 Module luv.so from rpm lua-luv-1.44.2.1-2.fc38.x86_64 Module nvim from rpm neovim-0.8.3-3.fc38.x86_64 Stack trace of thread 65867: #0 0x00007fd73e3cfb94 __pthread_kill_implementation (libc.so.6 + 0x8eb94) #1 0x00007fd73e37eaee raise (libc.so.6 + 0x3daee) #2 0x00007fd73e36787f abort (libc.so.6 + 0x2687f) #3 0x00007fd73e36860f __libc_message.cold (libc.so.6 + 0x2760f) #4 0x00007fd73e463b29 __fortify_fail (libc.so.6 + 0x122b29) #5 0x00007fd73e462364 __chk_fail (libc.so.6 + 0x121364) #6 0x00007fd73e461f45 __snprintf_chk (libc.so.6 + 0x120f45) #7 0x0000555638ff20b1 find_tags (nvim + 0x2a20b1) #8 0x0000555638ecd0e1 find_help_tags (nvim + 0x17d0e1) #9 0x0000555638ecb6ac ex_help (nvim + 0x17b6ac) #10 0x0000555638e91460 execute_cmd0 (nvim + 0x141460) #11 0x0000555638e94bf1 do_one_cmd (nvim + 0x144bf1) #12 0x0000555638e95798 do_cmdline (nvim + 0x145798) #13 0x0000555638f3b9dd nv_colon.lto_priv.0 (nvim + 0x1eb9dd) #14 0x0000555638f3900b normal_execute.lto_priv.0 (nvim + 0x1e900b) #15 0x0000555638fdb1a4 state_enter (nvim + 0x28b1a4) #16 0x0000555638f35e32 normal_enter (nvim + 0x1e5e32) #17 0x0000555638efe396 main (nvim + 0x1ae396) #18 0x00007fd73e368b4a __libc_start_call_main (libc.so.6 + 0x27b4a) #19 0x00007fd73e368c0b __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x27c0b) #20 0x0000555638dc7a75 _start (nvim + 0x77a75) Stack trace of thread 65868: #0 0x00007fd73e453e72 epoll_wait (libc.so.6 + 0x112e72) #1 0x00007fd73e727bd1 uv__io_poll.part.0 (libuv.so.1 + 0x27bd1) #2 0x00007fd73e71060a uv_run (libuv.so.1 + 0x1060a) #3 0x0000555638e83539 loop_uv_run (nvim + 0x133539) #4 0x0000555638e84135 loop_poll_events (nvim + 0x134135) #5 0x0000555639005576 tui_main (nvim + 0x2b5576) #6 0x00005556390066fe ui_thread_run (nvim + 0x2b66fe) #7 0x00007fd73e3cdc57 start_thread (libc.so.6 + 0x8cc57) #8 0x00007fd73e453a70 __clone3 (libc.so.6 + 0x112a70) ELF object binary architecture: AMD x86-64
Yeah, those are all showing up because -D_FORTIFY_SOURCE=3 is the default now. I think we need to backport https://github.com/neovim/neovim/commit/84027f7515b8ee6f818462f105882fc0052783c4
FEDORA-2023-d1e409413f has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d1e409413f
FEDORA-2023-d1e409413f has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-b9ec085715 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-b9ec085715
FEDORA-2023-5e6280ef5d has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-5e6280ef5d
Can confirm that this https://bodhi.fedoraproject.org/updates/FEDORA-2023-b9ec085715 build no longer has this issue and is working for me. Thanks for the quick turn around!
FEDORA-2023-5e6280ef5d has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-5e6280ef5d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-5e6280ef5d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-b9ec085715 has been pushed to the Fedora 38 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b9ec085715 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-b9ec085715 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-5e6280ef5d has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-1d9f5179bd has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1d9f5179bd
FEDORA-2023-1d9f5179bd has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-1d9f5179bd` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-1d9f5179bd See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-1d9f5179bd has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.