rpm-git-tag-sort-1.0-12.fc39 fails to build in Fedora 39: + /usr/bin/make -O -j6 V=1 VERBOSE=1 gcc -Wall -g -std=gnu99 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -c c-vector/vec.c gcc -Wall -g -std=gnu99 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/include/rpm -c main.c gcc -Wall -g -std=gnu99 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -lrpm -lrpmio -lgit2 -o main main.o vec.o + ./test *** buffer overflow detected ***: terminated 0a1,14 > 043436006cb582879b8d66503e755a22bcd8b13e tag-1-2 > d882aa1b41767801307cf18b08c3653ee22eca35 tag-11-1 > 11344b06b32f18534d921cb22a001db21058e7af tag-10-1 > 6fecf2e24af75b97ae857d6f8b58ee54a74b7d2d tag-9-1 > fa9dd254964d602202e09e43017f67d484903618 tag-5-1 > f617549126a44e6cceea5384623dede4cd76beb5 tag-8-3 > 5334bc27d2312b7b512733f625ade86bd19f7edd tag-8-2 > e5cc783757f61e7e7179394a989b0bf6bd8b771d tag-8-1 > 1097c7de63a35207f32c3232a1f4253ad0ec2e4e tag-8-0 > 335cae5db0ac482dfd3e8ec972831dc0b74ca030 tag-7-1 > 9b0975c3aaeea59ebdcf69ae23d331c7c97cd97a tag-6-1 > 379b113d3447c00c499b2a048cda13878c10e79a tag-3-1 > 5c48f70428673549517763d984ab06019791c8bf tag-4-1 > 13841e1b08e7c90c651ce8bf9acb0312e14841b8 tag-1-1 fail. error: Bad exit status from /var/tmp/rpm-tmp.Zd3mzx (%build) I discovered it when rebuilding it for rpm-4.19 <https://koji.fedoraproject.org/koji/buildinfo?buildID=2203164> and verified with a scratch build against rpm-4.18 <https://koji.fedoraproject.org/koji/taskinfo?taskID=101337566>. Reproducible: Always
It's the second invocation of ./main in ./test which crashes: $ gdb --args ./main testx tag [...] (gdb) bt #0 0x00007ffff7a8f6d4 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff7a3e71e in raise () from /lib64/libc.so.6 #2 0x00007ffff7a2687f in abort () from /lib64/libc.so.6 #3 0x00007ffff7a27750 in __libc_message.cold () from /lib64/libc.so.6 #4 0x00007ffff7b22a99 in __fortify_fail () from /lib64/libc.so.6 #5 0x00007ffff7b22454 in __chk_fail () from /lib64/libc.so.6 #6 0x00007ffff7b23e55 in __strcpy_chk () from /lib64/libc.so.6 #7 0x0000000000401dcd in strcpy (__src=0x538fe0 "tag-10-1", __dest=0x7fffffffde50 "") at /usr/include/bits/string_fortified.h:79 #8 rpm_is_lower_than (tag2_name=0x538fe0 "tag-10-1", tag1_name=0x52d700 "tag-9-1") at /home/test/fedora/rpm-git-tag-sort/rpm-git-tag-sort/main.c:134 #9 add_to_result (e_idx=<optimized out>, e=<optimized out>, tag_idx=<optimized out>) at /home/test/fedora/rpm-git-tag-sort/rpm-git-tag-sort/main.c:219 #10 visit (c=<optimized out>, visited_ptr=visited_ptr@entry=0x7fffffffe230, name=<optimized out>, repo=<optimized out>) at /home/test/fedora/rpm-git-tag-sort/rpm-git-tag-sort/main.c:304 #11 0x0000000000402191 in visit (c=0x535da0, visited_ptr=visited_ptr@entry=0x7fffffffe230, name=<optimized out>, repo=<optimized out>) at /home/test/fedora/rpm-git-tag-sort/rpm-git-tag-sort/main.c:271 #12 0x0000000000402191 in visit (c=0x532bd0, visited_ptr=visited_ptr@entry=0x7fffffffe230, name=<optimized out>, repo=<optimized out>) at /home/test/fedora/rpm-git-tag-sort/rpm-git-tag-sort/main.c:271 #13 0x0000000000401560 in main (argc=<optimized out>, argv=<optimized out>) at /home/test/fedora/rpm-git-tag-sort/rpm-git-tag-sort/main.c:432
The problem is that here: /* copy tag names */ char tag1_name_cpy[strlen(tag1_name) + 1]; char tag2_name_cpy[strlen(tag1_name) + 1]; strcpy(tag1_name_cpy, tag1_name); -> strcpy(tag2_name_cpy, tag2_name); tag2_name_cpy is too short to hold tag2_name: (gdb) p tag1_name $1 = 0x52d700 "tag-9-1" (gdb) p tag2_name $2 = 0x538fe0 "tag-10-1" It looks like a typo in tag2_name_cpy[] definition.
I proposed a fix at <https://pagure.io/rpm-git-tag-sort/pull-request/3>.
The fix was merged by the upstream.
RPM maintainers needs to rebuild this package against a new rpm-4.19. This bug prevents from doing so. Could you please apply the fix? If you don't have time, I can do it instead of you.
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Thank you for the report and hints. I've built the fixed packages in Rawhide: rpmgit-tag-sort: https://koji.fedoraproject.org/koji/buildinfo?buildID=2267612 rpkg-macros: https://koji.fedoraproject.org/koji/buildinfo?buildID=2253802 rpkg-util: https://koji.fedoraproject.org/koji/buildinfo?buildID=2253810