alternatives with command-line option --altdir SOMEPATH causes buffer overflow detected and fails. Reproducible: Always Steps to Reproduce: 1. umask 22; mkdir /etc/alternatives/opt/app2 2. alternatives --altdir /etc/alternatives/opt/app2 --list 3. Actual Results: *** buffer overflow detected ***: terminated Aborted (core dumped) Expected Results: Show list of commands with symlink to alternative paths gdb alternatives gdb> set args --altdir /etc/alternatives/opt/app2 --list gdb> run gdb> bt #0 0x00007ffff7e32844 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff7de1abe in raise () from /lib64/libc.so.6 #2 0x00007ffff7dca87f in abort () from /lib64/libc.so.6 #3 0x00007ffff7dcb60f in __libc_message.cold () from /lib64/libc.so.6 #4 0x00007ffff7ec6979 in __fortify_fail () from /lib64/libc.so.6 #5 0x00007ffff7ec51b4 in __chk_fail () from /lib64/libc.so.6 #6 0x00007ffff7dfa222 in __printf_buffer_flush () from /lib64/libc.so.6 #7 0x00007ffff7dfa689 in __printf_buffer_write () from /lib64/libc.so.6 #8 0x00007ffff7e029e8 in __printf_buffer () from /lib64/libc.so.6 #9 0x00007ffff7e1dd22 in __vsprintf_internal () from /lib64/libc.so.6 #10 0x00007ffff7ec4c7f in __sprintf_chk () from /lib64/libc.so.6 #11 0x0000555555558a64 in readConfig () #12 0x00005555555571da in main () Looking at the source alternatives.c function readConfig(), the 2nd call sprintf(path,..) seems to be the problem: First call had allocated path with specific length, and second sprintf(path,..) may not fit the new string.
Thanks for report! https://github.com/fedora-sysv/chkconfig/pull/112 It seems that this issue existed for such a long time, that now it can legally drink alcohol in the US.
FEDORA-2023-a974677a2a has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a974677a2a
FEDORA-2023-a974677a2a has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-a974677a2a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a974677a2a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-a974677a2a has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.