Description of problem: entered feh in cmdline: *** buffer overflow detected ***: terminated Aborted (core dumped) Version-Release number of selected component: feh-3.9.1-2.fc38 Additional info: reporter: libreport-2.17.11 type: CCpp backtrace_rating: 4 rootdir: / executable: /usr/bin/feh journald_cursor: s=4f96e5548f3b4d0f85b1974abb17b4f5;i=54898d;b=2d2dba36bb3c4b09a71007d729f6de23;m=373618a3;t=6006eefc3840b;x=4e6e2e4def7a92f4 uid: 1000 crash_function: __read_chk reason: feh killed by SIGABRT kernel: 6.4.0-66.rog.fc38.x86_64 package: feh-3.9.1-2.fc38 runlevel: N 5 cgroup: 0::/user.slice/user-1000.slice/user/app.slice/app-org.gnome.Terminal.slice/vte-spawn-707568e3-8b72-4112-b7e7-74bf90e2465b.scope cmdline: feh Truncated backtrace: Thread no. 1 (10 frames) #7 __read_chk at read_chk.c:24 #8 read at /usr/include/bits/unistd.h:38 #9 load2 at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/modules/loaders/loader_webp.c:58 #10 __imlib_LoadImageWrapper at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/lib/image.c:516 #11 __imlib_LoadImage at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/lib/image.c:740 #12 imlib_load_image_with_error_return at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/lib/api.c:1450 #13 feh_load_image at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/imlib.c:346 #14 winwidget_loadimage at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/winwidget.c:833 #15 winwidget_create_from_file at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/winwidget.c:132 #16 init_slideshow_mode at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/slideshow.c:109
Created attachment 1975740 [details] File: limits
Created attachment 1975741 [details] File: cpuinfo
Created attachment 1975742 [details] File: maps
Created attachment 1975743 [details] File: dso_list
Created attachment 1975744 [details] File: os_info
Created attachment 1975745 [details] File: environ
Created attachment 1975746 [details] File: mountinfo
Created attachment 1975747 [details] File: proc_pid_status
Created attachment 1975748 [details] File: backtrace
Created attachment 1975749 [details] File: open_fds
Created attachment 1975750 [details] File: core_backtrace
crashes on startup reporter: libreport-2.17.11 type: CCpp backtrace_rating: 4 comment: crashes on startup rootdir: / executable: /usr/bin/feh journald_cursor: s=4f96e5548f3b4d0f85b1974abb17b4f5;i=61ace6;b=d7f46cd162e14857bd75052c3695d082;m=2c92b4fd3;t=6018f86e7a951;x=d4e6f4cb4fc69119 uid: 1000 crash_function: __read_chk reason: feh killed by SIGABRT kernel: 6.4.7-202.rog.fc38.x86_64 package: feh-3.9.1-2.fc38 runlevel: N 5 cgroup: 0::/user.slice/user-1000.slice/user/session.slice/org.gnome.Shell cmdline: /usr/bin/feh --start-at
feh crashes with SIGABRT every time when started in my home directory. When started from the console, I see this messages: ``` *** buffer overflow detected ***: terminated fish: Job 1, 'feh' terminated by signal SIGABRT (Abort) ``` After little debugging it's turned out it crashed after trying to read `.curlrc` file with following content: ``` insecure ``` Steps to reproduce: ``` echo insecure > /tmp/feh_test feh /tmp/feh_test # crash ``` Gdb backtrace: ``` #0 0x00007ffff7a61884 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff7a10afe in raise () from /lib64/libc.so.6 #2 0x00007ffff79f987f in abort () from /lib64/libc.so.6 #3 0x00007ffff79fa60f in __libc_message.cold () from /lib64/libc.so.6 #4 0x00007ffff7af5969 in __fortify_fail () from /lib64/libc.so.6 #5 0x00007ffff7af41a4 in __chk_fail () from /lib64/libc.so.6 #6 0x00007ffff7af4637 in __read_chk () from /lib64/libc.so.6 #7 0x00007ffff7fb0416 in load2 () from /usr/lib64/imlib2/loaders/webp.so #8 0x00007ffff7bddf26 in __imlib_LoadImageWrapper.lto_priv.0 () from /lib64/libImlib2.so.1 #9 0x00007ffff7be2866 in __imlib_LoadImage () from /lib64/libImlib2.so.1 #10 0x00007ffff7bbad25 in imlib_load_image_with_error_return () from /lib64/libImlib2.so.1 #11 0x000055555556199c in feh_load_image (im=0x55555559d6f8, file=0x55555558adc0) at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/imlib.c:346 #12 0x0000555555579679 in winwidget_loadimage (file=0x55555558adc0, winwid=0x55555559d6c0) at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/winwidget.c:833 #13 winwidget_create_from_file (list=0x55555558b010, type=1 '\001') at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/winwidget.c:132 #14 0x000055555555ead6 in init_slideshow_mode () at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/slideshow.c:109 #15 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/main.c:98 ``` reporter: libreport-2.17.11 cmdline: feh cgroup: 0::/user.slice/user-1000.slice/user/app.slice/app-org.kde.yakuake kernel: 6.5.7-200.fc38.x86_64 crash_function: __read_chk journald_cursor: s=7707f84bdf314f3db38d2a6b283e1021;i=21f624d5;b=93559d75c286400bb099a96e0c5b7e87;m=1634227f32;t=60836a1f58684;x=9d46fe47f6dbc71 reason: feh killed by SIGABRT runlevel: N 5 package: feh-3.9.1-2.fc38 type: CCpp executable: /usr/bin/feh rootdir: / backtrace_rating: 4 uid: 1000
Looks like buffer overflow comes from Imlib2 library.
New backtrace after installing imlib2-debuginfo: ``` #0 0x00007ffff7a61884 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff7a10afe in raise () from /lib64/libc.so.6 #2 0x00007ffff79f987f in abort () from /lib64/libc.so.6 #3 0x00007ffff79fa60f in __libc_message.cold () from /lib64/libc.so.6 #4 0x00007ffff7af5969 in __fortify_fail () from /lib64/libc.so.6 #5 0x00007ffff7af41a4 in __chk_fail () from /lib64/libc.so.6 #6 0x00007ffff7af4637 in __read_chk () from /lib64/libc.so.6 #7 0x00007ffff7fb0416 in read (__nbytes=12, __buf=0x5555555bf730, __fd=4) at /usr/include/bits/unistd.h:38 #8 load2 (im=0x55555559d780, load_data=1) at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/modules/loaders/loader_webp.c:58 #9 0x00007ffff7bddf26 in __imlib_LoadImageWrapper (l=l@entry=0x5555555a03d0, im=im@entry=0x55555559d780, load_data=load_data@entry=1) at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/lib/image.c:516 #10 0x00007ffff7be2866 in __imlib_LoadImage (file=<optimized out>, fp=0x0, progress=<optimized out>, progress_granularity=<optimized out>, immediate_load=<optimized out>, dont_cache=0 '\000', er=0x7fffffffd804) at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/lib/image.c:740 #11 0x00007ffff7bbad25 in imlib_load_image_with_error_return (file=file@entry=0x55555558adf0 "/tmp/feh_test", error_return=error_return@entry=0x7fffffffd878) at /usr/src/debug/imlib2-1.7.4-4.fc38.x86_64/src/lib/api.c:1450 #12 0x000055555556199c in feh_load_image (im=0x55555559d6f8, file=0x55555558adc0) at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/imlib.c:346 #13 0x0000555555579679 in winwidget_loadimage (file=0x55555558adc0, winwid=0x55555559d6c0) at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/winwidget.c:833 #14 winwidget_create_from_file (list=0x55555558b010, type=1 '\001') at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/winwidget.c:132 #15 0x000055555555ead6 in init_slideshow_mode () at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/slideshow.c:109 #16 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/feh-3.9.1-2.fc38.x86_64/src/main.c:98 ```
Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21. Fedora Linux 38 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.