Created attachment 1981494 [details] GDB Backtrace Description of problem: Attempting to generate a datamatrix with the dmtxwrite utility results in a buffer overflow error and termination. Version-Release number of selected component (if applicable): 0.7.6-14.fc38 How reproducible: [user@fedora38 ~]# cat /etc/fedora-release | dmtxwrite -o release.png *** buffer overflow detected ***: terminated Aborted (core dumped) Actual results: Crash Expected results: release.png image created Additional info: backtrace attached
Created attachment 1981565 [details] Proposed patch to fix buffer overflow
dmtxwrite appears completely broken when _FORTIFY_SOURCE=3 is used. The attached patch attempts to fix the source.
Thanks, seems _FORTIFY_SOURCE=3 is doing its work. Could you open an upstream PR (https://github.com/dmtx/dmtx-utils/pulls) as well so I can I refer it in the package?
Upstream pull request is here: [https://github.com/dmtx/dmtx-utils/pull/16](https://github.com/dmtx/dmtx-utils/pull/16)
FEDORA-2023-0b659a8dd1 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b659a8dd1
FEDORA-2023-0b659a8dd1 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
@dan thanks for fixing this. I've seen you pushed this for F39 and F40. Would it be possible to also backport this to F38? The state dmtx-utils is in without this fix is completely broken. So it can only get better. This means I wouldn't worry about any regressions from your change or similar.
FEDORA-2023-c5d305ef35 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c5d305ef35
FEDORA-2023-852f5f0791 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-852f5f0791
(In reply to Gerd v. Egidy from comment #7) > @dan thanks for fixing this. > > I've seen you pushed this for F39 and F40. Would it be possible to also > backport this to F38? yes, that was the plan > The state dmtx-utils is in without this fix is completely broken. So it can > only get better. > This means I wouldn't worry about any regressions from your change or > similar.
FEDORA-2023-c5d305ef35 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-c5d305ef35` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c5d305ef35 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-852f5f0791 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-852f5f0791` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-852f5f0791 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-c5d305ef35 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-852f5f0791 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.