2362049 – diffstat crashes due to misuse of mbsrtowcs()

Bug 2362049 - diffstat crashes due to misuse of mbsrtowcs()

Summary: diffstat crashes due to misuse of mbsrtowcs()

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	diffstat
Sub Component:
Version:	42
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://sourceware.org/bugzilla/show_...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-24 13:16 UTC by Tetsuo Handa
Modified:	2026-05-06 18:43 UTC (History)
CC List:	3 users (show)
Fixed In Version:	1.68
Clone Of:
Environment:
Last Closed:	2026-05-06 18:43:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tetsuo Handa 2025-04-24 13:16:19 UTC

I noticed that diffstat(1) needlessly crashes when the input of an "Only in " line
includes a UTF-8 character. It turned out that this problem is caused by the "len"
argument passed to mbsrtowcs() being wrong.

----------
$ echo 'Only in .: Ａ' | diffstat
*** buffer overflow detected ***: terminated
Aborted (core dumped)
----------


Reproducible: Always




Additional Information:
Since I couldn't find whom to report this problem from https://invisible-island.net/diffstat , I report here.

Comment 1 Thomas E. Dickey 2025-04-24 19:55:43 UTC

The actual data might be helpful (one of my test-scripts exercises that code, but data differs).
I see the problem you're referring to, but in a quick check (Debian 12), I get no dump.

Bugzilla works, but actually bugs works better, because it's mail-based,
and I'm more likely to have the complete bug report and responses in my mail archive.

ymmv.

Comment 2 Thomas E. Dickey 2025-04-24 20:07:11 UTC

fwiw, I can reproduce the problem with my Fedora42 machine.

Comment 3 Tetsuo Handa 2025-04-24 22:02:47 UTC

This problem can be reproduced only when compiled with -D_FORTIFY_SOURCE=3 option.
Fedora 38+ ( https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags )
and Ubuntu 24.04+ uses _FORTIFY_SOURCE=3. Presumably Debian 12 is using _FORTIFY_SOURCE=2.

Comment 4 Thomas E. Dickey 2025-04-24 22:58:28 UTC

Perhaps the detail we're discussing is also tied to the version of gcc (or libc6),
since I see that I've logs from Fedora41 with FORTIFY_SOURCE=3, or something
triggered by a single UTF-8 character (though that seems odd, since the mismatch
would be greater for multiple characters).

Comment 5 Tetsuo Handa 2025-04-24 23:10:33 UTC

Please see https://sourceware.org/bugzilla/show_bug.cgi?id=32899 for details.

Comment 6 Fedora Release Engineering 2026-05-06 12:43:46 UTC

This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 42 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 7 Thomas E. Dickey 2026-05-06 18:43:21 UTC

This was fixed in diffstat 1.68, which is in Fedora 43

Note You need to log in before you can comment on or make changes to this bug.