When trying to use lastcomm or dump-acct - which both processes /var/account/pacct - from sys-process/acct program ends/fails with *** buffer overflow detected ***: terminated - Aborted I have found one older (Feb 2023) pacct-file which dump-acct partially processes, but also eventually fails with same buffer overflow message.
ns /var/account # emerge --info Portage 3.0.61 (python 3.11.8-final-0, default/linux/amd64/17.1/no-multilib/hardened, gcc-14, glibc-2.38-r10, 6.6.17-gentoo-x86_64 x86_64) ================================================================= System uname: Linux-6.6.17-gentoo-x86_64-x86_64-12th_Gen_Intel-R-_Core-TM-_i7-1270P-with-glibc2.38 KiB Mem: 8148936 total, 3475476 free KiB Swap: 6291452 total, 6211836 free Timestamp of repository guru: Fri, 23 Feb 2024 23:48:23 +0000 Head commit of repository guru: 7d93765491d77cfaf1d5435db244ffe7a7d37478 Timestamp of repository gentoo: Sat, 24 Feb 2024 01:00:00 +0000 Head commit of repository gentoo: b966c28f4de2c9d31d7b6b8407d0be6dcfd03570 sh bash 5.1_p16-r6 ld GNU ld (Gentoo 2.41 p5) 2.41.0 app-misc/pax-utils: 1.3.7::gentoo app-shells/bash: 5.1_p16-r6::gentoo dev-build/autoconf: 2.71-r6::gentoo dev-build/automake: 1.16.5-r2::gentoo dev-build/cmake: 3.27.9::gentoo dev-build/libtool: 2.4.7-r2::gentoo dev-build/make: 4.4.1-r1::gentoo dev-build/meson: 1.3.1-r1::gentoo dev-lang/perl: 5.38.2-r1::gentoo dev-lang/python: 3.11.8_p1::gentoo, 3.12.2_p1::gentoo dev-lang/rust-bin: 1.74.1::gentoo sys-apps/baselayout: 2.14-r2::gentoo sys-apps/openrc: 0.53::gentoo sys-apps/sandbox: 2.38::gentoo sys-devel/binutils: 2.41-r5::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/gcc: 14.0.1_pre20240218::gentoo sys-devel/gcc-config: 2.11::gentoo sys-kernel/linux-headers: 6.6::gentoo (virtual/os-headers) sys-libs/glibc: 2.38-r10::gentoo Repositories: local location: /var/db/repos/local masters: gentoo priority: -1 volatile: False guru location: /var/db/repos/guru sync-type: git sync-uri: https://github.com/gentoo-mirror/guru.git masters: gentoo volatile: False gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: 1 volatile: False sync-rsync-verify-max-age: 3 sync-rsync-extra-opts: sync-rsync-verify-metamanifest: no sync-rsync-verify-jobs: 1 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native -Werror=strict-aliasing -Werror=odr -Werror=lto-type-mismatch -Wstack-protector -fgraphite-identity -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -flto=2 -fuse-linker-plugin -fno-fat-lto-objects -ftree-vectorize" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind /var/spool/munin-async/.ssh" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=native -Werror=strict-aliasing -Werror=odr -Werror=lto-type-mismatch -Wstack-protector -fgraphite-identity -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -flto=2 -fuse-linker-plugin -fno-fat-lto-objects -ftree-vectorize -flifetime-dse=1" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS=" --buildpkg-exclude 'virtual/* sys-kernel/*-sources sys-apps/pkgcore'" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -pipe -march=native -Werror=strict-aliasing -Werror=odr -Werror=lto-type-mismatch -Wstack-protector -fgraphite-identity -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -flto=2 -fuse-linker-plugin -fno-fat-lto-objects -ftree-vectorize" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -march=native -Werror=strict-aliasing -Werror=odr -Werror=lto-type-mismatch -Wstack-protector -fgraphite-identity -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -flto=2 -fuse-linker-plugin -fno-fat-lto-objects -ftree-vectorize" GENTOO_MIRRORS="http://gentoo.mirrors.ovh.net/gentoo-distfiles/ https://ftp.uni-hannover.de/gentoo/ https://ftp.agdsn.de/gentoo" LANG="en_US.utf8" LDFLAGS="-fuse-ld=mold -Wl,--as-needed -Wl,-O2 -flto -fuse-linker-plugin -Wl,-z,pack-relative-relocs -Wl,--defsym=__gentoo_check_ldflags__=0" LEX="flex" LINGUAS="en" MAKEOPTS="-j2" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/bash" USE="acl amd64 audit berkdb bzip2 caps cli crypt dri fortran hardened iconv icu idn ipv6 libtirpc lto ncurses nls openmp pam pcre pgo pic pie readline seccomp split-usr ssl ssp syslog test-rust udev unicode usb verify-sig xattr xml xtpax zlib zstd" ABI_X86="64" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sha sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en-US" LUA_SINGLE_TARGET="lua5-4" LUA_TARGETS="lua5-4" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
ns /var/account # strace lastcomm execve("/usr/bin/lastcomm", ["lastcomm"], 0x7fff396ab030 /* 33 vars */) = 0 brk(NULL) = 0x645abd9f7000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=20988, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 20988, PROT_READ, MAP_PRIVATE, 3, 0) = 0x79753e6f6000 close(3) = 0 openat(AT_FDCWD, "/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=894920, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x79753e6f4000 mmap(NULL, 897048, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x79753e618000 mmap(0x79753e626000, 471040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x79753e626000 mmap(0x79753e699000, 364544, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x79753e699000 mmap(0x79753e6f2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd9000) = 0x79753e6f2000 close(3) = 0 openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p@\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1839192, ...}, AT_EMPTY_PATH) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 1870704, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x79753e44f000 mmap(0x79753e471000, 1339392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x79753e471000 mmap(0x79753e5b8000, 335872, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x169000) = 0x79753e5b8000 mmap(0x79753e60a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x79753e60a000 mmap(0x79753e610000, 31600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x79753e610000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x79753e44c000 arch_prctl(ARCH_SET_FS, 0x79753e44c740) = 0 set_tid_address(0x79753e44ca10) = 22454 set_robust_list(0x79753e44ca20, 24) = 0 rseq(0x79753e44d060, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) mprotect(0x79753e60a000, 16384, PROT_READ) = 0 mprotect(0x79753e6f2000, 4096, PROT_READ) = 0 mprotect(0x645abbbfe000, 4096, PROT_READ) = 0 mprotect(0x79753e72b000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x79753e6f6000, 20988) = 0 getrandom("\xdc\x22\xe2\x86\xb1\x1a\xac\x45", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x645abd9f7000 brk(0x645abda18000) = 0x645abda18000 openat(AT_FDCWD, "/var/account/pacct", O_RDONLY) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=17024, ...}, AT_EMPTY_PATH) = 0 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=17024, ...}, AT_EMPTY_PATH) = 0 lseek(3, 16384, SEEK_SET) = 16384 read(3, "\1\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7w\0\0\2\0\0\0\206@\331e\332Q\202J"..., 640) = 640 lseek(3, 0, SEEK_SET) = 0 read(3, "\2\3\2\210\0\0\0\0\0\0\0\0\0\0\0\0\244V\0\0\302,\0\0\\\346\331e\0\0\0\0"..., 4096) = 4096 read(3, "\0\3\0\0\0\0\0\0\376\377\0\0\261\0\0\0\352V\0\0\347V\0\0%\347\331e\0\0\200@"..., 12288) = 12288 read(3, "\1\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7w\0\0\2\0\0\0\206@\331e\332Q\202J"..., 4096) = 640 lseek(3, 0, SEEK_SET) = 0 read(3, "\2\3\2\210\0\0\0\0\0\0\0\0\0\0\0\0\244V\0\0\302,\0\0\\\346\331e\0\0\0\0"..., 4096) = 4096 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2092, ...}, 0) = 0 newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=2092, ...}, AT_EMPTY_PATH) = 0 read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 2092 read(4, "", 4096) = 0 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=2092, ...}, AT_EMPTY_PATH) = 0 close(4) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=1917, ...}, AT_EMPTY_PATH) = 0 lseek(4, 0, SEEK_SET) = 0 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1917 close(4) = 0 openat(AT_FDCWD, "/dev", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=3700, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x645abd9fe430 /* 185 entries */, 32768) = 5536 writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3*** buffer overflow detected ***: terminated ) = 45 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x79753e6fb000 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 gettid() = 22454 getpid() = 22454 tgkill(22454, 22454, SIGABRT) = 0 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=22454, si_uid=0} --- +++ killed by SIGABRT +++ Aborted
Please get a backtrace from gdb (https://wiki.gentoo.org/wiki/Debugging#Per-package).
Hope this is somewhat correctly done: ns ~ # gdb --args lastcomm GNU gdb (Gentoo 14.1 vanilla) 14.1 Copyright (C) 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from lastcomm... (gdb) run Starting program: /usr/bin/lastcomm [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 warning: 44 pthread_kill.c: No such file or directory (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007ffff7da687f in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 #2 0x00007ffff7d529a2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff7d3b4f2 in __GI_abort () at abort.c:79 #4 0x00007ffff7d3c545 in __libc_message (fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:150 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb)
Trying with breakpoints; with b 142 it reaches it fine; with b 145 I hit the error. (gdb) l 142 file: "/usr/src/debug/sys-process/acct-6.6.4-r3/acct-6.6.4/lastcomm.c", line number: 142, symbol: "???" 137 #ifdef HAVE_PAGING 138 "p" 139 #endif 140 , long_options, &option_index); 141 142 if (c == EOF) 143 break; 144 145 switch (c) 146 {
It's weird that the stack is corrupt given _F_S aborted before anything bad happened, in theory. Unfortunately, there's not much useful in there yet.
(In reply to Sam James from comment #6) > It's weird that the stack is corrupt given _F_S aborted before anything bad > happened, in theory. Unfortunately, there's not much useful in there yet. You definitely built it with -ggdb3 and such per the wiki page I linked?
It should be with -ggdb3 yes, snippet from my log: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I./lib -I./lib -O2 -pipe -march=native -Werror=strict-aliasing -Werror=odr -Werror=lto-type-mismatch -Wstack-protector -fgraphite-identity -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -flto=2 -fuse-linker-plugin -fno-fat-lto-objects -ftree-vectorize -ggdb3 -Wall -Wmissing-prototypes -c -o lastcomm.o lastcomm.c /bin/sh ./libtool --tag=CC --mode=link x86_64-pc-linux-gnu-gcc -O2 -pipe -march=native -Werror=strict-aliasing -Werror=odr -Werror=lto-type-mismatch -Wstack-protector -fgraphite-identity -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -flto=2 -fuse-linker-plugin -fno-fat-lto-objects -ftree-vectorize -ggdb3 -Wall -Wmissing-prototypes -fuse-ld=mold -Wl,--as-needed -Wl,-O2 -flto -fuse-linker-plugin -Wl,-z,pack-relative-relocs -Wl,--defsym=__gentoo_check_ldflags__=0 -o lastcomm lastcomm.o common.o dev_hash.o file_rd.o hashtab.o pacct_rd.o uid_hash.o lib/libgnu.la -lm ns /var/log/portage # cat /etc/portage/package.env ... #debug sys-libs/glibc debugsyms sys-process/acct debugsyms installsources ns /var/log/portage # cat /etc/portage/env/debugsyms CFLAGS="${CFLAGS} -ggdb3" CXXFLAGS="${CXXFLAGS} -ggdb3" # nostrip is disabled here because it negates splitdebug FEATURES="${FEATURES} splitdebug compressdebug -nostrip"
And you definitely had debugedit installed too?
Confirmed; debugedit was installed (I think, though I see the 'Reading symbols from /usr/lib/debug//usr/bin/lastcomm.debug...' is not in my first gdb-paste - for good meassure I tried emerging it again, this time also with -ggdb3 to see if that changed anything... same output/bt. ns ~ # gdb --args lastcomm GNU gdb (Gentoo 14.1 vanilla) 14.1 Copyright (C) 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from lastcomm... Reading symbols from /usr/lib/debug//usr/bin/lastcomm.debug... (gdb) run Starting program: /usr/bin/lastcomm [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 warning: 44 pthread_kill.c: No such file or directory (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007ffff7da687f in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 #2 0x00007ffff7d529a2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff7d3b4f2 in __GI_abort () at abort.c:79 #4 0x00007ffff7d3c545 in __libc_message (fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:150 Backtrace stopped: previous frame inner to this frame (corrupt stack?)
I think I know why this is happening now (why the bt is useless). I think it might be https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114116. Can you try CC=gcc-13 ... to get a bt?
That seemed to generate at least a different backtrace with no stack complaints: (bt was the same as before until I tried to emerge glibc with gcc13, too) gdb --args lastcomm GNU gdb (Gentoo 14.1 vanilla) 14.1 Copyright (C) 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from lastcomm... Reading symbols from /usr/lib/debug//usr/bin/lastcomm.debug... (gdb) run Starting program: /usr/bin/lastcomm [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 warning: 44 pthread_kill.c: No such file or directory (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007ffff7dac09f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007ffff7d5ca92 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff7d454ef in __GI_abort () at abort.c:79 #4 0x00007ffff7d465aa in __libc_message (fmt=fmt@entry=0x7ffff7ea177c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007ffff7e2abf7 in __GI___fortify_fail (msg=msg@entry=0x7ffff7ea1763 "buffer overflow detected") at fortify_fail.c:24 #6 0x00007ffff7e2a5d2 in __GI___chk_fail () at chk_fail.c:28 #7 0x00007ffff7d981a4 in __vsprintf_internal (string=string@entry=0x7fffffffdd00 "/dev/.", maxlen=<optimized out>, format=<optimized out>, args=args@entry=0x7fffffffdc10, mode_flags=mode_flags@entry=6) at iovsprintf.c:67 #8 0x00007ffff7e2bc75 in ___sprintf_chk (s=s@entry=0x7fffffffdd00 "/dev/.", flag=flag@entry=2, slen=<optimized out>, format=format@entry=0x5555555556e2 "%s/%s") at sprintf_chk.c:40 #9 0x0000555555557a28 in sprintf (__fmt=<optimized out>, __s=<optimized out>, __s=<optimized out>, __fmt=<optimized out>) at /usr/include/bits/stdio2.h:30 #10 setup_devices (dirname=dirname@entry=0x555555555896 "/dev") at /usr/src/debug/sys-process/acct-6.6.4-r3/acct-6.6.4/dev_hash.c:152 #11 0x0000555555557da5 in dev_gnu_name (dev_num=<optimized out>) at /usr/src/debug/sys-process/acct-6.6.4-r3/acct-6.6.4/dev_hash.c:199 #12 0x00005555555585b4 in parse_entries () at /usr/src/debug/sys-process/acct-6.6.4-r3/acct-6.6.4/lastcomm.c:332 #13 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/sys-process/acct-6.6.4-r3/acct-6.6.4/lastcomm.c:295
I can reproduce with: ``` touch /var/account/pacct accton on lastcomm ```
Oh, Fedora fixed this already: https://src.fedoraproject.org/rpms/psacct/blob/rawhide/f/psacct-6.6.4-sprintf-buffer-overflow.patch. https://bugzilla.redhat.com/show_bug.cgi?id=2190057
commit 038e31c37d6e59768ae7abf5083559a0950c308f Author: Sam James <sam@gentoo.org> Date: Fri Mar 1 06:08:16 2024 +0000 sys-process/acct: update EAPI 7 -> 8, fix _F_S=3 crash, fix startup * EAPI 8 * Fix crash with _FORTIFY_SOURCE=3 (bug #925419) * Use tmpfiles to create /var/accounts/pacct which fixes startup/use on new installs * Drop ancient workaround (bug #239748) Bug: https://bugs.gentoo.org/239748 Signed-off-by: Sam James <sam@gentoo.org>
