Created attachment 919442 [details] dev-db/sqlite-3.49.1 build.log (xz compressed) jimsh gets built here: clang -O3 -pipe -march=znver3 -flto=thin -Werror=odr -Werror=strict-aliasing -o jimsh -O1 -DHAVE_REALPATH /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c Fails to be executed here: ./jimsh was built without -DHAVE_REALPATH or -DHAVE__FULLPATH.
Created attachment 919443 [details] emerge --info
Removing -flto=thin gets around the issue.
I did reproduce this by enabling clang and lto, but to be honest I don't know much about the topic myself to be able to tell what could be wrong here. @sam: can you pitch in, if we forward this upstream, is it something they could care about?
This is the check in main.mk that fails (manually run the build dir). So some sort of miscomplication? $ ./jimsh -e 'file normalize ./jimsh' *** buffer overflow detected ***: terminated Aborted (core dumped)
# strace ./jimsh -e 'file normalize ./jimsh' execve("./jimsh", ["./jimsh", "-e", "file normalize ./jimsh"], 0x7ffd981d42c0 /* 28 vars */) = 0 brk(NULL) = 0x564d5486d000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb07df05000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=46359, ...}) = 0 mmap(NULL, 46359, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb07def9000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0t\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 fstat(3, {st_mode=S_IFREG|0755, st_size=1974528, ...}) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 2002040, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb07dd10000 mmap(0x7fb07dd34000, 1449984, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7fb07dd34000 mmap(0x7fb07de96000, 348160, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x7fb07de96000 mmap(0x7fb07deeb000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1db000) = 0x7fb07deeb000 mmap(0x7fb07def1000, 31864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb07def1000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb07dd0d000 arch_prctl(ARCH_SET_FS, 0x7fb07dd0d740) = 0 set_tid_address(0x7fb07dd0da10) = 123987 set_robust_list(0x7fb07dd0da20, 24) = 0 rseq(0x7fb07dd0d680, 0x20, 0, 0x53053053) = 0 mprotect(0x7fb07deeb000, 16384, PROT_READ) = 0 mprotect(0x564d53338000, 12288, PROT_READ) = 0 mprotect(0x7fb07df3c000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7fb07def9000, 46359) = 0 getrandom("\x60\x5a\x5e\x24\x7e\x1e\x70\x25", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x564d5486d000 brk(0x564d5488e000) = 0x564d5488e000 ioctl(0, TCGETS, {c_iflag=ICRNL|IXON, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 ioctl(1, TCGETS, {c_iflag=ICRNL|IXON, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 access("readdir.tcl", F_OK) = -1 ENOENT (No such file or directory) getcwd("/var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64", 1024) = 79 writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3*** buffer overflow detected ***: terminated ) = 45 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb07df04000 gettid() = 123987 getpid() = 123987 tgkill(123987, 123987, SIGABRT) = 0 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=123987, si_uid=0} --- +++ killed by SIGABRT (core dumped) +++ Aborted (core dumped)
# gdb --args ./jimsh -e 'file normalize ./jimsh' GNU gdb (Gentoo 16.2 vanilla) 16.2 Copyright (C) 2024 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./jimsh... (gdb) run Starting program: /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/jimsh -e file\ normalize\ ./jimsh [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib64/libthread_db.so.1". *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. 0x00007ffff7e5ae6c in ?? () from /usr/lib64/libc.so.6 (gdb) bt #0 0x00007ffff7e5ae6c in ?? () from /usr/lib64/libc.so.6 #1 0x00007ffff7e05f06 in raise () from /usr/lib64/libc.so.6 #2 0x00007ffff7dee34b in abort () from /usr/lib64/libc.so.6 #3 0x00007ffff7def34b in ?? () from /usr/lib64/libc.so.6 #4 0x00007ffff7ee286b in __fortify_fail () from /usr/lib64/libc.so.6 #5 0x00007ffff7ee21c6 in __chk_fail () from /usr/lib64/libc.so.6 #6 0x00007ffff7ee3928 in __realpath_chk () from /usr/lib64/libc.so.6 #7 0x0000555555573275 in _Z8realpathPKcPcU17pass_object_size1 (__name=0x5555555bf350 "./jimsh", __resolved=0x5555555b51b0 " \217\372\367\377\177") at /usr/include/bits/stdlib.h:55 #8 JimRealPath (path=0x5555555bf350 "./jimsh", resolved_path=0x5555555b51b0 " \217\372\367\377\177", len=1024) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:4446 #9 file_cmd_normalize (interp=0x5555555a92a0, argc=<optimized out>, argv=0x7fffffffdd90) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:4457 #10 0x0000555555560924 in Jim_CallSubCmd (interp=0x5555555a92a0, ct=0x5555555a5ae0 <file_command_table+256>, argc=<optimized out>, argv=0x7fffffffdd80) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:21731 #11 Jim_SubCmdProc (interp=0x5555555a92a0, argc=<optimized out>, argv=0x7fffffffdd80) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:21749 #12 0x0000555555569178 in JimInvokeCommand (interp=0x5555555a92a0, objc=3, objv=0x7fffffffdd80) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:16164 #13 0x000055555555ff5f in Jim_EvalObj (interp=0x5555555a92a0, scriptObjPtr=0x5555555bec10) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:16584 #14 0x000055555556e8d4 in main (argc=3, argv=0x7fffffffdfb8) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:24474
#8 JimRealPath (path=0x5555555bf350 "./jimsh", resolved_path=0x5555555b51b0 " \217\372\367\377\177", len=1024) at /var/tmp/portage/dev-db/sqlite-3.49.1/work/sqlite-src-3490100-abi_x86_64.amd64/autosetup/jimsh0.c:4446 What size is the buffer that JimRealPath calls realpath with as its output buffer (2nd argument)? Note that _FORTIFY_SOURCE will complain about buffers that are theoretically too small even if they're OK for the current input/output.
ding ding! See https://github.com/msteveb/jimtcl/issues/247. I'd bet that this is similar to the case in sys-devel/dev86. If you build it with -std=gnu89, it's fine, because MAXPATHLEN and PATH_MAX are defined by _GNU_SOURCE. If you build w/ -std=c89, it fails b/c it uses 1024 as the defines aren't available.
There's a commit linked in that issue but that part of the code seems to already be present in sqlite's jimsh source: https://github.com/sqlite/sqlite/blob/master/autosetup/jimsh0.c#L4176-L4181
(In reply to Jakov Smolić from comment #9) > There's a commit linked in that issue but that part of the code seems to > already be present in sqlite's jimsh source: > https://github.com/sqlite/sqlite/blob/master/autosetup/jimsh0.c#L4176-L4181 Try moving the _GNU_SOURCE define before any includes.
(In reply to Jakov Smolić from comment #9) > There's a commit linked in that issue but that part of the code seems to > already be present in sqlite's jimsh source: > https://github.com/sqlite/sqlite/blob/master/autosetup/jimsh0.c#L4176-L4181 Turns out that they are already defining MAXPATHLEN earlier in the file, https://github.com/sqlite/sqlite/blob/master/autosetup/jimsh0.c#L2091-L2093 so the latter check for PATH_MAX doesn't do anything at all
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75d82143fa29cb7a37550333c548292bda6b4687 commit 75d82143fa29cb7a37550333c548292bda6b4687 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2025-02-22 12:36:21 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2025-02-22 13:16:30 +0000 dev-db/sqlite: Fix buffer overflow in autosetup jimsh Add a patch similar to https://github.com/msteveb/jimtcl/commit/9b754b8033b9f2a1dc8ba1227df2e5d75185dda7 until this is fixed upstream in autosetup Closes: https://bugs.gentoo.org/949981 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-db/sqlite/files/sqlite-3.49.1-jimsh.patch | 36 +++++++++++++++++++++++++++ dev-db/sqlite/sqlite-3.49.1.ebuild | 2 ++ 2 files changed, 38 insertions(+)
BTW, just to explain the LTO connection: it's really just that with LTO, Clang had better object size detection here.
