Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 421717

Summary: app-text/cuneiform _FORTIFY_SOURCE indicates presence of overflow
Product: Gentoo Linux Reporter: Diego Elio Pettenò (RETIRED) <flameeyes>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED FIXED    
Severity: major CC: nikoli, proxy-maint, rose, slawomir.nizio, yaleks
Priority: Highest Keywords: NeedPatch, PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://tinderboxlogs.s3.amazonaws.com/tbamd64.excelsior.flameeyes.eu/app-text%3Acuneiform-1.1.0-r1%3A20120618-063631.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 462366, 473398    
Bug Blocks: 259417    

Description Diego Elio Pettenò (RETIRED) gentoo-dev 2012-06-18 09:06:05 UTC 
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Sławomir Nizio 2012-07-25 22:17:30 UTC 
This application has many bugs opened about crashing and at least some of them are related to this bug.
For example this one, containing workaround patches (the first one at least fixes crashing in common circumstances):
https://bugs.launchpad.net/cuneiform-linux/+bug/978183
Comment 2 Pacho Ramos gentoo-dev 2012-10-06 12:39:52 UTC 
Looks like a new upstream maintainer has arrived, maybe it will help:
https://launchpad.net/cuneiform-linux/+announcement/9790
Comment 3 Pacho Ramos gentoo-dev 2013-02-16 13:11:58 UTC 
(In reply to comment #2)
> Looks like a new upstream maintainer has arrived, maybe it will help:
> https://launchpad.net/cuneiform-linux/+announcement/9790

If bugs are not fixed, maybe we should treeclean this
Comment 4 Richard Freeman gentoo-dev 2013-03-24 09:52:34 UTC 
*** Bug 462366 has been marked as a duplicate of this bug. ***
Comment 5 Aleksandr Yakimov 2013-03-30 21:05:18 UTC 
How I can get attached output?

FEATURES="sandbox test userpriv usersandbox" CFLAGS="-O2 -pipe -ggdb -march=native -ftracer" CXXFLAGS="${CFLAGS}" emerge -1v cuneiform

No warnings produced (amd64, gcc-4.7.2).
Comment 6 Richard Freeman gentoo-dev 2013-06-15 20:26:54 UTC 
(In reply to Aleksandr Yakimov from comment #5)
> How I can get attached output?
> 
> FEATURES="sandbox test userpriv usersandbox" CFLAGS="-O2 -pipe -ggdb
> -march=native -ftracer" CXXFLAGS="${CFLAGS}" emerge -1v cuneiform
> 
> No warnings produced (amd64, gcc-4.7.2).

I get the warnings in the linked log when I build:

FEATURES="sandbox test userpriv usersandbox" CFLAGS="-O2 -pipe -ggdb -march=native -ftracer" CXXFLAGS="${CFLAGS}"  ebuild cuneiform-1.1.0-r1.ebuild install

 * QA Notice: Package triggers severe warnings which indicate that it
 *            may exhibit random runtime failures.
 * /usr/include/bits/stdio2.h:285:71: warning: call to ‘__fread_chk_warn’ declared with attribute war
ning: fread called with bigger size * nmemb than length of destination buffer [enabled by default]


 * QA Notice: Package triggers severe warnings which indicate that it
 *            may exhibit random runtime failures.
 * /usr/include/bits/string3.h:105:3: warning: call to __builtin___strcpy_chk will always overflow de
stination buffer [enabled by default]
 * /usr/include/bits/string3.h:105:3: warning: call to __builtin___strcpy_chk will always overflow de
stination buffer [enabled by default]
 * /usr/include/bits/string3.h:105:3: warning: call to __builtin___strcpy_chk will always overflow de
stination buffer [enabled by default]
 * /usr/include/bits/string3.h:105:3: warning: call to __builtin___strcpy_chk will always overflow de
stination buffer [enabled by default]
 * /usr/include/bits/string3.h:85:3: warning: call to __builtin___memset_chk will always overflow des
tination buffer [enabled by default]


 * QA Notice: Package triggers severe warnings which indicate that it
 *            may exhibit random runtime failures.
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/rdib/sources/cpp/CTDIB.cpp:541:2: warning: converting to non-pointer type ‘Bool32 {aka int}’ from NULL [-Wconversion-null]


 * QA Notice: Package triggers severe warnings which indicate that it
 *            may exhibit random runtime failures.
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/rdib/sources/cpp/CTDIB.cpp:640:7: warning: NULL used in arithmetic [-Wpointer-arith]


 * QA Notice: Package triggers severe warnings which indicate that it
 *            may exhibit random runtime failures.
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/std/src/stdleo.cpp:1488:114: warning: passing NULL to non-pointer argument 2 of ‘int WideCharToMultiByte(uint, uint32_t, const int16_t*, int, char*, int, const char*, pBool)’ [-Wconversion-null]
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/cimage/sources/main/ctimemory.cpp:104:23: warning: passing NULL to non-pointer argument 1 of ‘Bool32 CFIO_Init(uint16_t, Handle)’ [-Wconversion-null]/usr/bin/cmake -E cmake_progress_report /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-1.1.0_build/CMakeFiles
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/rimage/sources/main/crimemory.cpp:103:23: warning: passing NULL to non-pointer argument 1 of ‘Bool32 CFIO_Init(uint16_t, Handle)’ [-Wconversion-null]
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/rstuff/sources/main/rsmemory.cpp:117:23: warning: passing NULL to non-pointer argument 1 of ‘Bool32 CFIO_Init(uint16_t, Handle)’ [-Wconversion-null]
 * /var/tmp/portage/app-text/cuneiform-1.1.0-r1/work/cuneiform-linux-1.1.0/cuneiform_src/Kern/puma/c/debug.cpp:73:22: warning: passing NULL to non-pointer argument 3 of ‘void LDPUMA_RegistryHelp(Handle, const char*, Bool32)’ [-Wconversion-null]
Comment 7 Pacho Ramos gentoo-dev 2013-06-16 10:04:56 UTC 
Unccing treecleaners per https://bugs.gentoo.org/show_bug.cgi?id=473398#c5

Feel free to add us back when you feel this should be treecleaned
Comment 8 Larry the Git Cow gentoo-dev 2018-11-14 22:32:34 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8519bd2c58428d730f61140cd4a843ce68033b3

commit a8519bd2c58428d730f61140cd4a843ce68033b3
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2018-11-14 22:30:33 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2018-11-14 22:32:15 +0000

    app-text/cuneiform: Bugfixes from Fedora
    
    Closes: https://bugs.gentoo.org/421717
    Closes: https://bugs.gentoo.org/595010
    Closes: https://bugs.gentoo.org/670656
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 app-text/cuneiform/cuneiform-1.1.0-r3.ebuild       |  59 +++++++
 .../cuneiform-1.1.0-fix_buffer_overflow.patch      |  27 ++++
 .../cuneiform-1.1.0-fix_buffer_overflow_2.patch    |  18 +++
 .../cuneiform/files/cuneiform-1.1.0-gcc6.patch     | 177 +++++++++++++++++++++
 .../cuneiform/files/cuneiform-1.1.0-gcc7.patch     | 102 ++++++++++++
 .../cuneiform/files/cuneiform-1.1.0-typos.patch    |  54 +++++++
 6 files changed, 437 insertions(+)