Summary: | sys-apps/busybox: src_compile fails with FORTIFY_SOURCE=3 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sam James <sam> |
Component: | Current packages | Assignee: | Embedded Gentoo Team <embedded> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arsen |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.busybox.net/pipermail/busybox/2023-February/090173.html | ||
See Also: |
https://bugs.busybox.net/show_bug.cgi?id=15326 https://bugs.gentoo.org/show_bug.cgi?id=930512 https://bugs.gentoo.org/show_bug.cgi?id=930513 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 847148 | ||
Attachments: |
build.log
[PATCH] fixdep: avoid underflow when end of entry doesn't coincide |
Description
Sam James
2023-02-10 01:38:34 UTC
(gdb) bt #0 0x00007fd815dadf0c in ?? () from /usr/lib64/libc.so.6 #1 0x00007fd815d5cae6 in raise () from /usr/lib64/libc.so.6 #2 0x00007fd815d45877 in abort () from /usr/lib64/libc.so.6 #3 0x00007fd815d467b8 in ?? () from /usr/lib64/libc.so.6 #4 0x00007fd815e4115b in __fortify_fail () from /usr/lib64/libc.so.6 #5 0x00007fd815e3f8c6 in __chk_fail () from /usr/lib64/libc.so.6 #6 0x000056146f574b92 in parse_dep_file () #7 0x000056146f574dd9 in print_deps () #8 0x000056146f5742d8 in main () (gdb) quit ``` /var/tmp/portage/sys-apps/busybox-1.34.1-r1/work/busybox-1.34.1 # scripts/basic/fixdep scripts/basic/.docproc.d scripts/basic/docproc $'x86_64-pc-linux-gnu-gcc -Wp,-MD,scripts/basic/.docproc.d -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o scripts/basic/docproc scripts/basic/docproc.c ' cmd_scripts/basic/docproc := x86_64-pc-linux-gnu-gcc -Wp,-MD,scripts/basic/.docproc.d -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o scripts/basic/docproc scripts/basic/docproc.c deps_scripts/basic/docproc := \ scripts/basic/docproc.c \ /usr/include/gentoo/fortify.h \ /usr/include/stdio.h \ /usr/include/bits/libc-header-start.h \ /usr/include/features.h \ /usr/include/features-time64.h \ /usr/include/bits/wordsize.h \ /usr/include/bits/timesize.h \ /usr/include/stdc-predef.h \ /usr/include/sys/cdefs.h \ /usr/include/bits/long-double.h \ /usr/include/gnu/stubs.h \ /usr/include/gnu/stubs-64.h \ /usr/lib/llvm/16/bin/../../../../lib/clang/16/include/stddef.h \ /usr/lib/llvm/16/bin/../../../../lib/clang/16/include/stdarg.h \ /usr/include/bits/types.h \ /usr/include/bits/typesizes.h \ /usr/include/bits/time64.h \ /usr/include/bits/types/__fpos_t.h \ /usr/include/bits/types/__mbstate_t.h \ /usr/include/bits/types/__fpos64_t.h \ /usr/include/bits/types/__FILE.h \ /usr/include/bits/types/FILE.h \ /usr/include/bits/types/struct_FILE.h \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/floatn.h \ /usr/include/bits/floatn-common.h \ /usr/include/bits/stdio2-decl.h \ /usr/include/bits/stdio.h \ /usr/include/bits/stdio2.h \ /usr/include/stdlib.h \ /usr/include/bits/waitflags.h \ /usr/include/bits/waitstatus.h \ /usr/include/sys/types.h \ /usr/include/bits/types/clock_t.h \ /usr/include/bits/types/clockid_t.h \ /usr/include/bits/types/time_t.h \ /usr/include/bits/types/timer_t.h \ /usr/include/bits/stdint-intn.h \ /usr/include/endian.h \ /usr/include/bits/endian.h \ /usr/include/bits/endianness.h \ /usr/include/bits/byteswap.h \ /usr/include/bits/uintn-identity.h \ /usr/include/sys/select.h \ /usr/include/bits/select.h \ /usr/include/bits/types/sigset_t.h \ /usr/include/bits/types/__sigset_t.h \ /usr/include/bits/types/struct_timeval.h \ /usr/include/bits/types/struct_timespec.h \ /usr/include/bits/select2.h \ /usr/include/bits/pthreadtypes.h \ /usr/include/bits/thread-shared-types.h \ /usr/include/bits/pthreadtypes-arch.h \ /usr/include/bits/atomic_wide_counter.h \ /usr/include/bits/struct_mutex.h \ /usr/include/bits/struct_rwlock.h \ /usr/include/alloca.h \ /usr/include/bits/stdlib-bsearch.h \ /usr/include/bits/stdlib-float.h \ /usr/include/bits/stdlib.h \ /usr/include/string.h \ /usr/include/bits/types/locale_t.h \ /usr/include/bits/types/__locale_t.h \ /usr/include/strings.h \ /usr/include/bits/strings_fortified.h \ /usr/include/bits/string_fortified.h \ /usr/include/ctype.h \ /usr/include/unistd.h \ /usr/include/bits/posix_opt.h \ /usr/include/bits/environments.h \ /usr/include/bits/confname.h \ /usr/include/bits/getopt_posix.h \ /usr/include/bits/getopt_core.h \ /usr/include/bits/unistd.h \ /usr/include/bits/unistd_ext.h \ /usr/lib/llvm/16/bin/../../../../lib/clang/16/include/limits.h \ /usr/include/limits.h \ /usr/include/bits/posix1_lim.h \ /usr/include/bits/local_lim.h \ /usr/include/linux/limits.h \ /usr/include/bits/pthread_stack_min-dynamic.h \ /usr/include/bits/pthread_stack_min.h \ /usr/include/bits/posix2_lim.h \ /usr/include/sys/wait.h \ /usr/include/signal.h \ /usr/include/bits/signum-generic.h \ /usr/include/bits/signum-arch.h \ /usr/include/bits/types/sig_atomic_t.h \ /usr/include/bits/types/siginfo_t.h \ /usr/include/bits/types/__sigval_t.h \ /usr/include/bits/siginfo-arch.h \ /usr/include/bits/siginfo-consts.h \ /usr/include/bits/types/sigval_t.h \ /usr/include/bits/types/sigevent_t.h \ /usr/include/bits/sigevent-consts.h \ /usr/include/bits/sigaction.h \ /usr/include/bits/sigcontext.h \ /usr/include/bits/types/stack_t.h \ /usr/include/sys/ucontext.h \ /usr/include/bits/sigstack.h \ /usr/include/bits/sigstksz.h \ /usr/include/bits/ss_flags.h \ /usr/include/bits/types/struct_sigstack.h \ /usr/include/bits/sigthread.h \ /usr/include/bits/signal_ext.h \ /usr/include/bits/types/idtype_t.h \ *** buffer overflow detected ***: terminated Aborted (core dumped) ``` I had to fiddle a bit to get fixdep to be built with debugging symbols (needed to set HOSTCFLAGS in a bunch of places). It happens with different files each time, it depends where it fails: ``` gdb --args scripts/basic/fixdep scripts/kconfig/.kxgettext.o.d scripts/kconfig/kxgettext.o $'x86_64-pc-linux-gnu-gcc -Wp,-MD,scripts/kconfig/.kxgettext.o.d -O2 -ggdb3 -c -o scripts/kconfig/kxgettext.o scripts/kconfig/kxgettext.c' cmd_scripts/kconfig/kxgettext.o := x86_64-pc-linux-gnu-gcc -Wp,-MD,scripts/kconfig/.kxgettext.o.d -O2 -ggdb3 -c -o scripts/kconfig/kxgettext.o scripts/kconfig/kxgettext.c deps_scripts/kconfig/kxgettext.o := \ scripts/kconfig/kxgettext.c \ /usr/include/gentoo/fortify.h \ /usr/include/stdlib.h \ /usr/include/bits/libc-header-start.h \ /usr/include/features.h \ /usr/include/features-time64.h \ /usr/include/bits/wordsize.h \ /usr/include/bits/timesize.h \ /usr/include/stdc-predef.h \ /usr/include/sys/cdefs.h \ /usr/include/bits/long-double.h \ /usr/include/gnu/stubs.h \ /usr/include/gnu/stubs-64.h \ /usr/lib/llvm/16/bin/../../../../lib/clang/16/include/stddef.h \ /usr/include/bits/waitflags.h \ /usr/include/bits/waitstatus.h \ /usr/include/bits/floatn.h \ /usr/include/bits/floatn-common.h \ /usr/include/sys/types.h \ /usr/include/bits/types.h \ /usr/include/bits/typesizes.h \ /usr/include/bits/time64.h \ /usr/include/bits/types/clock_t.h \ /usr/include/bits/types/clockid_t.h \ /usr/include/bits/types/time_t.h \ /usr/include/bits/types/timer_t.h \ /usr/include/bits/stdint-intn.h \ /usr/include/endian.h \ /usr/include/bits/endian.h \ /usr/include/bits/endianness.h \ /usr/include/bits/byteswap.h \ /usr/include/bits/uintn-identity.h \ /usr/include/sys/select.h \ /usr/include/bits/select.h \ /usr/include/bits/types/sigset_t.h \ /usr/include/bits/types/__sigset_t.h \ /usr/include/bits/types/struct_timeval.h \ /usr/include/bits/types/struct_timespec.h \ /usr/include/bits/select2.h \ /usr/include/bits/pthreadtypes.h \ /usr/include/bits/thread-shared-types.h \ /usr/include/bits/pthreadtypes-arch.h \ /usr/include/bits/atomic_wide_counter.h \ /usr/include/bits/struct_mutex.h \ /usr/include/bits/struct_rwlock.h \ /usr/include/alloca.h \ /usr/include/bits/stdlib-bsearch.h \ /usr/include/bits/stdlib-float.h \ /usr/include/bits/stdlib.h \ /usr/include/string.h \ /usr/include/bits/types/locale_t.h \ /usr/include/bits/types/__locale_t.h \ /usr/include/strings.h \ /usr/include/bits/strings_fortified.h \ /usr/include/bits/string_fortified.h \ scripts/kconfig/lkc.h \ scripts/kconfig/expr.h \ /usr/include/stdio.h \ /usr/lib/llvm/16/bin/../../../../lib/clang/16/include/stdarg.h \ /usr/include/bits/types/__fpos_t.h \ /usr/include/bits/types/__mbstate_t.h \ /usr/include/bits/types/__fpos64_t.h \ /usr/include/bits/types/__FILE.h \ /usr/include/bits/types/FILE.h \ /usr/include/bits/types/struct_FILE.h \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/stdio2-decl.h \ /usr/include/bits/stdio.h \ /usr/include/bits/stdio2.h \ /usr/lib/llvm/16/bin/../../../../lib/clang/16/include/stdbool.h \ /usr/include/libintl.h \ /usr/include/locale.h \ /usr/include/bits/locale.h \ scripts/kconfig/lkc_proto.h \ *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. 0x00007ffff7e40f0c in ?? () from /usr/lib64/libc.so.6 (gdb) bt #0 0x00007ffff7e40f0c in ?? () from /usr/lib64/libc.so.6 #1 0x00007ffff7defae6 in raise () from /usr/lib64/libc.so.6 #2 0x00007ffff7dd8877 in abort () from /usr/lib64/libc.so.6 #3 0x00007ffff7dd97b8 in ?? () from /usr/lib64/libc.so.6 #4 0x00007ffff7ed415b in __fortify_fail () from /usr/lib64/libc.so.6 #5 0x00007ffff7ed28c6 in __chk_fail () from /usr/lib64/libc.so.6 #6 0x0000555555555b92 in memcpy (__len=18446744073709551614, __src=<optimized out>, __dest=0x7fffffffd5f0) at /usr/include/bits/string_fortified.h:29 #7 parse_dep_file (map=map@entry=0x7ffff7fc3000, len=<optimized out>) at scripts/basic/fixdep.c:341 #8 0x0000555555555dd9 in print_deps () at scripts/basic/fixdep.c:379 #9 0x00005555555552d8 in main (argc=<optimized out>, argv=<optimized out>) at scripts/basic/fixdep.c:411 (gdb) ``` Smaller steps to repro: 1. make HOSTCFLAGS="-O2 -ggdb3 -D_FORTIFY_SOURCE=3" scripts_basic 2. cp /tmp/kxgettext.o.d scripts/kconfig/.kxgettext.o.d # with /tmp/kxgettext.o.d as http://sprunge.us/MImodt 3. scripts/basic/fixdep scripts/kconfig/.kxgettext.o.d scripts/kconfig/kxgettext.o $'x86_64-pc-linux-gnu-gcc -Wp,-MD,scripts/kconfig/.kxgettext.o.d -O2 -ggdb3 -c -o scripts/kconfig/kxgettext.o scripts/kconfig/kxgettext.c' --- http://sprunge.us/MImodt: ``` /tmp/garbage: \ /usr/include/stdlib.h \ ``` Created attachment 853510 [details, diff]
[PATCH] fixdep: avoid underflow when end of entry doesn't coincide
this is an underflow that happens in the parse_dep_file function in fixdep.c.
this function works by approximately parsing the dependency list of the make
target in a file with a primitive algorithm. this algorithm scans over the
string and does the following:
while the end of string is not reached:
skip any character matching [ \\\n\r] within the bounds of the string
save that position as p and SOI
skip from the start of p to the first space following it, or the EOS
if that process reached EOS:
walk back p until the first char after an alphanumeric (!!!)
memcpy (s, SOI, p - SOI)
...
the line marked with (!!!) ignores the fact that SOI does not necessarily point
before any alphanumeric characters, and so, can move p to be before SOI.
should that happen, ``p - SOI'' underflows. the lack of alphanumeric
characters in the [SOI, EOS) range implies that there's no more filenames that
are to be printed as dependencies (assuming that filenames start with
alphanumerics..), and so, the parser should terminate at this point
this edge case can be easily triggered by simply placing whitespace characters
that follow the last name in the dependency list, for instance (<SPC> for
emphasis):
a: \
scripts/kconfig/kxgettext.c foo<SPC><SPC><SPC>
in general, this program seems highly trusting of its input, though, so I
imagine it could easily break should compilers decide to emit something
slightly different for any reason
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d7891fb673467a8f74f7aec5a5bc166b078e2ae commit 0d7891fb673467a8f74f7aec5a5bc166b078e2ae Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-12 07:33:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-12 07:35:04 +0000 sys-apps/busybox: backport FORTIFY_SOURCE=3 (build) fix; ed UB fix Closes: https://bugs.gentoo.org/893776 Thanks-to: Arsen Arsenović <arsen@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> sys-apps/busybox/busybox-1.34.1-r2.ebuild | 367 ++++++++++++++++++++ sys-apps/busybox/busybox-1.35.0-r2.ebuild | 368 +++++++++++++++++++++ .../busybox-1.36.0-ed-memcpy-overlapping.patch | 38 +++ .../busybox-1.36.0-fortify-source-3-fixdep.patch | 32 ++ 4 files changed, 805 insertions(+) |