[Bug 2089779] Re: Buffer overflow in autopkgtest of wesnoth

Christian Ehrhardt  2089779 at bugs.launchpad.net
Mon Dec 2 13:16:21 UTC 2024 

Interesting build warning

libtool: link: ranlib build/.libs/libSDL2_test.a
libtool: link: ( cd "build/.libs" && rm -f "libSDL2_test.la" && ln -s "../libSDL2_test.la" "libSDL2_test.la" )
In function 'SDL_memcpy_REAL',
    inlined from 'SDL_SetCurrentDisplayMode' at /home/ubuntu/SDL/src/video/SDL_video.c:869:5,
    inlined from 'display_handle_done' at /home/ubuntu/SDL/src/video/wayland/SDL_waylandvideo.c:652:5:
/home/ubuntu/SDL/src/stdlib/SDL_stdlib.c:527:12: warning: '__builtin_memcpy' writing 24 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
  527 |     return __builtin_memcpy(dst, src, len);
      |            ^
In function 'display_handle_done':
lto1: note: destination object is likely at address zero


And GDB has at least some SDL info now:

Thread 1 "wesnoth-1.18" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
warning: 44	./nptl/pthread_kill.c: No such file or directory
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=<optimized out>, signo=signo at entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff6a4519e in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff6a28902 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff6a2976c in __libc_message_impl (fmt=fmt at entry=0x7ffff6bdc770 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132
#6  0x00007ffff6b41049 in __GI___fortify_fail (msg=msg at entry=0x7ffff6bdc757 "buffer overflow detected") at ./debug/fortify_fail.c:24
#7  0x00007ffff6b409e4 in __GI___chk_fail () at ./debug/chk_fail.c:28
#8  0x00007ffff6b42459 in __strlcpy_chk (s1=<optimized out>, s2=s2 at entry=0x7ffff7c82e60 <kmsdrm_dri_devname> "card", n=<optimized out>, s1len=<optimized out>) at ./debug/strlcpy_chk.c:28
#9  0x00007ffff7ba4ddb in strlcpy (__dest=<optimized out>, __src=0x7ffff7c82e60 <kmsdrm_dri_devname> "card", __n=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:168
#10 SDL_strlcpy_REAL (dst=<optimized out>, src=0x7ffff7c82e60 <kmsdrm_dri_devname> "card", maxlen=<optimized out>) at /home/ubuntu/SDL/src/stdlib/SDL_string.c:546
#11 get_driindex () at /home/ubuntu/SDL/src/video/kmsdrm/SDL_kmsdrmvideo.c:98
#12 0x00007ffff7ba5152 in KMSDRM_Available () at /home/ubuntu/SDL/src/video/kmsdrm/SDL_kmsdrmvideo.c:204
#13 KMSDRM_CreateDevice () at /home/ubuntu/SDL/src/video/kmsdrm/SDL_kmsdrmvideo.c:230
#14 0x00007ffff7b55f07 in SDL_VideoInit_REAL (driver_name=<optimized out>) at /home/ubuntu/SDL/src/video/SDL_video.c:528
#15 0x00007ffff7a42017 in SDL_InitSubSystem_REAL (flags=32) at /home/ubuntu/SDL/src/SDL.c:277
#16 0x0000555555e49e10 in ??? ()
#17 0x00005555558f2d94 in ??? ()
#18 0x0000555555884333 in main ()

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/2089779

Title:
  Buffer overflow in autopkgtest of wesnoth

Status in boost1.83 package in Ubuntu:
  Fix Released
Status in libsdl2 package in Ubuntu:
  Confirmed
Status in python3-defaults package in Ubuntu:
  Fix Released
Status in wesnoth package in Ubuntu:
  Triaged
Status in wesnoth-1.18 package in Ubuntu:
  Triaged

Bug description:
  https://objectstorage.prodstack5.canonical.com/swift/v1/AUTH_0f9aae918d5b4744bf7b827671c86842/autopkgtest-
  plucky/plucky/amd64/w/wesnoth-1.18/20241127_064901_ac814@/log.gz

  Repeats on reruns triggered by others.
  Blocks multiple migrations, atm
  - libsdl2
  - python3-defaults
  - boost1.83

  Unblocking all of these is surely worth it :-)
  I'll have a look tomorrow.

  229s autopkgtest [06:48:46]: test command1: /usr/games/wesnoth-1.18 -m --controller 1:ai --controller 2:ai --nogui
  229s autopkgtest [06:48:46]: test command1: [-----------------------
  229s Battle for Wesnoth v1.18.3 x86_64
  229s Started on Wed Nov 27 06:48:46 2024
  229s 
  229s Automatically found a possible data directory at: /tmp/autopkgtest.kgIWzV/build.Cyz/src
  229s 
  229s Data directory:               /tmp/autopkgtest.kgIWzV/build.Cyz/src
  229s User configuration directory: /home/USER/.config/wesnoth-1.18
  229s User data directory:          /home/USER/.config/wesnoth-1.18
  229s Cache directory:              /home/USER/.config/wesnoth-1.18/cache
  229s 
  229s 
  229s error: XDG_RUNTIME_DIR is invalid or not set in the environment.
  229s *** buffer overflow detected ***: terminated
  230s Aborted (core dumped)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/boost1.83/+bug/2089779/+subscriptions

More information about the foundations-bugs mailing list