[Bug 2089779] Re: Buffer overflow in autopkgtest of wesnoth

Christian Ehrhardt  2089779 at bugs.launchpad.net
Thu Nov 28 08:40:57 UTC 2024 

The crash itself is, despite debuginfod, not more informative than the
following:

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=<optimized out>, signo=signo at entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff6a4519e in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff6a28902 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff6a2976c in __libc_message_impl (fmt=fmt at entry=0x7ffff6bdc770 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132
#6  0x00007ffff6b41049 in __GI___fortify_fail (msg=msg at entry=0x7ffff6bdc757 "buffer overflow detected") at ./debug/fortify_fail.c:24
#7  0x00007ffff6b409e4 in __GI___chk_fail () at ./debug/chk_fail.c:28
#8  0x00007ffff6b42459 in __strlcpy_chk (s1=<optimized out>, s2=<optimized out>, n=<optimized out>, s1len=<optimized out>) at ./debug/strlcpy_chk.c:28
#9  0x00007ffff7ba4ddb in ?? () from /lib/x86_64-linux-gnu/libSDL2-2.0.so.0
#10 0x00007ffff7ba5152 in ?? () from /lib/x86_64-linux-gnu/libSDL2-2.0.so.0
#11 0x00007ffff7b55f07 in ?? () from /lib/x86_64-linux-gnu/libSDL2-2.0.so.0
#12 0x00007ffff7a42017 in ?? () from /lib/x86_64-linux-gnu/libSDL2-2.0.so.0
#13 0x0000555555e49e10 in ?? ()
#14 0x00005555558f2d94 in ?? ()
#15 0x0000555555884333 in main ()


But as assumed it seems to come through libsdl which is linked like that:

$ ldd /usr/games/wesnoth-1.18 | grep -i sdl
	libSDL2_image-2.0.so.0 => /lib/x86_64-linux-gnu/libSDL2_image-2.0.so.0 (0x000073715d578000)
	libSDL2-2.0.so.0 => /lib/x86_64-linux-gnu/libSDL2-2.0.so.0 (0x000073715c000000)
	libSDL2_mixer-2.0.so.0 => /lib/x86_64-linux-gnu/libSDL2_mixer-2.0.so.0 (0x000073715d54d000)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/2089779

Title:
  Buffer overflow in autopkgtest of wesnoth

Status in boost1.83 package in Ubuntu:
  New
Status in libsdl2 package in Ubuntu:
  Incomplete
Status in python3-defaults package in Ubuntu:
  New
Status in wesnoth package in Ubuntu:
  Triaged
Status in wesnoth-1.18 package in Ubuntu:
  New

Bug description:
  https://objectstorage.prodstack5.canonical.com/swift/v1/AUTH_0f9aae918d5b4744bf7b827671c86842/autopkgtest-
  plucky/plucky/amd64/w/wesnoth-1.18/20241127_064901_ac814@/log.gz

  Repeats on reruns triggered by others.
  Blocks multiple migrations, atm
  - libsdl2
  - python3-defaults
  - boost1.83

  Unblocking all of these is surely worth it :-)
  I'll have a look tomorrow.

  229s autopkgtest [06:48:46]: test command1: /usr/games/wesnoth-1.18 -m --controller 1:ai --controller 2:ai --nogui
  229s autopkgtest [06:48:46]: test command1: [-----------------------
  229s Battle for Wesnoth v1.18.3 x86_64
  229s Started on Wed Nov 27 06:48:46 2024
  229s 
  229s Automatically found a possible data directory at: /tmp/autopkgtest.kgIWzV/build.Cyz/src
  229s 
  229s Data directory:               /tmp/autopkgtest.kgIWzV/build.Cyz/src
  229s User configuration directory: /home/USER/.config/wesnoth-1.18
  229s User data directory:          /home/USER/.config/wesnoth-1.18
  229s Cache directory:              /home/USER/.config/wesnoth-1.18/cache
  229s 
  229s 
  229s error: XDG_RUNTIME_DIR is invalid or not set in the environment.
  229s *** buffer overflow detected ***: terminated
  230s Aborted (core dumped)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/boost1.83/+bug/2089779/+subscriptions

More information about the foundations-bugs mailing list