[Bug 1208937] New: mtr aborts when run in reporting mode

https://bugzilla.suse.com/show_bug.cgi?id=1208937 Bug ID: 1208937 Summary: mtr aborts when run in reporting mode Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: srinidhi.bs@microfocus.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The "mtr -r" command aborts with a buffer overflow error on Tumbleweed. It has been happening for a few weeks now. I could get the stacktrace generated only today. # gdb --args mtr -4 -r 20 www.google.com GNU gdb (GDB; openSUSE Tumbleweed) 12.1 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-suse-linux". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://bugs.opensuse.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from mtr... This GDB supports auto-downloading debuginfo from the following URLs: https://debuginfod.opensuse.org/ Enable debuginfod for this session? (y or [n]) y Debuginfod has been enabled. To make this setting permanent, add 'set debuginfod enabled on' to .gdbinit. Downloading 0.16 MB separate debug info for /root/mtr Reading symbols from /root/.cache/debuginfod_client/bccc549d0f1bec15d00c166d1b1994fdf23574ee/debuginfo... Downloading 0.04 MB separate debug info for /root/.cache/debuginfod_client/bccc549d0f1bec15d00c166d1b1994fdf23574ee/debuginfo (gdb) r Starting program: /usr/sbin/mtr -4 -r 20 www.google.com [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [Detaching after fork from child process 23026] [Detaching after fork from child process 23027] Start: 2023-03-04T10:35:20+0530 *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0; Missing separate debuginfos, use: zypper install mtr-debuginfo-0.95-1.5.x86_64 (gdb) t a a bt Thread 1 (Thread 0x7ffff7c6d740 (LWP 23022) "mtr"): #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007ffff7d00503 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007ffff7cade16 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff7c9689c in __GI_abort () at abort.c:79 #4 0x00007ffff7c975d7 in __libc_message (fmt=fmt@entry=0x7ffff7e1b552 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007ffff7d95c4b in __GI___fortify_fail (msg=msg@entry=0x7ffff7e1b4f8 "buffer overflow detected") at fortify_fail.c:24 #6 0x00007ffff7d940c6 in __GI___chk_fail () at chk_fail.c:28 #7 0x00007ffff7d93c35 in ___snprintf_chk (s=s@entry=0x7fffffffc2a1 " ", maxlen=maxlen@entry=1024, flag=flag@entry=2, slen=slen@entry=991, format=format@entry=0x7fffffffc130 "%6s") at snprintf_chk.c:29 #8 0x000055555555f24e in snprintf (__fmt=0x7fffffffc130 "%6s", __n=1024, __s=0x7fffffffc2a1 " ") at /usr/include/bits/stdio2.h:54 #9 report_close (ctl=0x7fffffffd150) at ui/report.c:143 #10 0x000055555555a103 in main (argc=<optimized out>, argv=<optimized out>) at ui/mtr.c:828 (gdb) q A debugging session is active. Inferior 1 [process 23022] will be killed. Quit anyway? (y or n) y # tumbleweed status latest : 20230302 target : 20230221 installed: 20230221 -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1208937 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com Assignee|screening-team-bugs@suse.de |danilo.spinella@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1208937 https://bugzilla.suse.com/show_bug.cgi?id=1208937#c2 --- Comment #2 from Marcus Meissner <meissner@suse.com> --- you built it without overflow checking ;) anyway, fixed like this in factory: +- snprintf(buf + len, sizeof(buf), fmt, data_fields[j].title); ++ snprintf(buf + len, sizeof(buf) - len, fmt, data_fields[j].title); -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1208937 https://bugzilla.suse.com/show_bug.cgi?id=1208937#c3 Danilo Spinella <danilo.spinella@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Danilo Spinella <danilo.spinella@suse.com> --- Thanks for the report Srinidhi. Since it has now been fixed in TW, I am closing this bug. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1208937 https://bugzilla.suse.com/show_bug.cgi?id=1208937#c6 --- Comment #6 from Marcus Meissner <meissner@suse.com> --- https://github.com/traviscross/mtr/pull/468 -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1208937 https://bugzilla.suse.com/show_bug.cgi?id=1208937#c7 --- Comment #7 from Eugene Popov <popov895@ukr.net> --- Thanks! -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com