Open Quadsam opened 3 weeks ago
Getting a buffer overflow and coredump, not sure what is causing the issue yet.
Seems to be when writing to the status variable
status
Coredump info coredumpctl info 1963
coredumpctl info 1963
PID: 1963 (dmenustatus) UID: 1000 (quadsam) GID: 1000 (quadsam) Signal: 6 (ABRT) Timestamp: Sun 2024-08-18 12:17:25 MDT (8min ago) Command Line: /usr/bin/dmenustatus -f -q Executable: /usr/bin/dmenustatus Control Group: /user.slice/user-1000.slice/session-3.scope Unit: session-3.scope Slice: user-1000.slice Session: 3 Owner UID: 1000 (quadsam) Boot ID: 3406a54e8da94db59462c720ba6752cb Machine ID: ad8d4ef758a94aa392d9417cd7457b6d Hostname: pegasus Storage: /var/lib/systemd/coredump/core.dmenustatus.1000.3406a54e8da94db59462c720ba6752cb.1963.1724005045000000.zst (present) Size on Disk: 40.2K Message: Process 1963 (dmenustatus) of user 1000 dumped core. Stack trace of thread 1963: #0 0x0000716af519d3f4 n/a (libc.so.6 + 0x963f4) #1 0x0000716af5144120 raise (libc.so.6 + 0x3d120) #2 0x0000716af512b4c3 abort (libc.so.6 + 0x244c3) #3 0x0000716af512c354 n/a (libc.so.6 + 0x25354) #4 0x0000716af522c799 __fortify_fail (libc.so.6 + 0x125799) #5 0x0000716af522c124 __chk_fail (libc.so.6 + 0x125124) #6 0x0000716af522db1a __strcat_chk (libc.so.6 + 0x126b1a) #7 0x00005c658482c381 strcat (dmenustatus + 0x1381) #8 0x0000716af512ce08 n/a (libc.so.6 + 0x25e08) #9 0x0000716af512cecc __libc_start_main (libc.so.6 + 0x25ecc) #10 0x00005c658482c945 _start (dmenustatus + 0x1945) ELF object binary architecture: AMD x86-64
Backtrace from GDB gdb> thread apply all backtrace full
gdb> thread apply all backtrace full
Thread 1 (Thread 0x716af50ce2c0 (LWP 1963)): #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 tid = <optimized out> ret = 0 pd = <optimized out> old_mask = {__val = {23}} ret = <optimized out> #1 0x0000716af519d463 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 No locals. #2 0x0000716af5144120 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 ret = <optimized out> #3 0x0000716af512b4c3 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {6786648855210017280, 0, 140721397189936, 101591911342992, 101591911411072, 100, 32, 140721397190128, 124704192526143, 101591911343744, 101591911343751, 101591911343752, 0, 140720308486146, 124704193122162, 1088703904}}, sa_flags = 907723264, sa_restorer = 0xb} #4 0x0000716af512c354 in __libc_message_impl (fmt=fmt@entry=0x716af52ba16c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132 ap = {{gp_offset = 16, fp_offset = 23653, overflow_arg_area = 0x7ffc40e44ec0, reg_save_area = 0x7ffc40e44e50}} fd = 2 iov = {{iov_base = 0x716af52ba16c, iov_len = 4}, {iov_base = 0x716af52ba153, iov_len = 24}, {iov_base = 0x716af52ba172, iov_len = 17}, {iov_base = 0x3000000030, iov_len = 140721397190376}, {iov_base = 0x7ffc40e44e20, iov_len = 6786648855210017280}, {iov_base = 0x7ffc40e44e60, iov_len = 124704192628220}, {iov_base = 0x5c65b5c98010, iov_len = 528}} iovcnt = <optimized out> total = <optimized out> cp = <optimized out> #5 0x0000716af522c799 in __GI___fortify_fail (msg=msg@entry=0x716af52ba153 "buffer overflow detected") at fortify_fail.c:24 No locals. #6 0x0000716af522c124 in __GI___chk_fail () at chk_fail.c:28 No locals. #7 0x0000716af522db1a in __strcat_chk (dest=dest@entry=0x5c65b5c9a390 " 12:17:25 PM | 08/18/2024 | 100°C | 100% ", src=src@entry=0x5c65b5c9a680 "| 100% ", destlen=<optimized out>, destlen@entry=42) at strcat_chk.c:34 s1 = <optimized out> s2 = <optimized out> c = <optimized out> #8 0x00005c658482c381 in strcat (__dest=0x5c65b5c9a390 " 12:17:25 PM | 08/18/2024 | 100°C | 100% ", __src=0x5c65b5c9a680 "| 100% ") at /usr/include/bits/string_fortified.h:140 No locals. #9 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/dmenustatus/dmenustatus/src/dmenustatus.c:87 step = 1 status = 0x5c65b5c9a390 " 12:17:25 PM | 08/18/2024 | 100°C | 100% " datetime_buff = 0x5c65b5c9a9a0 " 12:17:25 PM | 08/18/2024 " cputemp_buff = 0x5c65b5c9a450 "| 100°C " battery_buff = 0x5c65b5c9a680 "| 100% "
Issue is at line 87 of dmenustatus.c, when writing the battery_buff to status
dmenustatus.c
battery_buff
https://github.com/Quadsam/dmenu-statusbar/blob/c1a6ea8f9f6a37cd6148c38a253e6f9400cc8761/src/dmenustatus.c#L87
Getting a buffer overflow and coredump, not sure what is causing the issue yet.
Seems to be when writing to the
status
variableLogs
Coredump info
coredumpctl info 1963
Backtrace from GDB
gdb> thread apply all backtrace full