search

adrianlopezroche / fdupes

FDUPES is a program for identifying or deleting duplicate files residing within specified directories.
2.48k stars 186 forks source link

Fortify kills the deletefiles function with buffer overflow #193

Closed MTRNord closed 3 months ago

MTRNord commented 3 months ago

Hi on fedora 40 it seems like fdupes is being killed by the fortify features due to a buffer overflow.

The gdb output for this is:

Starting program: /usr/bin/fdupes -rd --noprompt --cache /run/media/marcel/ntfs_recovered/recup_dir.1
[Thread debugging using libthread_db enabled]                                                                                                                                                                        
Using host libthread_db library "/lib64/libthread_db.so.1".

   [+] /run/media/marcel/ntfs_recovered/recup_dir.1/f6435600.png
   [-] /run/media/marcel/ntfs_recovered/recup_dir.1/f6588496.png
*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
Downloading source file /usr/src/debug/glibc-2.39-15.fc40.x86_64/nptl/pthread_kill.c
44       return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;                                                                                                                              
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff7bfc1b3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  0x00007ffff7ba465e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff7b8c902 in __GI_abort () at abort.c:79
#4  0x00007ffff7b8d767 in __libc_message_impl (fmt=fmt@entry=0x7ffff7d1316e "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132
#5  0x00007ffff7c88529 in __GI___fortify_fail (msg=msg@entry=0x7ffff7d13155 "buffer overflow detected") at fortify_fail.c:24
#6  0x00007ffff7c87ec4 in __GI___chk_fail () at chk_fail.c:28
#7  0x000055555555e3e2 in strcat (__dest=0x555555601020 "/run/media/marcel/ntfs_recovered/recup_dir.1/", __src=0x55555559d940 "f6588496.png") at /usr/include/bits/string_fortified.h:130
#8  getrealpath (path=<optimized out>, options=options@entry=1) at /usr/src/debug/fdupes-2.3.0-1.fc40.x86_64/getrealpath.c:177
#9  0x000055555555eea6 in deletefiles (files=<optimized out>, prompt=prompt@entry=0, tty=tty@entry=0x0, logfile=logfile@entry=0x0) at /usr/src/debug/fdupes-2.3.0-1.fc40.x86_64/fdupes.c:1134
#10 0x0000555555559da5 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/fdupes-2.3.0-1.fc40.x86_64/fdupes.c:1881

the folder contains 498 files and it is consistently reproducible. The fs is btrfs.

adrianlopezroche commented 3 months ago

I've added a commit 732404d4447f32a69b8ceee10d1fcdcfef52c616 that should fix this.

MTRNord commented 3 months ago

Thank you!