Closed dankamongmen closed 4 years ago
Hah, nope, I'm drawing this on Debian also. Whoops! Let's get thsi fixed ASAP.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff742a535 in __GI_abort () at abort.c:79
#2 0x00007ffff7480db8 in __libc_message (action=<optimized out>,
fmt=fmt@entry=0x7ffff758b8a2 "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff750f81d in __GI___fortify_fail_abort (
need_backtrace=need_backtrace@entry=true,
msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
at fortify_fail.c:28
#4 0x00007ffff750f851 in __GI___fortify_fail (
msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
at fortify_fail.c:44
#5 0x00007ffff750e230 in __GI___chk_fail () at chk_fail.c:28
#6 0x00007ffff7479a09 in _IO_str_chk_overflow (fp=<optimized out>,
c=<optimized out>) at iovsprintf.c:35
#7 0x00007ffff746f62f in __vfprintf_internal (s=s@entry=0x7ffff6662670,
format=format@entry=0x55555558c37b "%ju.%02ju%c%c",
ap=ap@entry=0x7ffff66627b0, mode_flags=mode_flags@entry=6)
at ../libio/libioP.h:903
#8 0x00007ffff7479ab0 in __vsprintf_internal (
string=0x7ffff6662abb "106.30G", maxlen=<optimized out>,
format=0x55555558c37b "%ju.%02ju%c%c", args=args@entry=0x7ffff66627b0,
mode_flags=6) at iovsprintf.c:96
#9 0x00007ffff750dd57 in ___sprintf_chk (s=<optimized out>,
flag=<optimized out>, slen=<optimized out>, format=<optimized out>)
at sprintf_chk.c:40
#10 0x0000555555576e32 in sprintf (__fmt=0x55555558c37b "%ju.%02ju%c%c",
__s=0x7ffff6662abb "106.30G")
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36
#11 enmetric (decimal=1, uprefix=0, mult=1000, omitdec=1,
buf=0x7ffff6662abb "106.30G", val=<optimized out>)
at /usr/include/outcurses.h:172
#12 qprefix (omitdec=1, buf=0x7ffff6662abb "106.30G", decimal=1,
val=<optimized out>) at /usr/include/outcurses.h:191
#13 print_blockbar (sx=13, selected=0, ex=78, y=2, bo=0x7fffd8007520,
w=<optimized out>) at src/ncurses.c:1033
#14 print_dev (bo=0x7fffd8007520, line=2, rows=<optimized out>, cols=80,
topp=0, endp=0, rb=<optimized out>, rb=<optimized out>)
at src/ncurses.c:1424
#15 0x0000555555578cd7 in print_adapter_devs (endp=0, topp=0, cols=80, rows=5,
as=0x7fffd8010d80) at src/ncurses.c:1485
#16 redraw_adapter (rb=<optimized out>) at src/ncurses.c:1608
#17 0x000055555557ee1f in block_callback (d=<optimized out>, v=<optimized out>)
at src/ncurses.c:6842
#18 0x000055555556039d in rescan (d=0x7fffd8000b60, name=<optimized out>)
at src/growlight.c:1136
#19 rescan (name=<optimized out>, d=<optimized out>) at src/growlight.c:918
#20 0x000055555556166c in create_new_device_inner (
name=0x555555641b50 "nvme0n1") at src/growlight.c:1154
#21 create_new_device (name=name@entry=0x555555641b50 "nvme0n1")
at src/growlight.c:1196
#22 0x00005555555618e1 in lookup_device (name=0x555555641b50 "nvme0n1")
at src/growlight.c:1266
#23 lookup_device (name=<optimized out>) at src/growlight.c:1218
#24 0x00005555555632af in scan_device (name=0x555555641b50)
at src/growlight.c:1398
#25 0x00007ffff75cdfb7 in start_thread (arg=<optimized out>)
at pthread_create.c:486
#26 0x00007ffff74ff2ef in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff742a535 in __GI_abort () at abort.c:79
#2 0x00007ffff7480db8 in __libc_message (action=<optimized out>,
fmt=fmt@entry=0x7ffff758b8a2 "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff750f81d in __GI___fortify_fail_abort (
need_backtrace=need_backtrace@entry=true,
msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
at fortify_fail.c:28
#4 0x00007ffff750f851 in __GI___fortify_fail (
msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
at fortify_fail.c:44
#5 0x00007ffff750e230 in __GI___chk_fail () at chk_fail.c:28
#6 0x00007ffff7479a09 in _IO_str_chk_overflow (fp=<optimized out>,
c=<optimized out>) at iovsprintf.c:35
#7 0x00007ffff746f62f in __vfprintf_internal (s=s@entry=0x7ffff6662670,
format=format@entry=0x55555558c37b "%ju.%02ju%c%c",
ap=ap@entry=0x7ffff66627b0, mode_flags=mode_flags@entry=6)
at ../libio/libioP.h:903
#8 0x00007ffff7479ab0 in __vsprintf_internal (
string=0x7ffff6662abb "106.30G", maxlen=<optimized out>,
format=0x55555558c37b "%ju.%02ju%c%c", args=args@entry=0x7ffff66627b0,
mode_flags=6) at iovsprintf.c:96
#9 0x00007ffff750dd57 in ___sprintf_chk (s=<optimized out>,
flag=<optimized out>, slen=<optimized out>, format=<optimized out>)
at sprintf_chk.c:40
#10 0x0000555555576e32 in sprintf (__fmt=0x55555558c37b "%ju.%02ju%c%c",
__s=0x7ffff6662abb "106.30G")
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36
#11 enmetric (decimal=1, uprefix=0, mult=1000, omitdec=1,
buf=0x7ffff6662abb "106.30G", val=<optimized out>)
at /usr/include/outcurses.h:172
#12 qprefix (omitdec=1, buf=0x7ffff6662abb "106.30G", decimal=1,
val=<optimized out>) at /usr/include/outcurses.h:191
#13 print_blockbar (sx=13, selected=0, ex=78, y=2, bo=0x7fffd8007520,
w=<optimized out>) at src/ncurses.c:1033
#14 print_dev (bo=0x7fffd8007520, line=2, rows=<optimized out>, cols=80,
topp=0, endp=0, rb=<optimized out>, rb=<optimized out>)
at src/ncurses.c:1424
#15 0x0000555555578cd7 in print_adapter_devs (endp=0, topp=0, cols=80, rows=5,
as=0x7fffd8010d80) at src/ncurses.c:1485
#16 redraw_adapter (rb=<optimized out>) at src/ncurses.c:1608
#17 0x000055555557ee1f in block_callback (d=<optimized out>, v=<optimized out>)
at src/ncurses.c:6842
#18 0x000055555556039d in rescan (d=0x7fffd8000b60, name=<optimized out>)
at src/growlight.c:1136
#19 rescan (name=<optimized out>, d=<optimized out>) at src/growlight.c:918
#20 0x000055555556166c in create_new_device_inner (
name=0x555555641b50 "nvme0n1") at src/growlight.c:1154
#21 create_new_device (name=name@entry=0x555555641b50 "nvme0n1")
at src/growlight.c:1196
#22 0x00005555555618e1 in lookup_device (name=0x555555641b50 "nvme0n1")
at src/growlight.c:1266
#23 lookup_device (name=<optimized out>) at src/growlight.c:1218
#24 0x00005555555632af in scan_device (name=0x555555641b50)
at src/growlight.c:1398
#25 0x00007ffff75cdfb7 in start_thread (arg=<optimized out>)
at pthread_create.c:486
#26 0x00007ffff74ff2ef in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
So we're blasting too much out of qprefix(), presumably since moving to sprintf() from snprintf(). Embarrassing. I think this relates to https://github.com/dankamongmen/outcurses/issues/25. You can see that we're generating "106.30G" from the stack trace. I think we ought only ever have 4 sigfigs for a base of 1000 (5 for 1024, sigh). If we do that, this solves itself.
Hrmm, no. We're generating "106.30G". That's 7 chars plus a NUL terminator for 8 bytes, aka PREFIXSTRLEN + 1. That's also the size of the buffer passed in.
it wants 'Gi':
- bprefix(io, 1, buf, 1);
- wprintw(rb->win, "%7.7s", buf);
+ char qbuf[BPREFIXSTRLEN + 1];
+ bprefix(io, 1, qbuf, 1);
+ wprintw(rb->win, "%7.7s", qbuf); // might chop off 'i'
fixed in 1.2.0!
I just uploaded 1.1.1.1-1 growlight to the AUR. The binaries created by this package (growlight-ncurses only) immediately exit with the message "buffer overflow", rather worrying...
If i build 1.1.1.1 from source on the same Arch machine, and run growlight-ncurses, I do not get this failure mode. Perhaps makepkg is adding some compiler flags?