growlight 1.1.1.1-1 immediately exits with "buffer overflow"

[dankamongmen]

I just uploaded 1.1.1.1-1 growlight to the AUR. The binaries created by this package (growlight-ncurses only) immediately exit with the message "buffer overflow", rather worrying...

If i build 1.1.1.1 from source on the same Arch machine, and run growlight-ncurses, I do not get this failure mode. Perhaps makepkg is adding some compiler flags?

[dankamongmen]

[dankamongmen]

Hah, nope, I'm drawing this on Debian also. Whoops! Let's get thsi fixed ASAP.

[dankamongmen]

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff742a535 in __GI_abort () at abort.c:79
#2  0x00007ffff7480db8 in __libc_message (action=<optimized out>, 
    fmt=fmt@entry=0x7ffff758b8a2 "*** %s ***: %s terminated\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff750f81d in __GI___fortify_fail_abort (
    need_backtrace=need_backtrace@entry=true, 
    msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
    at fortify_fail.c:28
#4  0x00007ffff750f851 in __GI___fortify_fail (
    msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
    at fortify_fail.c:44
#5  0x00007ffff750e230 in __GI___chk_fail () at chk_fail.c:28
#6  0x00007ffff7479a09 in _IO_str_chk_overflow (fp=<optimized out>, 
    c=<optimized out>) at iovsprintf.c:35
#7  0x00007ffff746f62f in __vfprintf_internal (s=s@entry=0x7ffff6662670, 
    format=format@entry=0x55555558c37b "%ju.%02ju%c%c", 
    ap=ap@entry=0x7ffff66627b0, mode_flags=mode_flags@entry=6)
    at ../libio/libioP.h:903
#8  0x00007ffff7479ab0 in __vsprintf_internal (
    string=0x7ffff6662abb "106.30G", maxlen=<optimized out>, 
    format=0x55555558c37b "%ju.%02ju%c%c", args=args@entry=0x7ffff66627b0, 
    mode_flags=6) at iovsprintf.c:96
#9  0x00007ffff750dd57 in ___sprintf_chk (s=<optimized out>, 
    flag=<optimized out>, slen=<optimized out>, format=<optimized out>)
    at sprintf_chk.c:40
#10 0x0000555555576e32 in sprintf (__fmt=0x55555558c37b "%ju.%02ju%c%c", 
    __s=0x7ffff6662abb "106.30G")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36
#11 enmetric (decimal=1, uprefix=0, mult=1000, omitdec=1, 
    buf=0x7ffff6662abb "106.30G", val=<optimized out>)
    at /usr/include/outcurses.h:172
#12 qprefix (omitdec=1, buf=0x7ffff6662abb "106.30G", decimal=1, 
    val=<optimized out>) at /usr/include/outcurses.h:191
#13 print_blockbar (sx=13, selected=0, ex=78, y=2, bo=0x7fffd8007520, 
    w=<optimized out>) at src/ncurses.c:1033
#14 print_dev (bo=0x7fffd8007520, line=2, rows=<optimized out>, cols=80, 
    topp=0, endp=0, rb=<optimized out>, rb=<optimized out>)
    at src/ncurses.c:1424
#15 0x0000555555578cd7 in print_adapter_devs (endp=0, topp=0, cols=80, rows=5, 
    as=0x7fffd8010d80) at src/ncurses.c:1485
#16 redraw_adapter (rb=<optimized out>) at src/ncurses.c:1608
#17 0x000055555557ee1f in block_callback (d=<optimized out>, v=<optimized out>)
    at src/ncurses.c:6842
#18 0x000055555556039d in rescan (d=0x7fffd8000b60, name=<optimized out>)
    at src/growlight.c:1136
#19 rescan (name=<optimized out>, d=<optimized out>) at src/growlight.c:918
#20 0x000055555556166c in create_new_device_inner (
    name=0x555555641b50 "nvme0n1") at src/growlight.c:1154
#21 create_new_device (name=name@entry=0x555555641b50 "nvme0n1")
    at src/growlight.c:1196
#22 0x00005555555618e1 in lookup_device (name=0x555555641b50 "nvme0n1")
    at src/growlight.c:1266
#23 lookup_device (name=<optimized out>) at src/growlight.c:1218
#24 0x00005555555632af in scan_device (name=0x555555641b50)
    at src/growlight.c:1398
#25 0x00007ffff75cdfb7 in start_thread (arg=<optimized out>)
    at pthread_create.c:486
#26 0x00007ffff74ff2ef in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[dankamongmen]

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff742a535 in __GI_abort () at abort.c:79
#2  0x00007ffff7480db8 in __libc_message (action=<optimized out>, 
    fmt=fmt@entry=0x7ffff758b8a2 "*** %s ***: %s terminated\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff750f81d in __GI___fortify_fail_abort (
    need_backtrace=need_backtrace@entry=true, 
    msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
    at fortify_fail.c:28
#4  0x00007ffff750f851 in __GI___fortify_fail (
    msg=msg@entry=0x7ffff758b82e "buffer overflow detected")
    at fortify_fail.c:44
#5  0x00007ffff750e230 in __GI___chk_fail () at chk_fail.c:28
#6  0x00007ffff7479a09 in _IO_str_chk_overflow (fp=<optimized out>, 
    c=<optimized out>) at iovsprintf.c:35
#7  0x00007ffff746f62f in __vfprintf_internal (s=s@entry=0x7ffff6662670, 
    format=format@entry=0x55555558c37b "%ju.%02ju%c%c", 
    ap=ap@entry=0x7ffff66627b0, mode_flags=mode_flags@entry=6)
    at ../libio/libioP.h:903
#8  0x00007ffff7479ab0 in __vsprintf_internal (
    string=0x7ffff6662abb "106.30G", maxlen=<optimized out>, 
    format=0x55555558c37b "%ju.%02ju%c%c", args=args@entry=0x7ffff66627b0, 
    mode_flags=6) at iovsprintf.c:96
#9  0x00007ffff750dd57 in ___sprintf_chk (s=<optimized out>, 
    flag=<optimized out>, slen=<optimized out>, format=<optimized out>)
    at sprintf_chk.c:40
#10 0x0000555555576e32 in sprintf (__fmt=0x55555558c37b "%ju.%02ju%c%c", 
    __s=0x7ffff6662abb "106.30G")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36
#11 enmetric (decimal=1, uprefix=0, mult=1000, omitdec=1, 
    buf=0x7ffff6662abb "106.30G", val=<optimized out>)
    at /usr/include/outcurses.h:172
#12 qprefix (omitdec=1, buf=0x7ffff6662abb "106.30G", decimal=1, 
    val=<optimized out>) at /usr/include/outcurses.h:191
#13 print_blockbar (sx=13, selected=0, ex=78, y=2, bo=0x7fffd8007520, 
    w=<optimized out>) at src/ncurses.c:1033
#14 print_dev (bo=0x7fffd8007520, line=2, rows=<optimized out>, cols=80, 
    topp=0, endp=0, rb=<optimized out>, rb=<optimized out>)
    at src/ncurses.c:1424
#15 0x0000555555578cd7 in print_adapter_devs (endp=0, topp=0, cols=80, rows=5, 
    as=0x7fffd8010d80) at src/ncurses.c:1485
#16 redraw_adapter (rb=<optimized out>) at src/ncurses.c:1608
#17 0x000055555557ee1f in block_callback (d=<optimized out>, v=<optimized out>)
    at src/ncurses.c:6842
#18 0x000055555556039d in rescan (d=0x7fffd8000b60, name=<optimized out>)
    at src/growlight.c:1136
#19 rescan (name=<optimized out>, d=<optimized out>) at src/growlight.c:918
#20 0x000055555556166c in create_new_device_inner (
    name=0x555555641b50 "nvme0n1") at src/growlight.c:1154
#21 create_new_device (name=name@entry=0x555555641b50 "nvme0n1")
    at src/growlight.c:1196
#22 0x00005555555618e1 in lookup_device (name=0x555555641b50 "nvme0n1")
    at src/growlight.c:1266
#23 lookup_device (name=<optimized out>) at src/growlight.c:1218
#24 0x00005555555632af in scan_device (name=0x555555641b50)
    at src/growlight.c:1398
#25 0x00007ffff75cdfb7 in start_thread (arg=<optimized out>)
    at pthread_create.c:486
#26 0x00007ffff74ff2ef in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[dankamongmen]

So we're blasting too much out of qprefix(), presumably since moving to sprintf() from snprintf(). Embarrassing. I think this relates to https://github.com/dankamongmen/outcurses/issues/25. You can see that we're generating "106.30G" from the stack trace. I think we ought only ever have 4 sigfigs for a base of 1000 (5 for 1024, sigh). If we do that, this solves itself.

[dankamongmen]

Hrmm, no. We're generating "106.30G". That's 7 chars plus a NUL terminator for 8 bytes, aka PREFIXSTRLEN + 1. That's also the size of the buffer passed in.

[dankamongmen]

it wants 'Gi':

-                   bprefix(io, 1, buf,  1);
-                   wprintw(rb->win, "%7.7s", buf);
+      char qbuf[BPREFIXSTRLEN + 1];
+                 bprefix(io, 1, qbuf,  1);
+                 wprintw(rb->win, "%7.7s", qbuf); // might chop off 'i'

[dankamongmen]

fixed in 1.2.0!