print_wireless_info buffer overflow

[xstefank]

I switched to a new laptop and print_wireless_info stopped working:

$ i3status
{"version":1}
[
*** buffer overflow detected ***: terminated
[1]    22584 IOT instruction (core dumped)  i3status

journalctl

Jul 05 14:19:21 fedora systemd-coredump[23123]: [🡕] Process 23121 (i3status) of user 1000 dumped core.

                                                Module linux-vdso.so.1 with build-id 5785fbe1cc105912f683ad7629d33f7d6e3692ce
                                                Module libgpg-error.so.0 with build-id a53c231739d55cc39b97e28c36cd8b3e58a8f8f8
                                                Metadata for module libgpg-error.so.0 owned by FDO found: {
                                                        "type" : "rpm",
                                                        "name" : "libgpg-error",
                                                        "version" : "1.45-1.fc36",
                                                        "architecture" : "x86_64",
                                                        "osCpe" : "cpe:/o:fedoraproject:fedora:36"
                                                }

                                                Module libgcrypt.so.20 with build-id ab80eae398f8814c7dc7bfc27fa3724491a47294
                                                Stack trace of thread 23121:
                                                #0  0x00007f0ac8d10c4c __pthread_kill_implementation (libc.so.6 + 0x8ec4c)
                                                #1  0x00007f0ac8cc09c6 raise (libc.so.6 + 0x3e9c6)
                                                #2  0x00007f0ac8caa7f4 abort (libc.so.6 + 0x287f4)
                                                #3  0x00007f0ac8d04d9e __libc_message (libc.so.6 + 0x82d9e)
                                                #4  0x00007f0ac8da332a __fortify_fail (libc.so.6 + 0x12132a)
                                                #5  0x00007f0ac8da1c96 __chk_fail (libc.so.6 + 0x11fc96)
                                                #6  0x00007f0ac8cfd99f _IO_str_chk_overflow (libc.so.6 + 0x7b99f)
                                                #7  0x00007f0ac8d08c91 _IO_default_xsputn (libc.so.6 + 0x86c91)
                                                #8  0x00007f0ac8cf38df __vfprintf_internal (libc.so.6 + 0x718df)
                                                #9  0x00007f0ac8cfda4b __vsprintf_internal (libc.so.6 + 0x7ba4b)
                                                #10 0x00007f0ac8da17a1 __sprintf_chk (libc.so.6 + 0x11f7a1)
                                                #11 0x0000556d00c0d601 print_wireless_info (i3status + 0x13601)
                                                #12 0x0000556d00c026a6 main (i3status + 0x86a6)
                                                #13 0x00007f0ac8cab550 __libc_start_call_main (libc.so.6 + 0x29550)
                                                #14 0x00007f0ac8cab609 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29609)
                                                #15 0x0000556d00c05055 _start (i3status + 0xb055)
                                                ELF object binary architecture: AMD x86-64

relevant config:

wireless _first_ {
  format_up = "W: (%quality at %essid, %bitrate) %ip"
  format_down = "W: down"
}

Not sure what I'm missing. Can someone help please?

[xstefank]

from nmcli I see that the name of the interface is "wlp9s0" but changing config to:

wireless wlp9s0 {
  format_up = "W: (%quality at %essid, %bitrate) %ip"
  format_down = "W: down"
}

doesn't help.

[n-st]

Looks like one of the placeholders is exceeding the length allocated per placeholder content (which is 30 characters, minus 1 for the NUL terminator byte). The most likely candidates for this would be %essid (network name longer than 29 characters) and %ip (a fully expanded IPv6 address can be up to 39 characters; 45 if you include IPv4-mapped addresses). You can try removing placeholders one at a time to narrow down the source of the problem and avoid it for the time being. Ultimately, the maintainers will probably need to increase the string length limit, but I'm not sure if that has any unforeseen implications.

[asl97]

I am a idiot

@n-st I didn't include any placeholder and it still errors with this basic config, unless you mean to stop including wireless ``` general { colors = true interval = 5 } order += "wireless _first_" wireless _first_ { format_up = "W: up" format_down = "W: down" } ``` ```shell [asl97@localhost ~]$ i3status -c ~/.config/i3/i3status.conf i3status: trying to auto-detect output_format setting i3status: auto-detected "term" *** buffer overflow detected ***: terminated Aborted (core dumped) ``` My issue seem to be with a stupidly long network name but within the same file, 32 is listed within the file https://github.com/i3/i3status/blob/8a918438ed5b1800cda21d53ddaf130e7936cc9b/src/print_wireless_info.c#L18 There seem to be some code for `__FreeBSD__` and `__DragonFly__` but not others to control the length the name of the essid should be limited to and crop it if it's longer. https://github.com/i3/i3status/blob/8a918438ed5b1800cda21d53ddaf130e7936cc9b/src/print_wireless_info.c#L362-L372 32 > 30, there your overflow bug, it should be reduced to actually fit the limit and that shouldn't break anything that isn't already broken. Something as simple as this seem to fix it for me: https://github.com/i3/i3status/compare/main...asl97:i3status:patch-1 I didn't actually click the create pull request because this solution seem so hacky, but if the maintainers are happy with it, they can click it to create it and merge it themselves.

Seem like I was running the distro version when I thought I was running git head build https://github.com/i3/i3status/commit/8a918438ed5b1800cda21d53ddaf130e7936cc9b , head build working fine as is without modification

[mahrud]

This happened to me also, and the network essid is "City of Eugene-Free Public WiFi" with 31 characters. Seems to me like the buffer overflow is serious enough to warrant a fix, no?

i3status: trying to auto-detect output_format setting
i3status: auto-detected "term"
*** buffer overflow detected ***: terminated
Aborted (core dumped)

[fkranhold]

I am experiencing the same issue with a wifi network whose essid is "Cabinn Scandinavia Public Wifi" (30 characters), with i3status 2.14-2 under Arch (version from 9 July 2024), using the default configuration. (A quick experiment shows that removing the last "i" from the essid is enough to solve the issue.)

I have used the above wifi network before, in April this year, without any issues; hence I fear that the commit that was supposed to fix the issue somehow made the situation worse.

[stapelberg]

No, i3status 2.14 just doesn’t contain the commit yet. We should probably tag a new release soon.

[stapelberg]

FYI, i3status 2.15 was just released which contains the fix.

[xstefank]

I can confirm this now works! Thanks!