Crash When Attempting to Archive

[levone1]

Environment details (Put x in the checkbox along with the information)

• [ x] Operating System: Linux Mint 22
• [ x] Desktop Environment: KDE Plasma 5.27
• [ x] Terminal Emulator: Kitty and others
• [ x] Shell: Bash
• [ ] Custom desktop opener (if applicable):
• [ x] Program options used: None, and any tried
• [ x] Configuration options set: NNN_ARCHIVE="\.(7z|a|ace|alz|arc|arj|bz|bz2|cab|cpio|deb|gz|jar|lha|lz|lzh|lzma|lzo|rar|rpm|rz|t7z|tar|tbz|tbz2|tgz|tlz|txz|tZ|tzo|war|xpi|xz|Z|zip)$"
• [ x] Plugins are installed
• [ x] Issue exists on nnn master

Exact steps to reproduce the issue

• select multiple files
• type 'z' then 's' for "selected"
• enter archive name, (example.zip; example.tar.gz)
• press enter

Any attempt to archive ends in a crash, with " buffer overflow detected : terminated" message.

Tried with several different variables and configurations. Also built master and tested with O_DEBUG=1. Here is nnndbg contents:

ln 8751: VERSION=5.0
ln 8531: g_tmpfpath=/tmp
ln 8532: tmpfplen=5
ln 8784: home=/home/me
ln 8479: cfgpath=/home/me/.config
ln 8485: cfgpath=/home/me/.config/nnn
ln 8513: selpath=/home/me/.config/nnn/.selection
ln 8792: opener=xdg-open
ln 8902: getenv(envs[ENV_VISUAL])=hx
ln 8903: getenv(envs[ENV_EDITOR])=emacs
ln 8904: editor=hx
ln 8908: pager=supercat
ln 8912: shell=/bin/bash
ln 8914: getenv("PWD")=/home/me/Desktop/tmp/nnn
ln 2254: COLORS=256
ln 2255: COLOR_PAIRS=32767
ln 5761: __func__=dentfill
ln 6028: ts2.tv_nsec - ts1.tv_nsec=52311
ln 6632: __func__=redraw
ln 6647: path=/home/me/Desktop/tmp/nnn
ln 6632: __func__=redraw
ln 6647: path=/home/me/Desktop/tmp/nnn
ln 6632: __func__=redraw
ln 6647: path=/home/me/Desktop/tmp/nnn
ln 6632: __func__=redraw
ln 6647: path=/home/me/Desktop/tmp/nnn
ln 6632: __func__=redraw
ln 6647: path=/home/me/Desktop/tmp/nnn
ln 6632: __func__=redraw
ln 6647: path=/home/me/Desktop/tmp/nnn
ln 2419: status=0
ln 2493: pid=22778

[N-R-K]

Can't reproduce. Can you try with Address Sanitizer? Build with make CFLAGS_OPTIMIZATION="-fsanitize=address,undefined -g3" and then try to reproduce the bug. ASan should produce a stacktrace, paste it here.

[levone1]

CFLAGS_OPTIMIZATION="-fsanitize=address,undefined -g3"

Thank you.

Not sure what it means, but it works fine when built with make O_DEBUG=1 CFLAGS_OPTIMIZATION="-fsanitize=address,undefined -g3"

Did a test zip, and worked fine, with normal output, and zip created. Then, I went back to my previous install, and same error.

Then, I did make clean and started over with just make O_DEBUG=1 leaving out the ASan option, and tried that build, and again error and crash.

[levone1]

I guess on my end, I can just rebuild with the options I want, and ASan, and be fine with it. Will try

[N-R-K]

I guess on my end, I can just rebuild with the options I want, and ASan, and be fine with it.

ASan is a debugging tool that inserts various checks into the program. It will slow down the binary and use additional memory. It's not meant to be used regularly, only for development/debugging.

Also, interesting that the crash doesn't happen with ASan. Maybe due to turning optimizations off? Can you reproduce it with the following:

$ make CFLAGS_OPTIMIZATION="-fsanitize=address,undefined -g3 -O3"

[levone1]

make CFLAGS_OPTIMIZATION="-fsanitize=address,undefined -g3 -O3"

Archiving works fine when built with that also. Only difference is output while building:

cc  -std=c11 -Wall -Wextra -Wshadow -fsanitize=address,undefined -g3 -O3 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600   -o nnn  src/nnn.c -lreadline -lncursesw -ltinfo  -lpthread
In function ‘xstrsncpy’,
    inlined from ‘invertselbuf’ at src/nnn.c:1787:20:
src/nnn.c:978:21: warning: argument 1 is null but the corresponding size argument 4 value is 255 [-Wnonnull]
  978 |         char *end = memccpy(dst, src, '\0', n);
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/readline/chardefs.h:27,
                 from /usr/include/readline/keymaps.h:35,
                 from /usr/include/readline/readline.h:38,
                 from src/nnn.c:88:
/usr/include/string.h: In function ‘invertselbuf’:
/usr/include/string.h:54:14: note: in a call to function ‘memccpy’ declared with attribute ‘access (write_only, 1, 4)’
   54 | extern void *memccpy (void *__restrict __dest, const void *__restrict __src,
      |              ^~~~~~~
In function ‘xstrsncpy’,
    inlined from ‘invertselbuf’ at src/nnn.c:1867:20:
src/nnn.c:978:21: warning: argument 1 is null but the corresponding size argument 4 value is 255 [-Wnonnull]
  978 |         char *end = memccpy(dst, src, '\0', n);
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/string.h: In function ‘invertselbuf’:
/usr/include/string.h:54:14: note: in a call to function ‘memccpy’ declared with attribute ‘access (write_only, 1, 4)’
   54 | extern void *memccpy (void *__restrict __dest, const void *__restrict __src,
      |              ^~~~~~~
In function ‘xstrsncpy’,
    inlined from ‘addtoselbuf’ at src/nnn.c:1893:20,
    inlined from ‘browse’ at src/nnn.c:7648:25:
src/nnn.c:978:21: warning: argument 1 is null but the corresponding size argument 4 value is 255 [-Wnonnull]
  978 |         char *end = memccpy(dst, src, '\0', n);
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/string.h: In function ‘browse’:
/usr/include/string.h:54:14: note: in a call to function ‘memccpy’ declared with attribute ‘access (write_only, 1, 4)’
   54 | extern void *memccpy (void *__restrict __dest, const void *__restrict __src,
      |              ^~~~~~~
In function ‘xstrsncpy’,
    inlined from ‘addtoselbuf’ at src/nnn.c:1912:20,
    inlined from ‘browse’ at src/nnn.c:7648:25:
src/nnn.c:978:21: warning: argument 1 is null but the corresponding size argument 4 value is 255 [-Wnonnull]
  978 |         char *end = memccpy(dst, src, '\0', n);
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/string.h: In function ‘browse’:
/usr/include/string.h:54:14: note: in a call to function ‘memccpy’ declared with attribute ‘access (write_only, 1, 4)’
   54 | extern void *memccpy (void *__restrict __dest, const void *__restrict __src,
      |              ^~~~~~~```

But still built fine, and works

[jarun]

Can you add more debug prints to reach closest possible to the point where the fault occurs?

[jarun]

Also, please give it a try with a smaller string:

export NNN_ARCHIVE="\\.(7z|bz|bz2|deb|gz|iso|rar|rpm|tar|tbz|tbz2|tgz|txz|xz|Z|zip)$"

[levone1]

Can you add more debug prints to reach closest possible to the point where the fault occurs?

Ok. So, build with DEBUG on, and also with Asan, or without, (or both)?

Thanks

[jarun]

Build with only debug on. Since the prints are required.

[jarun]

just O_DEBUG=1.

[levone1]

just O_DEBUG=1.

nnndbg contents:

ln 8758: VERSION=5.0
ln 8538: g_tmpfpath=/tmp
ln 8539: tmpfplen=5
ln 8791: home=/home/me
ln 8486: cfgpath=/home/me/.config
ln 8492: cfgpath=/home/me/.config/nnn
ln 8520: selpath=/home/me/.config/nnn/.selection
ln 8799: opener=/home/me/.config/nnn/plugins/nuke
ln 8909: getenv(envs[ENV_VISUAL])=hx
ln 8910: getenv(envs[ENV_EDITOR])=emacs
ln 8911: editor=hx
ln 8915: pager=supercat
ln 8919: shell=/bin/bash
ln 8921: getenv("PWD")=/home/me/Desktop/tmp/nnn
ln 2258: COLORS=256
ln 2259: COLOR_PAIRS=32767
ln 5766: __func__=dentfill
ln 6033: ts2.tv_nsec - ts1.tv_nsec=64693
ln 6639: __func__=redraw
ln 6654: path=/home/me/Desktop/tmp/nnn
ln 6639: __func__=redraw
ln 6654: path=/home/me/Desktop/tmp/nnn
ln 6639: __func__=redraw
ln 6654: path=/home/me/Desktop/tmp/nnn
ln 2423: status=0
ln 2497: pid=11761

Replaced NNN_ARCHIVE line with the one you posted

[levone1]

Also tried with no NNN_ARCHIVE line

[jarun]

Please add more debug prints to reach closer to the point of crash.

[levone1]

Please add more debug prints to reach closer to the point of crash.

maybe...

Already logging to gdb.txt.
Starting program: /home/disciple/Desktop/tmp/nnn/nnn 
warning: could not find '.gnu_debugaltlink' file for /lib/x86_64-linux-gnu/libncursesw.so.6
warning: could not find '.gnu_debugaltlink' file for /lib/x86_64-linux-gnu/libtinfo.so.6
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after fork from child process 45080]

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
warning: 44 ./nptl/pthread_kill.c: No such file or directory

?

[levone1]

Don't know much about debugging, etc., but wondering if some kind of kernel-type issue. It had worked fine at some point, and I'm not sure when/what might have changed to make it stop, but I also tested on an Arch setup with same variables, and works fine. Probably something to do with current Mint... Wouldn't be surprised if it's not really anything to do with nnn...

[jarun]

Closing this since it is not reproducible and symptoms point to environmental factors.

[b4shful]

I'm also experiencing this issue, I know the issue has been closed but just in case it needs looked at, adding the coredump below:

systemd-coredump[14213]: Process 10320 (nnn) of user 1000 terminated abnormally with signal 6/A>
systemd[1]: Created slice Slice /system/systemd-coredump.
systemd[1]: Started Process Core Dump (PID 14213/UID 0).
systemd-coredump[14214]: [🡕] Process 10320 (nnn) of user 1000 dumped core.

Stack trace of thread 10320:
#0  0x00007911d737d3f4 n/a (libc.so.6 + 0x963f4)
#1  0x00007911d7324120 raise (libc.so.6 + 0x3d120)
#2  0x00007911d730b4c3 abort (libc.so.6 + 0x244c3)
#3  0x00007911d730c354 n/a (libc.so.6 + 0x25354)
#4  0x00007911d740c799 __fortify_fail (libc.so.6 + 0x125799)
#5  0x00007911d740c124 __chk_fail (libc.so.6 + 0x125124)
#6  0x00007911d740d957 __snprintf_chk (libc.so.6 + 0x126957)
#7  0x00005c5fb2a6340d n/a (nnn + 0x1640d)
#8  0x00005c5fb2a5092c n/a (nnn + 0x392c)
#9  0x00007911d730ce08 n/a (libc.so.6 + 0x25e08)
#10 0x00007911d730cecc __libc_start_main (libc.so.6 + 0x25ecc)
#11 0x00005c5fb2a51875 n/a (nnn + 0x4875)
ELF object binary architecture: AMD x86-64

Haven't tried to archive in a while so no idea how long it's been a thing for, but I am on Arch Linux with kernel 6.11.6-arch1-1

[jarun]

If a coredump is generated, please try to debug further. Also, see if you can grab the line numbers from the offsets.

[N-R-K]

Try building with debug symbols so that the backtrace is more debuggable: make CFLAGS_OPTIMIZATION="-O2 -g3"

[b4shful]

Also I just found out that the issue only occurs when multiple files are selected. Although I see that's already outlined in the initial reproduction steps (select multiple files, then "z" to archive and "s" for selected).

There appears to be a typo in your flags @N-R-K I built with make O_DEBUG=1 CFLAGS_OPTIMIZATION="-fsanitize=address -O2 -g3" and could not reproduce it, disabled ASan and still couldn't reproduce it, then I just ran make and still couldn't reproduce it lol.

Which is strange, as the PKGBUILD for the version in the Arch repositories just runs make and it does crash whenever I try this, I wonder what else could be different...

[N-R-K]

Which is strange, as the PKGBUILD for the version in the Arch repositories just runs make and it does crash whenever I try this, I wonder what else could be different...

Which version are you using, is it nnn-git or some stable release?

[b4shful]

It was just the one from the Arch Extra repo - I was finding that I can only repro when the package is actually installed/"in place", so I've been trying to get an installed version which ALSO has debug symbols.

I think I figured out how to do this successfully, I removed the extra/nnn package and went to nnn-git from the AUR. Before installing nnn-git I enabled the debug option in makepkg.conf, and then Arch creates a debug package which gdb/debuginfod and all that integrates nicely with, so I can now give you a better backtrace:

GNU gdb (GDB) 15.2
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/nnn...
Reading symbols from /usr/lib/debug/usr/bin/nnn.debug...
[New LWP 202611]

This GDB supports auto-downloading debuginfo from the following URLs:
  <https://debuginfod.archlinux.org>
Enable debuginfod for this session? (y or [n]) y
Debuginfod has been enabled.
To make this setting permanent, add 'set debuginfod enabled on' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `nnn'.
Program terminated with signal SIGABRT, Aborted.
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44       return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x000078c6899ad463 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  0x000078c689954120 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x000078c68993b4c3 in __GI_abort () at abort.c:79
#4  0x000078c68993c354 in __libc_message_impl (fmt=fmt@entry=0x78c689aca16c "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:132
#5  0x000078c689a3c799 in __GI___fortify_fail (msg=msg@entry=0x78c689aca153 "buffer overflow detected") at fortify_fail.c:24
#6  0x000078c689a3c124 in __GI___chk_fail () at chk_fail.c:28
#7  0x000078c689a3d957 in ___snprintf_chk (s=s@entry=0x55856a25b430 "", maxlen=maxlen@entry=4608, flag=flag@entry=2, slen=slen@entry=85, 
    format=format@entry=0x55854fea6d8b "xargs -0 %s %s < '%s'") at snprintf_chk.c:29
#8  0x000055854feba0b2 in snprintf (__s=0x55856a25b430 "", __n=4608, __fmt=0x55854fea6d8b "xargs -0 %s %s < '%s'")
    at /usr/include/bits/stdio2.h:68
#9  archive_selection (cmd=0x55854fea734e "atool -a", archive=0x7fffec366220 "/home/joel/dev/test.zip") at src/nnn.c:2845
#10 browse (ipath=<optimized out>, pkey=<optimized out>) at src/nnn.c:7888
#11 0x000055854febd7c1 in main (argc=<optimized out>, argv=<optimized out>) at src/nnn.c:9114

As well as nnndbg:

ln 8827: VERSION=5.0
ln 8606: g_tmpfpath=/tmp
ln 8607: tmpfplen=5
ln 8862: home=/home/joel
ln 8519: xdgcfg=/home/joel/.config
ln 8560: cfgpath=/home/joel/.config/nnn
ln 8588: selpath=/home/joel/.config/nnn/.selection
ln 8870: opener=xdg-open
ln 8984: getenv(envs[ENV_VISUAL])=nvim
ln 8985: getenv(envs[ENV_EDITOR])=nvim
ln 8986: editor=nvim
ln 8990: pager=moar
ln 8994: shell=/bin/bash
ln 8996: getenv("PWD")=/home/joel/dev/nnn
ln 2266: COLORS=256
ln 2267: COLOR_PAIRS=65536
ln 5832: __func__=dentfill
ln 6099: ts2.tv_nsec - ts1.tv_nsec=44954
ln 6705: __func__=redraw
ln 6720: path=/home/joel/dev/nnn
ln 2431: status=0
ln 2505: pid=159581

(let me know if you need me to disable optimisations, I can do that next if it's required for the sake of the backtrace)

[N-R-K]

@b4shful Does this patch make any difference?

diff --git a/src/nnn.c b/src/nnn.c
index 10feca38..f112c228 100644
--- a/src/nnn.c
+++ b/src/nnn.c
@@ -2834,15 +2834,16 @@ static char *get_archive_cmd(const char *archive)

 static void archive_selection(const char *cmd, const char *archive)
 {
-   char *buf = malloc((xstrlen(patterns[P_ARCHIVE_CMD]) + xstrlen(cmd) + xstrlen(archive)
-                      + xstrlen(selpath)) * sizeof(char));
+   size_t len = xstrlen(patterns[P_ARCHIVE_CMD]) + xstrlen(cmd) + xstrlen(archive)
+               + xstrlen(selpath) + 1;
+   char *buf = malloc(len);
    if (!buf) {
        DPRINTF_S(strerror(errno));
        printwarn(NULL);
        return;
    }

-   snprintf(buf, CMD_LEN_MAX, patterns[P_ARCHIVE_CMD], cmd, archive, selpath);
+   snprintf(buf, len, patterns[P_ARCHIVE_CMD], cmd, archive, selpath);
    spawn(utils[UTIL_SH_EXEC], buf, NULL, NULL, F_CLI | F_CONFIRM);
    free(buf);
 }

[b4shful]

[Just saw the suggested patch while pasting this in, I will respond to that in a moment]

Also, optimisations still enabled but here's bt full in case it offers anything useful:

(gdb) bt full
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>
        old_mask = {__val = {137438953472}}
        ret = <optimized out>
#1  0x000078c6899ad463 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
No locals.
#2  0x000078c689954120 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x000078c68993b4c3 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 140737156374048, 94031059805618, 0, 
              94031059926912, 94031059927072, 94031059927232, 132794108865216, 3, 94031059775751, 94031059776370, 0, 0, 0, 
              132794108022642, 0}}, sa_flags = -57716736, sa_restorer = 0x0}
#4  0x000078c68993c354 in __libc_message_impl (fmt=fmt@entry=0x78c689aca16c "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:132
        ap = {{gp_offset = 16, fp_offset = 0, overflow_arg_area = 0x7fffec365d50, reg_save_area = 0x7fffec365ce0}}
        fd = 2
        iov = {{iov_base = 0x78c689aca16c, iov_len = 4}, {iov_base = 0x78c689aca153, iov_len = 24}, {iov_base = 0x78c689aca172, 
            iov_len = 17}, {iov_base = 0x0, iov_len = 0}, {iov_base = 0x0, iov_len = 132794107133948}, {iov_base = 0x0, iov_len = 0}, {
            iov_base = 0x0, iov_len = 0}}
        iovcnt = <optimized out>
        total = <optimized out>
        cp = <optimized out>
#5  0x000078c689a3c799 in __GI___fortify_fail (msg=msg@entry=0x78c689aca153 "buffer overflow detected") at fortify_fail.c:24
No locals.
#6  0x000078c689a3c124 in __GI___chk_fail () at chk_fail.c:28
No locals.
#7  0x000078c689a3d957 in ___snprintf_chk (s=s@entry=0x55856a25b430 "", maxlen=maxlen@entry=4608, flag=flag@entry=2, slen=slen@entry=85, 
    format=format@entry=0x55854fea6d8b "xargs -0 %s %s < '%s'") at snprintf_chk.c:29
        mode = <optimized out>
        ap = {{gp_offset = 0, fp_offset = 0, overflow_arg_area = 0x0, reg_save_area = 0x0}}
        ret = <optimized out>
#8  0x000055854feba0b2 in snprintf (__s=0x55856a25b430 "", __n=4608, __fmt=0x55854fea6d8b "xargs -0 %s %s < '%s'")
    at /usr/include/bits/stdio2.h:68
No locals.
#9  archive_selection (cmd=0x55854fea734e "atool -a", archive=0x7fffec366220 "/home/joel/dev/test.zip") at src/nnn.c:2845
        buf = 0x55856a25b430 ""
        buf = <optimized out>
#10 browse (ipath=<optimized out>, pkey=<optimized out>) at src/nnn.c:7888
        ret = 110
        len = 122
        newpath = "/home/joel/dev/test.zip", '\000' <repeats 4072 times>
        runfile = '\000' <repeats 255 times>
        path = 0x55854fec39c0 <g_ctx.lto_priv> "/home/joel/dev"
        lastdir = 0x55854fec49c0 <g_ctx.lto_priv+4096> "/home/joel/dev/nnn"
        lastname = 0x55854fec59c0 <g_ctx.lto_priv+8192> "nnn"
        dir = <optimized out>
        tmp = 0x7fffec366220 "/home/joel/dev/test.zip"
        pent = <optimized out>
        sel = <optimized out>
        sb = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, 
          st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, 
            tv_nsec = 0}, __glibc_reserved = {0, 0, 0}}
        r = <optimized out>
        presel = 0
        selstartid = <optimized out>
        selendid = <optimized out>
        opener_flags = <optimized out>
        watch = <optimized out>
        cd = true
        inode = <optimized out>
        event = {id = 0, x = 0, y = 0, z = 0, bstate = 0}
        mousetimings = {{tv_sec = 0, tv_nsec = 0}, {tv_sec = 0, tv_nsec = 0}}
        mousedent = {-1, -1}
        currentmouse = true
        rightclicksel = <optimized out>
        begin = <optimized out>
        nochange = <optimized out>
#11 0x000055854febd7c1 in main (argc=<optimized out>, argv=<optimized out>) at src/nnn.c:9114
        arg = <optimized out>
        fd = <optimized out>
        opt = <optimized out>
        sort = <optimized out>
        pkey = 0
        sepnul = <optimized out>
        mask = 0
        middle_click_env = <optimized out>
        env_opts = <optimized out>
        env_opts_id = <optimized out>
        rlhist = <optimized out>
        act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, 
          sa_restorer = 0x0}

[N-R-K]

Okay, I think I have an idea of what's going on. Fortify is checking if len > allocated_buffer_size and in our case since the len passed to snprintf differs from the allocated buffer size, it's aborting the process (even though the result would have fit into the buffer).

If this is indeed the case, then the patch I sent above should fix the issue.

[b4shful]

Had to switch to using the makefile to install so that I could apply the patch.

Initially I can confirm that the patch appears to have indeed fixed the issue.

But, I need to now undo the patch, and confirm that the issue was reproducible when building/installing with the makefile, because for some reason it wasn't reproducible when running the compiled nnn file just sitting inside the source directory. One moment.

[N-R-K]

because for some reason it wasn't reproducible when running the compiled nnn file just sitting inside the source directory. One moment.

Try make O_DEBUG=1 CFLAGS_OPTIMIZATION="-O2 -g3 -D_FORTIFY_SOURCE=3". I suspect the PKGBUILD sets _FORTIFY_SOURCE but it's not set by default. Which would explain why it was happening only in PKGBUILD environments.

[N-R-K]

Okay, I can reproduce it myself when I do add fortify define myself. And the patch indeed fixes it. And the reasoning here (https://github.com/jarun/nnn/issues/1931#issuecomment-2468910986) also seems correct: https://github.com/bminor/glibc/blob/7b544224f82d20019f9b28522ebf8114a372d1a2/debug/snprintf_chk.c#L28-L29

I'll submit a PR shortly.

[b4shful]

Oh damn, yes that very much sounds plausible!

Before you sent that message I undid the patch and the issue was still not present (when doing the makefile install).

I keep having to change this as I type it because you're so fast with this, but I was about to say I can confirm my makepkg.conf (which is reasonably close to default) contains:

CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
        -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
        -fstack-clash-protection -fcf-protection \
        -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"

As you are already aware given your previous messages, you were bang on the money :grin: awesome work!

[levone1]

Thank you - no more crash