search

rakshasa / rtorrent

rTorrent BitTorrent client
https://github.com/rakshasa/rtorrent/wiki
GNU General Public License v2.0
4.05k stars 412 forks source link

buffer overflow detected #1205

Open powerman opened 1 year ago

powerman commented 1 year ago

After recompiling rtorrent-0.9.8 using gcc-12.2.1 with extra hardening (-D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS, see https://wiki.gentoo.org/wiki/Hardened/Toolchain#Changes for more details) it start crashing on session.path.set directive.

$ echo "session.path.set = $HOME/.rtorrent" > ~/.rtorrent.rc
$ mkdir ~/.rtorrent
$ rtorrent
*** buffer overflow detected ***: terminated
                                            Aborted
gcc -v ``` Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/12/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-12.2.1_p20230121-r1/work/gcc-12-20230121/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/12 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/12/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/12 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/12/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/12/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/12/python --enable-languages=c,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --disable-libunwind-exceptions --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 12.2.1_p20230121-r1 p10' --with-gcc-major-version-only --enable-esp --enable-libstdcxx-time --disable-libstdcxx-pch --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libssp --disable-libada --enable-cet --disable-systemtap --disable-valgrind-annotations --disable-vtable-verify --disable-libvtv --without-zstd --enable-lto --without-isl --enable-default-pie --enable-default-ssp --with-build-config=bootstrap-cet Thread model: posix Supported LTO compression algorithms: zlib gcc version 12.2.1 20230121 (Gentoo Hardened 12.2.1_p20230121-r1 p10) ```
thesamesam commented 1 year ago

Does the patch in https://github.com/rakshasa/rtorrent/pull/1169 help?

powerman commented 1 year ago

Does the patch in #1169 help?

Yes, thanks!