Closed robert-scheck closed 1 year ago
Apologies, this is already fixed by commit 5908af4c19188cb17b62f23368b6ef462831a0cb
Oh, that fortify stuff crashes your program when there is a POSSIBLE buffer overflow, not when there really IS a buffer overflow ? We were printing "about 100, max 200" characters into a 1000 char buffer without using snprintf. Then some compiler complained and someone quickly changed it to snprintf without doing the math for the buffer length correctly. So statically it still fits with PLENTY of margin.
Is it possible to tag a release with this fix? The version packaged with Ubuntu 24.04 LTS still has this bug.
Using MTR 0.95, running
mtr -r www.google.com -c 1
leads to a segmentation fault.There is a downstream report at https://bugzilla.redhat.com/show_bug.cgi?id=2188394 which I am able to reproduce using a container: