marfrit/marfrit-packages
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

distcc-avahi: fix FORTIFY buffer overflow in dcc_gcc_rewrite_fqn
build and publish packages / distcc-avahi-aarch64 (push) Successful in 34s
Details
build and publish packages / lmcp-any (push) Successful in 7s
Details
build and publish packages / lmcp-debian (push) Successful in 5s
Details
build and publish packages / claude-his-any (push) Successful in 8s
Details
build and publish packages / claude-his-debian (push) Successful in 4s
Details

Browse Source 
pkgrel 16 builds ship an upstream distcc 3.4 bug: src/compile.c sizes
the rewritten-compiler-name buffer with strlen(argv[0] + 1) — pointer
arithmetic applied before strlen — under-allocating by 2 bytes. glibc
FORTIFY_SOURCE=2 catches the resulting overflow in strcat and aborts,
so every "distcc gcc ..." invocation dies on a modern Arch.

Patch moves the +1 outside the strlen, as intended.
Closes marfrit/marfrit-packages#3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Markus Fritsche
2026-04-20 12:02:38 +02:00
parent 2ebaf04c47
commit ef7911dd27
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
arch/distcc-avahi/PKGBUILD
+4 -1
View File
@@ -10,7 +10,7 @@
pkgname=distcc-avahi pkgname=distcc-avahi
_pkgname=distcc _pkgname=distcc
pkgver=3.4 pkgver=3.4
pkgrel=16 pkgrel=17
pkgdesc="Distributed compilation service for C, C++ and Objective-C (with Avahi/Zeroconf support)" pkgdesc="Distributed compilation service for C, C++ and Objective-C (with Avahi/Zeroconf support)"
arch=('x86_64' 'aarch64') arch=('x86_64' 'aarch64')
url="https://github.com/distcc/distcc" url="https://github.com/distcc/distcc"
@@ -27,16 +27,19 @@ source=(
"distccd.conf" "distccd.conf"
"distccd.service" "distccd.service"
"distcc.tmpfiles" "distcc.tmpfiles"
"fix-gcc-rewrite-fqn-overflow.patch"
) )
sha256sums=( sha256sums=(
'37a34c9555498a1168fea026b292ab07e7bb394715d87d8403e0c33b16d2d008' '37a34c9555498a1168fea026b292ab07e7bb394715d87d8403e0c33b16d2d008'
'38cb1912bfa15efd762dd868e049bdbcd58f1a46065255bc4648f821ba516d65' '38cb1912bfa15efd762dd868e049bdbcd58f1a46065255bc4648f821ba516d65'
'a4f1d1bb21d61d41f22e918b448cfb852a6d95b0d3b922bd82805090cb2ce41a' 'a4f1d1bb21d61d41f22e918b448cfb852a6d95b0d3b922bd82805090cb2ce41a'
'd8aee2eb895c02a39e0f2b76fd4a5c9dce91405f1c443286ca324628eadbf3f1' 'd8aee2eb895c02a39e0f2b76fd4a5c9dce91405f1c443286ca324628eadbf3f1'
'7ff56af2ea505bfbf65ceeb0c8f752295f73ffb1173c26a6e978840fad04f651'
) )
prepare() { prepare() {
cd "${_pkgname}-${pkgver}" cd "${_pkgname}-${pkgver}"
patch -p1 -i "${srcdir}/fix-gcc-rewrite-fqn-overflow.patch"
autoreconf -fiv autoreconf -fiv
} }
arch/distcc-avahi/fix-gcc-rewrite-fqn-overflow.patch
+21
View File
@@ -0,0 +1,21 @@
Description: fix off-by-paren in dcc_gcc_rewrite_fqn buffer sizing
src/compile.c's dcc_gcc_rewrite_fqn() allocates a buffer for
"<target>-<argv[0]>\0" but writes strlen(argv[0] + 1) — pointer
arithmetic *then* strlen, which under-allocates by 2 bytes and trips
glibc FORTIFY_SOURCE=2 with "*** buffer overflow detected ***"
on any `distcc gcc …` invocation.
Intent was strlen(argv[0]) + 1 (length plus terminator).
Bug-reauktion: marfrit/marfrit-packages#3
Author: Markus Fritsche <mfritsche@reauktion.de>
--- a/src/compile.c
+++ b/src/compile.c
@@ -579,7 +579,7 @@ static int dcc_gcc_rewrite_fqn(char **argv)
return -ENOENT;
- newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0] + 1);
+ newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0]) + 1;
newcmd = malloc(newcmd_len);
if (!newcmd)
return -ENOMEM;