distcc-avahi: fix FORTIFY buffer overflow in dcc_gcc_rewrite_fqn
build and publish packages / distcc-avahi-aarch64 (push) Successful in 34s
build and publish packages / lmcp-any (push) Successful in 7s
build and publish packages / lmcp-debian (push) Successful in 5s
build and publish packages / claude-his-any (push) Successful in 8s
build and publish packages / claude-his-debian (push) Successful in 4s
build and publish packages / distcc-avahi-aarch64 (push) Successful in 34s
build and publish packages / lmcp-any (push) Successful in 7s
build and publish packages / lmcp-debian (push) Successful in 5s
build and publish packages / claude-his-any (push) Successful in 8s
build and publish packages / claude-his-debian (push) Successful in 4s
pkgrel 16 builds ship an upstream distcc 3.4 bug: src/compile.c sizes the rewritten-compiler-name buffer with strlen(argv[0] + 1) — pointer arithmetic applied before strlen — under-allocating by 2 bytes. glibc FORTIFY_SOURCE=2 catches the resulting overflow in strcat and aborts, so every "distcc gcc ..." invocation dies on a modern Arch. Patch moves the +1 outside the strlen, as intended. Closes marfrit/marfrit-packages#3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -10,7 +10,7 @@
|
||||
pkgname=distcc-avahi
|
||||
_pkgname=distcc
|
||||
pkgver=3.4
|
||||
pkgrel=16
|
||||
pkgrel=17
|
||||
pkgdesc="Distributed compilation service for C, C++ and Objective-C (with Avahi/Zeroconf support)"
|
||||
arch=('x86_64' 'aarch64')
|
||||
url="https://github.com/distcc/distcc"
|
||||
@@ -27,16 +27,19 @@ source=(
|
||||
"distccd.conf"
|
||||
"distccd.service"
|
||||
"distcc.tmpfiles"
|
||||
"fix-gcc-rewrite-fqn-overflow.patch"
|
||||
)
|
||||
sha256sums=(
|
||||
'37a34c9555498a1168fea026b292ab07e7bb394715d87d8403e0c33b16d2d008'
|
||||
'38cb1912bfa15efd762dd868e049bdbcd58f1a46065255bc4648f821ba516d65'
|
||||
'a4f1d1bb21d61d41f22e918b448cfb852a6d95b0d3b922bd82805090cb2ce41a'
|
||||
'd8aee2eb895c02a39e0f2b76fd4a5c9dce91405f1c443286ca324628eadbf3f1'
|
||||
'7ff56af2ea505bfbf65ceeb0c8f752295f73ffb1173c26a6e978840fad04f651'
|
||||
)
|
||||
|
||||
prepare() {
|
||||
cd "${_pkgname}-${pkgver}"
|
||||
patch -p1 -i "${srcdir}/fix-gcc-rewrite-fqn-overflow.patch"
|
||||
autoreconf -fiv
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
Description: fix off-by-paren in dcc_gcc_rewrite_fqn buffer sizing
|
||||
src/compile.c's dcc_gcc_rewrite_fqn() allocates a buffer for
|
||||
"<target>-<argv[0]>\0" but writes strlen(argv[0] + 1) — pointer
|
||||
arithmetic *then* strlen, which under-allocates by 2 bytes and trips
|
||||
glibc FORTIFY_SOURCE=2 with "*** buffer overflow detected ***"
|
||||
on any `distcc gcc …` invocation.
|
||||
Intent was strlen(argv[0]) + 1 (length plus terminator).
|
||||
Bug-reauktion: marfrit/marfrit-packages#3
|
||||
Author: Markus Fritsche <mfritsche@reauktion.de>
|
||||
|
||||
--- a/src/compile.c
|
||||
+++ b/src/compile.c
|
||||
@@ -579,7 +579,7 @@ static int dcc_gcc_rewrite_fqn(char **argv)
|
||||
return -ENOENT;
|
||||
|
||||
|
||||
- newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0] + 1);
|
||||
+ newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0]) + 1;
|
||||
newcmd = malloc(newcmd_len);
|
||||
if (!newcmd)
|
||||
return -ENOMEM;
|
||||
Reference in New Issue
Block a user