AUR (en) - kalu-kde

Git Clone URL:	https://aur.archlinux.org/kalu-kde.git (read-only, click to copy)
Package Base:	kalu-kde
Description:	Upgrade notifier w/ AUR support, watched (AUR) packages, news; supports autohide in KDE Plasma's panel
Upstream URL:	https://github.com/Thulinma/kalu
Licenses:	GPL3+
Conflicts:	kalu
Provides:	kalu
Submitter:	Rhinoceros
Maintainer:	Thulinma (jghodd)
Last Packager:	Rhinoceros
Votes:	14
Popularity:	0.000002
First Submitted:	2014-12-30 12:30 (UTC)
Last Updated:	2024-09-14 14:24 (UTC)

@Rhinoceros - tried your suggestion, same result: buffer overflow

I'm seeing this in the build:


In function 'snprintf',
    inlined from 'snprint_size' at src/kalu/util.c:410:5,
    inlined from 'updater_get_packages_cb' at src/kalu/updater.c:2062:9:
/usr/include/bits/stdio2.h:54:10: warning: '__builtin___snprintf_chk' specified bound 255 exceeds destination size 23 [-Wstringop-overflow=]
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ^

This seems to correspond with when it's crashing. And I'm not the only person reporting a buffer overflow - see @JansuX2 below.

Edit: interestingly, despite the use of snprintf throughout the code, this is the only place a build warning is thrown for it (yes, I understand that snprint_size is used everywhere too). Does this help pinpoint the issue?

Rhinoceros commented on 2024-03-27 22:42 (UTC)

Yep, but I had no response to your first comment @jghodd, as I don't even use the built-in updater so I can't replicate the bug. Users also don't get notifications about your edits, so I didn't even realise you had a buffer overflow. I only saw your original comment.

Having said that, I wonder if it's related to the changes in /etc/makepkg.conf? Can you try changing -D_FORTIFY_SOURCE=3 to -D_FORTIFY_SOURCE=2, then rebuild, and see if it fixes your problem?

jghodd commented on 2024-03-27 19:04 (UTC) (edited on 2024-03-27 19:05 (UTC) by jghodd)

Hello? Anybody listening? I'm the second person to report a buffer overflow and hanging/crashing... and no response?

jghodd commented on 2024-03-22 01:26 (UTC) (edited on 2024-03-23 21:52 (UTC) by jghodd)

Crashing when trying to check for conflicting files. After a restart, it hangs on initializing... have to kill it. A restart might crash on checking for conflicting files, or it'll hang... which needs to be killed (etc., etc.).

Can't get it to do even a basic update.

Edit: Yeah - Checking inter-conflict... and down it goes. Every time. Any attempt to get it going again without a reboot and it hangs on Initializing updater... which has to be killed. Reboot to start over again. This is an issue not just for me but also for all my users. Any ideas on what might be causing this?

Edit2: I checked the source code and it appears that all the changes made to accommodate the new version of pacman have to do with package conflicts - exactly where it's crashing. You might want to take a close look at your changes. Something in there isn't kosher.

Did a debug session:


(gdb) backtrace
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff6b40393 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff6aef6c8 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff6ad74b8 in __GI_abort () at abort.c:79
#4  0x00007ffff6ad8395 in __libc_message_impl (fmt=fmt@entry=0x7ffff6c50161 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132
#5  0x00007ffff6bc773b in __GI___fortify_fail (msg=msg@entry=0x7ffff6c50148 "buffer overflow detected") at fortify_fail.c:24
#6  0x00007ffff6bc70e6 in __GI___chk_fail () at chk_fail.c:28
#7  0x00007ffff6bc8945 in ___snprintf_chk (s=s@entry=0x7fffffffbbd0 "\320F\225UUU", maxlen=maxlen@entry=255, flag=flag@entry=2, slen=slen@entry=23, format=<optimized out>)
    at snprintf_chk.c:29
#8  0x0000555555584fd5 in snprintf (__fmt=<optimized out>, __n=255, __s=0x7fffffffbbd0 "\320F\225UUU", __s=<optimized out>, __n=<optimized out>, __fmt=<optimized out>)
    at /usr/include/bits/stdio2.h:54
#9  snprint_size (unit=<optimized out>, size=<optimized out>, buflen=255, buf=0x7fffffffbbd0 "\320F\225UUU") at src/kalu/util.c:410
#10 updater_get_packages_cb (kupdater=<optimized out>, errmsg=<optimized out>, pkgs=<optimized out>, data=<optimized out>) at src/kalu/updater.c:2123
#11 0x000055555557c002 in kalu_updater_g_signal (proxy=0x5555558b74d0, sender_name=<optimized out>, signal_name=<optimized out>, parameters=<optimized out>) at src/kalu/kalu-updater.c:494
#12 0x00007ffff72df6c0 in g_closure_invoke (closure=0x555555636da0, return_value=0x0, n_param_values=4, param_values=0x7fffffffbfa0, invocation_hint=0x7fffffffbef0)
    at ../glib/gobject/gclosure.c:832
#13 0x00007ffff730e0ea in signal_emit_unlocked_R.isra.0
    (node=node@entry=0x7fffffffc0c0, detail=detail@entry=0, instance=instance@entry=0x5555558b74d0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffbfa0) at ../glib/gobject/gsignal.c:4020
#14 0x00007ffff72fea42 in signal_emit_valist_unlocked (instance=instance@entry=0x5555558b74d0, signal_id=signal_id@entry=39, detail=detail@entry=0, var_args=var_args@entry=0x7fffffffc220)
    at ../glib/gobject/gsignal.c:3612
#15 0x00007ffff72fec77 in g_signal_emit_valist (instance=0x5555558b74d0, signal_id=39, detail=0, var_args=var_args@entry=0x7fffffffc220) at ../glib/gobject/gsignal.c:3355
#16 0x00007ffff72fed34 in g_signal_emit (instance=instance@entry=0x5555558b74d0, signal_id=<optimized out>, detail=<optimized out>) at ../glib/gobject/gsignal.c:3675
#17 0x00007ffff753ca36 in on_signal_received
    (connection=<optimized out>, sender_name=0x7fffe0012020 ":1.173", object_path=<optimized out>, interface_name=<optimized out>, signal_name=0x7fffe0016f40 "GetPackagesFinished", parameters=0x7fffe000dd00, user_data=0x5555558c0430) at ../glib/gio/gdbusproxy.c:890
#18 0x00007ffff7527fa8 in emit_signal_instance_in_idle_cb (data=0x7fffe000fd30) at ../glib/gio/gdbusconnection.c:3802
#19 0x00007ffff6ddaf69 in g_main_dispatch (context=0x55555561c6a0) at ../glib/glib/gmain.c:3476
#20 0x00007ffff6e393a7 in g_main_context_dispatch_unlocked (context=0x55555561c6a0) at ../glib/glib/gmain.c:4284
#21 g_main_context_iterate_unlocked.isra.0 (context=0x55555561c6a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4349
#22 0x00007ffff6ddbb97 in g_main_loop_run (loop=0x55555581f6d0) at ../glib/glib/gmain.c:4551
#23 0x00007ffff77ed2bf in gtk_main () at ../gtk/gtk/gtkmain.c:1329
#24 0x000055555555fbcb in main (argc=<optimized out>, argv=<optimized out>) at src/kalu/main.c:1703
(gdb)

Hope it helps. I see some references to snprintf which are used in your new code. Overflow? I think it's complaining that the buffer is only 23 bytes large - that shows up as a warning when building as well.

Edit3: Did an 'up' to move up the stack and another backtrace and this one appears to point to more specific locations.


#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff6b40393 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff6aef6c8 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff6ad74b8 in __GI_abort () at abort.c:79
#4  0x00007ffff6ad8395 in __libc_message_impl (fmt=fmt@entry=0x7ffff6c50161 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132
#5  0x00007ffff6bc773b in __GI___fortify_fail (msg=msg@entry=0x7ffff6c50148 "buffer overflow detected") at fortify_fail.c:24
#6  0x00007ffff6bc70e6 in __GI___chk_fail () at chk_fail.c:28
#7  0x00007ffff6bc8945 in ___snprintf_chk (s=s@entry=0x7fffffffbbd0 "\320F\225UUU", maxlen=maxlen@entry=255, flag=flag@entry=2, slen=slen@entry=23, format=<optimized out>)
    at snprintf_chk.c:29
#8  0x0000555555584fd5 in snprintf (__fmt=<optimized out>, __n=255, __s=0x7fffffffbbd0 "\320F\225UUU", __s=<optimized out>, __n=<optimized out>, __fmt=<optimized out>)
    at /usr/include/bits/stdio2.h:54
#9  snprint_size (unit=<optimized out>, size=<optimized out>, buflen=255, buf=0x7fffffffbbd0 "\320F\225UUU") at src/kalu/util.c:410
#10 updater_get_packages_cb (kupdater=<optimized out>, errmsg=<optimized out>, pkgs=<optimized out>, data=<optimized out>) at src/kalu/updater.c:2123
#11 0x000055555557c002 in kalu_updater_g_signal (proxy=0x5555558b74d0, sender_name=<optimized out>, signal_name=<optimized out>, parameters=<optimized out>) at src/kalu/kalu-updater.c:494
#12 0x00007ffff72df6c0 in g_closure_invoke (closure=0x555555636da0, return_value=0x0, n_param_values=4, param_values=0x7fffffffbfa0, invocation_hint=0x7fffffffbef0)
    at ../glib/gobject/gclosure.c:832
#13 0x00007ffff730e0ea in signal_emit_unlocked_R.isra.0
    (node=node@entry=0x7fffffffc0c0, detail=detail@entry=0, instance=instance@entry=0x5555558b74d0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffbfa0) at ../glib/gobject/gsignal.c:4020
#14 0x00007ffff72fea42 in signal_emit_valist_unlocked (instance=instance@entry=0x5555558b74d0, signal_id=signal_id@entry=39, detail=detail@entry=0, var_args=var_args@entry=0x7fffffffc220)
    at ../glib/gobject/gsignal.c:3612
#15 0x00007ffff72fec77 in g_signal_emit_valist (instance=0x5555558b74d0, signal_id=39, detail=0, var_args=var_args@entry=0x7fffffffc220) at ../glib/gobject/gsignal.c:3355
#16 0x00007ffff72fed34 in g_signal_emit (instance=instance@entry=0x5555558b74d0, signal_id=<optimized out>, detail=<optimized out>) at ../glib/gobject/gsignal.c:3675
#17 0x00007ffff753ca36 in on_signal_received
    (connection=<optimized out>, sender_name=0x7fffe0012020 ":1.173", object_path=<optimized out>, interface_name=<optimized out>, signal_name=0x7fffe0016f40 "GetPackagesFinished", parameters=0x7fffe000dd00, user_data=0x5555558c0430) at ../glib/gio/gdbusproxy.c:890
#18 0x00007ffff7527fa8 in emit_signal_instance_in_idle_cb (data=0x7fffe000fd30) at ../glib/gio/gdbusconnection.c:3802
#19 0x00007ffff6ddaf69 in g_main_dispatch (context=0x55555561c6a0) at ../glib/glib/gmain.c:3476
#20 0x00007ffff6e393a7 in g_main_context_dispatch_unlocked (context=0x55555561c6a0) at ../glib/glib/gmain.c:4284
#21 g_main_context_iterate_unlocked.isra.0 (context=0x55555561c6a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4349
#22 0x00007ffff6ddbb97 in g_main_loop_run (loop=0x55555581f6d0) at ../glib/glib/gmain.c:4551
#23 0x00007ffff77ed2bf in gtk_main () at ../gtk/gtk/gtkmain.c:1329
#24 0x000055555555fbcb in main (argc=<optimized out>, argv=<optimized out>) at src/kalu/main.c:1703

This dump shows clearly that there was a buffer overflow after a call to snprintf.

Rhinoceros commented on 2024-03-18 00:53 (UTC)

@archtom Done. Thanks for letting us know.

archtom commented on 2024-03-17 19:00 (UTC)

I am getting that the package is incompatible for aarch64 systems. Can you please add aarch64 to the "arch" section? Thanks

simona commented on 2024-03-16 10:04 (UTC)

thx :-) very fast.

jansuX2 commented on 2024-03-16 09:29 (UTC)

crashes or hangs while trying to update the system: *** buffer overflow detected ***: terminated

Also, I confirm that right-clicking it to bring up the menu doesn't work on Wayland.

Rhinoceros commented on 2024-03-16 04:23 (UTC)

Errmmmm.... that's crazy talk! 😓

Thanks for the hint. All working now and new PKGBUILD has been pushed.

Thulinma commented on 2024-03-16 03:51 (UTC)

Have you, eh, updated to pacman 6.1 first? ^_^

Arch Linux User Repository

Search Criteria

Package Details: kalu-kde 4.5.2-2

Package Actions

Dependencies (11)

Required by (0)

Sources (1)

Latest Comments

jghodd commented on 2024-03-29 22:05 (UTC) (edited on 2024-03-29 22:19 (UTC) by jghodd)