Follow-up Comment #11, bug #66209 (group screen): The root cause for the issue is in the source code of the upstream version, see lines 458-468 in attacher.c (SendCmdMessage):
p = m.m.command.cmd; n = 0; for (; *av && n < MAXARGS - 1; ++av, ++n) { size_t len; len = strlen(*av) + 1; if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) - 1) break; strncpy(p, *av, MAXPATHLEN); p += len; } *p = 0; In the strcpy call, the size of the buffer is not adjusted when the pointer is advanced. This is normally fine since there is a sufficient bounds check before the execution of strcpy. However, the code above will not work when _FORTIFY_SOURCE is defined, which inserts an automatically generated bounds check for the strncpy. The autogenerated check will compute the remaining size of the buffer as the distance from p to the end of the buffer, and check it against MAXPATHLEN, which will fail in the second loop iteration. So this is not solely an arch issue, I can confirm the same when I build the program according to the instructions on Ubuntu 24.04, I assume both distributions somehow enable _FORTIFY_SOURCE by default. This could be solved by using strncpy(p, *av, MAXPATHLEN-len) instead. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?66209> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
signature.asc
Description: PGP signature