* [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' [not found] <20181110193319.1273-1-daniel.m@sent.com> @ 2018-11-10 22:30 ` Carlos Santos 2018-11-16 16:35 ` Joel Carlson 0 siblings, 1 reply; 5+ messages in thread From: Carlos Santos @ 2018-11-10 22:30 UTC (permalink / raw) To: buildroot > From: "Daniel Mentz" <daniel.m@sent.com> > To: "buildroot" <buildroot@buildroot.org> > Cc: "ratbert90" <aduskett@gmail.com>, "DATACOM" <casantos@datacom.com.br>, "Daniel Mentz" <daniel.m@sent.com> > Sent: S?bado, 10 de novembro de 2018 17:33:19 > Subject: [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' > Building busybox for arm64 generates the following warning message: > > libbb/get_line_from_file.c: In function ?xmalloc_fgets?: > libbb/get_line_from_file.c:52:38: warning: passing argument 2 of > ?bb_get_chunk_from_file? from incompatible pointer type > [-Wincompatible-pointer-types] > return bb_get_chunk_from_file(file, &i); > ^ > libbb/get_line_from_file.c:13:17: note: expected ?size_t * {aka long unsigned > int *}? but argument is of type ?int *? > char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t *end) > ^~~~~~~~~~~~~~~~~~~~~~ > > As it turned out, this is a real bug that leads to stack corruption. > The following command crashed on my device due to a NULL pointer being > derefenced. That pointer turned out to be a victim of the stack > corruption. > > /sbin/ifup -a > > The affected pointer was liface in ifupdown_main(). The crash occured on > the following line: > > if (strcmp(liface, currif->iface) == 0) { > > liface should have pointed to "eth0" but got corrupted. > > Signed-off-by: Daniel Mentz <daniel.m@sent.com> > --- > ..._fgets-use-size_t-for-bb_get_chunk_f.patch | 27 +++++++++++++++++++ > 1 file changed, 27 insertions(+) > create mode 100644 > package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > > diff --git > a/package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > b/package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > new file mode 100644 > index 0000000000..62e7cf6c3d > --- /dev/null > +++ > b/package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > @@ -0,0 +1,27 @@ > +From 22a99516206b33b7ae124d426319bab03d5c8309 Mon Sep 17 00:00:00 2001 > +From: Denys Vlasenko <vda.linux@googlemail.com> > +Date: Sun, 2 Sep 2018 18:48:09 +0200 > +Subject: [PATCH] libbb: in xmalloc_fgets(), use size_t for > + bb_get_chunk_from_file() > + > +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> > +--- > + libbb/get_line_from_file.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/libbb/get_line_from_file.c b/libbb/get_line_from_file.c > +index 49ef093c2..903ff1fb6 100644 > +--- a/libbb/get_line_from_file.c > ++++ b/libbb/get_line_from_file.c > +@@ -47,7 +47,7 @@ char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t > *end) > + /* Get line, including trailing \n if any */ > + char* FAST_FUNC xmalloc_fgets(FILE *file) > + { > +- int i; > ++ size_t i; > + > + return bb_get_chunk_from_file(file, &i); > + } > +-- > +2.17.1 > + > -- > 2.17.1 Busybox 1.29.3, which is on Buildroot master since commit 77497f5497, aleady has this fix: Applying 0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch using patch: patching file libbb/get_line_from_file.c Reversed (or previously applied) patch detected! Skipping patch. What Busybox version are you using? Perhaps your patch could be applied on the LTS branches but I think we should just bump it to 1.29.3 on those branches too. Peter? -- Carlos Santos (Casantos) - DATACOM, P&D ?Marched towards the enemy, spear upright, armed with the certainty that only the ignorant can have.? ? Epitaph of a volunteer ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' 2018-11-10 22:30 ` [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' Carlos Santos @ 2018-11-16 16:35 ` Joel Carlson 2018-11-16 19:29 ` Peter Korsgaard 0 siblings, 1 reply; 5+ messages in thread From: Joel Carlson @ 2018-11-16 16:35 UTC (permalink / raw) To: buildroot On Sat, Nov 10, 2018 at 3:30 PM Carlos Santos <casantos@datacom.com.br> wrote: > > > From: "Daniel Mentz" <daniel.m@sent.com> > > To: "buildroot" <buildroot@buildroot.org> > > Cc: "ratbert90" <aduskett@gmail.com>, "DATACOM" <casantos@datacom.com.br>, "Daniel Mentz" <daniel.m@sent.com> > > Sent: S?bado, 10 de novembro de 2018 17:33:19 > > Subject: [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' > > > Building busybox for arm64 generates the following warning message: > > > > libbb/get_line_from_file.c: In function ?xmalloc_fgets?: > > libbb/get_line_from_file.c:52:38: warning: passing argument 2 of > > ?bb_get_chunk_from_file? from incompatible pointer type > > [-Wincompatible-pointer-types] > > return bb_get_chunk_from_file(file, &i); > > ^ > > libbb/get_line_from_file.c:13:17: note: expected ?size_t * {aka long unsigned > > int *}? but argument is of type ?int *? > > char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t *end) > > ^~~~~~~~~~~~~~~~~~~~~~ > > > > As it turned out, this is a real bug that leads to stack corruption. > > The following command crashed on my device due to a NULL pointer being > > derefenced. That pointer turned out to be a victim of the stack > > corruption. > > > > /sbin/ifup -a > > > > The affected pointer was liface in ifupdown_main(). The crash occured on > > the following line: > > > > if (strcmp(liface, currif->iface) == 0) { > > > > liface should have pointed to "eth0" but got corrupted. > > > > Signed-off-by: Daniel Mentz <daniel.m@sent.com> > > --- > > ..._fgets-use-size_t-for-bb_get_chunk_f.patch | 27 +++++++++++++++++++ > > 1 file changed, 27 insertions(+) > > create mode 100644 > > package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > > > > diff --git > > a/package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > > b/package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > > new file mode 100644 > > index 0000000000..62e7cf6c3d > > --- /dev/null > > +++ > > b/package/busybox/0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch > > @@ -0,0 +1,27 @@ > > +From 22a99516206b33b7ae124d426319bab03d5c8309 Mon Sep 17 00:00:00 2001 > > +From: Denys Vlasenko <vda.linux@googlemail.com> > > +Date: Sun, 2 Sep 2018 18:48:09 +0200 > > +Subject: [PATCH] libbb: in xmalloc_fgets(), use size_t for > > + bb_get_chunk_from_file() > > + > > +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> > > +--- > > + libbb/get_line_from_file.c | 2 +- > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > + > > +diff --git a/libbb/get_line_from_file.c b/libbb/get_line_from_file.c > > +index 49ef093c2..903ff1fb6 100644 > > +--- a/libbb/get_line_from_file.c > > ++++ b/libbb/get_line_from_file.c > > +@@ -47,7 +47,7 @@ char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t > > *end) > > + /* Get line, including trailing \n if any */ > > + char* FAST_FUNC xmalloc_fgets(FILE *file) > > + { > > +- int i; > > ++ size_t i; > > + > > + return bb_get_chunk_from_file(file, &i); > > + } > > +-- > > +2.17.1 > > + > > -- > > 2.17.1 > > Busybox 1.29.3, which is on Buildroot master since commit 77497f5497, > aleady has this fix: > > Applying 0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch using patch: > patching file libbb/get_line_from_file.c > Reversed (or previously applied) patch detected! Skipping patch. > > What Busybox version are you using? Perhaps your patch could be > applied on the LTS branches but I think we should just bump it > to 1.29.3 on those branches too. > > Peter? I'm not Peter (obviously), but I'd recommend bumping the buildroot version on any LTS branches still using busybox 1.29.2. I have a branch off of 2018.08, and I was hitting the same segfault issue until I cherry-picked the commit from master that bumps busybox to 1.29.3. The only change between 1.29.2 and 1.29.3 was the commit to fix this issue. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' 2018-11-16 16:35 ` Joel Carlson @ 2018-11-16 19:29 ` Peter Korsgaard 2018-11-19 0:05 ` Daniel Mentz 0 siblings, 1 reply; 5+ messages in thread From: Peter Korsgaard @ 2018-11-16 19:29 UTC (permalink / raw) To: buildroot >>>>> "Joel" == Joel Carlson <JoelsonCarl@gmail.com> writes: Hi, >> Busybox 1.29.3, which is on Buildroot master since commit 77497f5497, >> aleady has this fix: >> >> Applying 0004-libbb-in-xmalloc_fgets-use-size_t-for-bb_get_chunk_f.patch using patch: >> patching file libbb/get_line_from_file.c >> Reversed (or previously applied) patch detected! Skipping patch. >> >> What Busybox version are you using? Perhaps your patch could be >> applied on the LTS branches but I think we should just bump it >> to 1.29.3 on those branches too. >> >> Peter? > I'm not Peter (obviously), but I'd recommend bumping the buildroot > version on any LTS branches still using busybox 1.29.2. I have a > branch off of 2018.08, and I was hitting the same segfault issue until > I cherry-picked the commit from master that bumps busybox to 1.29.3. > The only change between 1.29.2 and 1.29.3 was the commit to fix this > issue. 2018.02.x (our LTS branch) is using 1.27.2 that afaik is not affected by this ifup issue. 2018.08.x still had 1.29.2, so I've bumped that to 1.29.3. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' 2018-11-16 19:29 ` Peter Korsgaard @ 2018-11-19 0:05 ` Daniel Mentz 2018-11-19 7:48 ` Peter Korsgaard 0 siblings, 1 reply; 5+ messages in thread From: Daniel Mentz @ 2018-11-19 0:05 UTC (permalink / raw) To: buildroot On Fri, Nov 16, 2018, at 11:29 AM, Peter Korsgaard wrote: > 2018.08.x still had 1.29.2, so I've bumped that to 1.29.3. You said you bumped busybox on 2018.08.x to 1.29.3? I just ran "git fetch", but I can't see the change in origin/2018.08.x ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' 2018-11-19 0:05 ` Daniel Mentz @ 2018-11-19 7:48 ` Peter Korsgaard 0 siblings, 0 replies; 5+ messages in thread From: Peter Korsgaard @ 2018-11-19 7:48 UTC (permalink / raw) To: buildroot >>>>> "Daniel" == Daniel Mentz <daniel.m@sent.com> writes: > On Fri, Nov 16, 2018, at 11:29 AM, Peter Korsgaard wrote: >> 2018.08.x still had 1.29.2, so I've bumped that to 1.29.3. > You said you bumped busybox on 2018.08.x to 1.29.3? I just ran "git > fetch", but I can't see the change in origin/2018.08.x Ups, it never got pushed. It is there now: https://git.buildroot.net/buildroot/commit/?h=2018.08.x&id=1eaf77e729a57b176c1a25bb2855f4974b6ab9b0 -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-11-19 7:48 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <20181110193319.1273-1-daniel.m@sent.com> 2018-11-10 22:30 ` [Buildroot] [PATCH 1/1] busybox: add patch to fix seg fault in 'ifup -a' Carlos Santos 2018-11-16 16:35 ` Joel Carlson 2018-11-16 19:29 ` Peter Korsgaard 2018-11-19 0:05 ` Daniel Mentz 2018-11-19 7:48 ` Peter Korsgaard
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.