Please update the Gcc13 package in suse 15.5 as the current one has a potential bad bug

RoyBellingan2 · February 12, 2024, 12:05pm

There is a bug in the currently shipped GCC 13.2.1 20230912 [revision b96e66fd4ef3e36983969fb8cdd1956f551a074b]

Using this minimal example

#include <crypt.h>
#include <stdio.h>
#include <string.h>

int main()
{
    struct crypt_data data;
    auto le0 = sizeof(data);
    memset(&data, 0, le0);

    char* cr = crypt_r( "ciao", "$5$12345678", &data);

    auto le1 = strlen(cr);
    printf("%s long %i \n",cr, le1);
}

If compiled with
cc-13 -fsanitize=address -fno-omit-frame-pointer cry.c -lcrypt

Will produce

==28139==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f3fcac08020 at pc 0x7f3fccc87061 bp 0x7ffc2418d5b0 sp 0x7ffc2418cd70
WRITE of size 131232 at 0x7f3fcac08020 thread T0
    #0 0x7f3fccc87060  (/usr/lib64/libasan.so.8+0x87060) (BuildId: 61fead64e5783cda1359a1c30da2e9bab14d1e46)
    #1 0x4009b2 in main (/root/cry/a.out+0x4009b2) (BuildId: c5a8654f22a63f31fcbdb9305ff4564467543292)
    #2 0x7f3fcca3e24c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: f732026552f6adff988b338e92d466bc81a01c37)
    #3 0x400809 in _start ../sysdeps/x86_64/start.S:120

Address 0x7f3fcac08020 is located in stack of thread T0 at offset 32800 in frame
    #0 0x4008c5 in main (/root/cry/a.out+0x4008c5) (BuildId: c5a8654f22a63f31fcbdb9305ff4564467543292)

  This frame has 1 object(s):
    [32, 32800) 'data' (line 7) <== Memory access at offset 32800 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib64/libasan.so.8+0x87060) (BuildId: 61fead64e5783cda1359a1c30da2e9bab14d1e46)

If using the stock gcc 7.5 it works fine.

if using the tumbleweed gcc 13.2.1 20231130 [revision 741743c028dc00f27b9c8b1d5211c1f602f2fddd] works fine too.

I think is just a matter to update the compiler version to a more recent one (the suse 15.5 is using a 2 month older one than tumbleweed)

(using the crypt version, the one non thread safe never trigger the error)

IF not using libasan, sometimes the returned value is correct, sometimes is garbage.

hui · February 12, 2024, 12:27pm

This is the user forum. You need to raise a bugreport:
https://bugzilla.opensuse.org/

RoyBellingan2 · February 12, 2024, 12:34pm

For the record was already reported as
https://bugzilla.opensuse.org/show_bug.cgi?id=1219520

hcvv · February 12, 2024, 12:53pm

Then why do you ask here your fellow users to “Please update …”? How do you think they can?