NetBSD Problem Report #59234
From tsutsui@ceres.dti.ne.jp Sun Mar 30 04:57:19 2025
Return-Path: <tsutsui@ceres.dti.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 161BB1A9239
for <gnats-bugs@gnats.NetBSD.org>; Sun, 30 Mar 2025 04:57:19 +0000 (UTC)
Message-Id: <202503300457.52U4vCxA013710@ceres.dti.ne.jp>
Date: Sun, 30 Mar 2025 13:57:12 +0900 (JST)
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Reply-To: tsutsui@ceres.dti.ne.jp
To: gnats-bugs@NetBSD.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: pmax/stand/netboot build fails with "buffer overflow detected"
X-Send-Pr-Version: 3.95
>Number: 59234
>Category: port-pmax
>Synopsis: pmax/stand/netboot build fails with "buffer overflow detected"
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: tsutsui
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 30 05:00:01 +0000 2025
>Closed-Date: Wed Sep 24 15:41:19 +0000 2025
>Last-Modified: Wed Sep 24 15:41:19 +0000 2025
>Originator: Izumi Tsutsui
>Release: NetBSD 10.99.12
>Organization:
>Environment:
System: NetBSD -current
Architecture: mipsel
Machine: pmax
>Description:
Building NetBSD/pmax -current on ubuntu 24.04 LTS (on GitHub CI) fails
in src/sys/arch/pmax/stand/netboot:
---
text data bss dec hex filename
72928 624 1384 74936 124b8 netboot
Creating ECOFF binary... *** buffer overflow detected ***: terminated
Aborted (core dumped)
--- netboot ---
---
With elf2ecoff.c with debug=1 on another ubuntu 24.04 host shows:
---
making sure the sa library is up to date...
`libsa.a' is up to date.
making sure the z library is up to date...
`libz.a' is up to date.
making sure the kern library is up to date...
`libkern.a' is up to date.
/home/tsutsui/netbsd-src/obj.pmax/tooldir.Linux-6.8.0-49-generic-x86_64/bin/mipsel--netbsd-ld -Map netboot.map -N -x -Ttext 0x80710000 -T /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/../../../../arch/mips/conf/stand.ldscript -e start -o netboot start.o boot.o bootinfo.o callvec.o clock.o conf.o devopen.o dev_net.o if_prom.o putchar.o rz.o bootinit.o bootread.o getchar.o startprog.o vers.o /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/sa/libsa.a /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/z/libz.a /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/sa/libsa.a /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/kern/libkern.a
text data bss dec hex filename
72928 624 1384 74936 124b8 netboot
Creating ECOFF binary... combining PH 0 type 1 flags 0x7 with data, ndata = 73568, nbss =1392
skipping PH 1 type 0x70000000 flags 0x4
skipping PH 2 type 0x70000003 flags 0x4
wrote 20 byte file header.
wrote 56 byte a.out header.
wrote 240 bytes of section headers.
wrote 4 byte pad.
writing 73568 bytes...
writing syms at offset 0x12100
*** buffer overflow detected ***: terminated
Aborted (core dumped)
*** Failed target: netboot
*** Failed command: /home/tsutsui/netbsd-src/obj.pmax/tooldir.Linux-6.8.0-49-generic-x86_64/bin/nbmips-elf2ecoff netboot.elf netboot
*** Error code 134
Stop.
nbmake: stopped making "all" in /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot
---
>How-To-Repeat:
"sh build.sh -U -m pmax release" on ubuntu 24.04.
>Fix:
The message "*** buffer overflow detected ***" seems from
__strcpy_chk() so "malloc(elfp->stringsize)" in translate_syms()
is not enough?
---
Izumi Tsutsui
>Release-Note:
>Audit-Trail:
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: port-pmax/59234: pmax/stand/netboot build fails with "buffer overflow detected"
Date: Sun, 30 Mar 2025 06:12:34 -0000 (UTC)
tsutsui@ceres.dti.ne.jp (Izumi Tsutsui) writes:
>writing syms at offset 0x12100
>*** buffer overflow detected ***: terminated
>Aborted (core dumped)
>The message "*** buffer overflow detected ***" seems from
>__strcpy_chk() so "malloc(elfp->stringsize)" in translate_syms()
>is not enough?
A string table is allowed to reference strings multiple times
(maybe not possible for symbol names) and also to reference
substrings (so names like 'bar\0' and 'foobar\0' may overlap).
No idea if a compiler or linker would create such a thing. But
if that is true, you need to iterate twice over the symbols
to determine the target size and to copy the strings.
Responsible-Changed-From-To: port-pmax-maintainer->tsutsui
Responsible-Changed-By: tsutsui@NetBSD.org
Responsible-Changed-When: Fri, 12 Sep 2025 19:24:10 +0000
Responsible-Changed-Why:
take
State-Changed-From-To: open->needs-pullups
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Fri, 12 Sep 2025 19:24:10 +0000
State-Changed-Why:
Affected all supported release branches.
From: "Izumi Tsutsui" <tsutsui@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59234 CVS commit: src/usr.bin/elf2ecoff
Date: Fri, 12 Sep 2025 19:20:47 +0000
Module Name: src
Committed By: tsutsui
Date: Fri Sep 12 19:20:47 UTC 2025
Modified Files:
src/usr.bin/elf2ecoff: elf2ecoff.c
Log Message:
elf2ecoff: fix PR port-pmax/59234: "buffer overflow detected" problem.
Explicitly calculate a size of the target ECOFF string table before
copying symbol strings, as suggested by mlelstv@.
Tested "build.sh -U -m pmax release" on ubuntu 24.04.2:
---
% ./nbmips-elf2ecoff netboot.elf netboot
combining PH 0 type 1 flags 0x7 with data, ndata = 73568, nbss =1392
skipping PH 1 type 0x70000000 flags 0x4
skipping PH 2 type 0x70000003 flags 0x4
wrote 20 byte file header.
wrote 56 byte a.out header.
wrote 240 bytes of section headers.
wrote 4 byte pad.
writing 73568 bytes...
writing syms at offset 0x12100
2605 (0xa2d) bytes ELF string table
2705 (0xa91) bytes required for ECOFF string table
2705 (0xa91) bytes used for ECOFF string table
writing symhdr for 258 entries at offset 0x120a0
ECOFF symhdr: symhdr 60, strsize a91, symsize 1020
---
Should be pulled up to netbsd-9, netbsd-10, and netbsd-11.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/usr.bin/elf2ecoff/elf2ecoff.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59234 CVS commit: [netbsd-11] src/usr.bin/elf2ecoff
Date: Tue, 23 Sep 2025 16:01:28 +0000
Module Name: src
Committed By: martin
Date: Tue Sep 23 16:01:28 UTC 2025
Modified Files:
src/usr.bin/elf2ecoff [netbsd-11]: elf2ecoff.c
Log Message:
Pull up following revision(s) (requested by tsutsui in ticket #34):
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.37
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.38
elf2ecoff: fix PR port-pmax/59234: "buffer overflow detected" problem.
Explicitly calculate a size of the target ECOFF string table before
copying symbol strings, as suggested by mlelstv@.
Tested "build.sh -U -m pmax release" on ubuntu 24.04.2:
---
% ./nbmips-elf2ecoff netboot.elf netboot
combining PH 0 type 1 flags 0x7 with data, ndata = 73568, nbss =1392
skipping PH 1 type 0x70000000 flags 0x4
skipping PH 2 type 0x70000003 flags 0x4
wrote 20 byte file header.
wrote 56 byte a.out header.
wrote 240 bytes of section headers.
wrote 4 byte pad.
writing 73568 bytes...
writing syms at offset 0x12100
2605 (0xa2d) bytes ELF string table
2705 (0xa91) bytes required for ECOFF string table
2705 (0xa91) bytes used for ECOFF string table
writing symhdr for 258 entries at offset 0x120a0
ECOFF symhdr: symhdr 60, strsize a91, symsize 1020
---
s/estimate/compute/
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.36.2.1 src/usr.bin/elf2ecoff/elf2ecoff.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Tue, 23 Sep 2025 16:32:56 +0000
State-Changed-Why:
[pullup-9 #1968] [pullup-10 #1162] [pullup-11 #34 (done)]
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59234 CVS commit: [netbsd-10] src/usr.bin/elf2ecoff
Date: Tue, 23 Sep 2025 16:34:38 +0000
Module Name: src
Committed By: martin
Date: Tue Sep 23 16:34:38 UTC 2025
Modified Files:
src/usr.bin/elf2ecoff [netbsd-10]: elf2ecoff.c
Log Message:
Pull up following revision(s) (requested by tsutsui in ticket #1162):
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.34
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.35
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.36
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.37
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.38
fix few typos in comments and log messages.
s/sharable/shareable in comments and documentation.
Revert "debug" variable to global to override it on debugger etc.
elf2ecoff: fix PR port-pmax/59234: "buffer overflow detected" problem.
Explicitly calculate a size of the target ECOFF string table before
copying symbol strings, as suggested by mlelstv@.
Tested "build.sh -U -m pmax release" on ubuntu 24.04.2:
---
% ./nbmips-elf2ecoff netboot.elf netboot
combining PH 0 type 1 flags 0x7 with data, ndata = 73568, nbss =1392
skipping PH 1 type 0x70000000 flags 0x4
skipping PH 2 type 0x70000003 flags 0x4
wrote 20 byte file header.
wrote 56 byte a.out header.
wrote 240 bytes of section headers.
wrote 4 byte pad.
writing 73568 bytes...
writing syms at offset 0x12100
2605 (0xa2d) bytes ELF string table
2705 (0xa91) bytes required for ECOFF string table
2705 (0xa91) bytes used for ECOFF string table
writing symhdr for 258 entries at offset 0x120a0
ECOFF symhdr: symhdr 60, strsize a91, symsize 1020
---
s/estimate/compute/
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.33.22.1 src/usr.bin/elf2ecoff/elf2ecoff.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59234 CVS commit: [netbsd-9] src/usr.bin/elf2ecoff
Date: Tue, 23 Sep 2025 16:37:05 +0000
Module Name: src
Committed By: martin
Date: Tue Sep 23 16:37:05 UTC 2025
Modified Files:
src/usr.bin/elf2ecoff [netbsd-9]: elf2ecoff.c
Log Message:
Pull up following revision(s) (requested by tsutsui in ticket #1968):
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.34
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.35
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.36
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.37
usr.bin/elf2ecoff/elf2ecoff.c: revision 1.38
fix few typos in comments and log messages.
s/sharable/shareable in comments and documentation.
Revert "debug" variable to global to override it on debugger etc.
elf2ecoff: fix PR port-pmax/59234: "buffer overflow detected" problem.
Explicitly calculate a size of the target ECOFF string table before
copying symbol strings, as suggested by mlelstv@.
Tested "build.sh -U -m pmax release" on ubuntu 24.04.2:
---
% ./nbmips-elf2ecoff netboot.elf netboot
combining PH 0 type 1 flags 0x7 with data, ndata = 73568, nbss =1392
skipping PH 1 type 0x70000000 flags 0x4
skipping PH 2 type 0x70000003 flags 0x4
wrote 20 byte file header.
wrote 56 byte a.out header.
wrote 240 bytes of section headers.
wrote 4 byte pad.
writing 73568 bytes...
writing syms at offset 0x12100
2605 (0xa2d) bytes ELF string table
2705 (0xa91) bytes required for ECOFF string table
2705 (0xa91) bytes used for ECOFF string table
writing symhdr for 258 entries at offset 0x120a0
ECOFF symhdr: symhdr 60, strsize a91, symsize 1020
---
s/estimate/compute/
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.33.14.1 src/usr.bin/elf2ecoff/elf2ecoff.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Wed, 24 Sep 2025 15:41:19 +0000
State-Changed-Why:
Done.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home