NetBSD Problem Report #59234

From tsutsui@ceres.dti.ne.jp  Sun Mar 30 04:57:19 2025
Return-Path: <tsutsui@ceres.dti.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 161BB1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 30 Mar 2025 04:57:19 +0000 (UTC)
Message-Id: <202503300457.52U4vCxA013710@ceres.dti.ne.jp>
Date: Sun, 30 Mar 2025 13:57:12 +0900 (JST)
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Reply-To: tsutsui@ceres.dti.ne.jp
To: gnats-bugs@NetBSD.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: pmax/stand/netboot build fails with "buffer overflow detected"
X-Send-Pr-Version: 3.95

>Number:         59234
>Category:       port-pmax
>Synopsis:       pmax/stand/netboot build fails with "buffer overflow detected"
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    port-pmax-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 30 05:00:01 +0000 2025
>Last-Modified:  Sun Mar 30 06:15:01 +0000 2025
>Originator:     Izumi Tsutsui
>Release:        NetBSD 10.99.12
>Organization:
>Environment:
System: NetBSD -current
Architecture: mipsel
Machine: pmax
>Description:
Building NetBSD/pmax -current on ubuntu 24.04 LTS (on GitHub CI) fails
in src/sys/arch/pmax/stand/netboot:
---
   text	   data	    bss	    dec	    hex	filename
  72928	    624	   1384	  74936	  124b8	netboot
Creating ECOFF binary... *** buffer overflow detected ***: terminated
Aborted (core dumped)
--- netboot ---
---

With elf2ecoff.c with debug=1 on another ubuntu 24.04 host shows:
---
making sure the sa library is up to date...
`libsa.a' is up to date.
making sure the z library is up to date...
`libz.a' is up to date.
making sure the kern library is up to date...
`libkern.a' is up to date.
/home/tsutsui/netbsd-src/obj.pmax/tooldir.Linux-6.8.0-49-generic-x86_64/bin/mipsel--netbsd-ld -Map netboot.map -N -x -Ttext 0x80710000  -T /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/../../../../arch/mips/conf/stand.ldscript -e start -o netboot start.o boot.o bootinfo.o callvec.o clock.o conf.o devopen.o dev_net.o if_prom.o putchar.o rz.o bootinit.o bootread.o getchar.o startprog.o vers.o /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/sa/libsa.a /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/z/libz.a /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/sa/libsa.a /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot/obj.pmax/lib/kern/libkern.a
   text	   data	    bss	    dec	    hex	filename
  72928	    624	   1384	  74936	  124b8	netboot
Creating ECOFF binary...   combining PH 0 type 1 flags 0x7 with data, ndata = 73568, nbss =1392
  skipping PH 1 type 0x70000000 flags 0x4
  skipping PH 2 type 0x70000003 flags 0x4
wrote 20 byte file header.
wrote 56 byte a.out header.
wrote 240 bytes of section headers.
wrote 4 byte pad.
writing 73568 bytes...
writing syms at offset 0x12100
*** buffer overflow detected ***: terminated
Aborted (core dumped)

*** Failed target:  netboot
*** Failed command: /home/tsutsui/netbsd-src/obj.pmax/tooldir.Linux-6.8.0-49-generic-x86_64/bin/nbmips-elf2ecoff netboot.elf netboot
*** Error code 134

Stop.
nbmake: stopped making "all" in /home/tsutsui/netbsd-src/sys/arch/pmax/stand/netboot
---

>How-To-Repeat:
"sh build.sh -U -m pmax release" on ubuntu 24.04.

>Fix:
The message "*** buffer overflow detected ***" seems from
__strcpy_chk() so "malloc(elfp->stringsize)" in translate_syms()
is not enough?

---
Izumi Tsutsui

>Audit-Trail:
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: port-pmax/59234: pmax/stand/netboot build fails with "buffer overflow detected"
Date: Sun, 30 Mar 2025 06:12:34 -0000 (UTC)

 tsutsui@ceres.dti.ne.jp (Izumi Tsutsui) writes:

 >writing syms at offset 0x12100
 >*** buffer overflow detected ***: terminated
 >Aborted (core dumped)

 >The message "*** buffer overflow detected ***" seems from
 >__strcpy_chk() so "malloc(elfp->stringsize)" in translate_syms()
 >is not enough?


 A string table is allowed to reference strings multiple times
 (maybe not possible for symbol names) and also to reference
 substrings (so names like 'bar\0' and 'foobar\0' may overlap).

 No idea if a compiler or linker would create such a thing. But
 if that is true, you need to iterate twice over the symbols
 to determine the target size and to copy the strings.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.