After the last tint2 update to version 17.0.2-4, if any .desktop file in /usr/share/applications has a "%F" in the exec statement (geany.desktop for example), tint2 crashes reporting this error:
*** buffer overflow detected ***: terminated
this happens with default tintrc. Tint2 crashes also with my customized tint2rc, with no launcher.
tint2conf also crash with the same error.
I already reported this bug to arch forum here (https://bbs.archlinux.org/viewtopic.php?pid=2168820#p2168820) and the problem seems affect only artix.
I have tint2-17.0.2-4 running in a pure openbox environment and I don't seem to have this problem in Arch or Artix. I'm not sure that the desktop files are being used though. I did have the buffer overflow issue a while back, but that was to do with conky and I thought there were mitigations put into tint2 to address that.
Edit: I retested in Arch and Artix using
xdg-open /usr/share/applications/vim.desktop
and see no issues with tint2.
I am using tint2 17.0.2-4 about 3 weeks now and I don't have any troubles. Did you try to downgrade tint2 to be sure that's the problem?
I downgraded and with previous version i have no problems.
I encountered this problem with 2 pc, the first one is running artix for about two years, the second is a fresh install i made last week.
The desktop file are used by tint2 launchers. Tint2 crash at starup if there are some launchers referring to desktop file containg the %F string, when tint2 parse them at startup.
I'm not using conky, and the patch applied to the last tint2 update was intended to correct also this problem.
Anyway in the post in the Arch forum there are all the information needed by developers to address this issue.
Yes, when I choose one of conf files in tint2conf it crashes with "buffer overflow". I don't use launchers in my conf though so tint2 is working all right. Maybe it's build issue.
i suppose it crashes because to make available the applications list to configure the launchers it parses the /usr/share/applications dir.
I tried the default tint2rc ie /etc/xdg/tint2/tint2rc with various desktop launchers with exec lines
Exec=tint2conf
Exec=/usr/lib/firefox/firefox %u
Exec=xfce4-terminal
Exec=/usr/bin/google-chrome-stable %U
Of these only tint2conf causes a crash; the launch fails, but tint2 carries on.
As an experiment I tried using the Arch linux binary package tint2-17.0.2-4-x86_64.pkg.tar.zst in Artix. This seems to work fine and I did not observe a crash with tint2conf. I compared ldds for artix & arch /bin/tint2 I saw no lib version changes (but addresses were different).
I cannot see any difference in the applied fix_segfault.patch. Since tint2conf is part of tint2 perhaps tint2conf is bad in Artix.
Arch's Tint2 also crashes within 1 or 2 minutes on some Artix.systems.
A while ago I did a lot of checking and patching but could never get it stable. These patches work for some use cases but not for others as reported by many, also on non-Arch derivatives.
"The report of my death was an exaggeration." Mark Twain once said; we should not expect to hear the same from Tint2.
artist
well I cloned the artix tint2 repository and installed a newly built pkg. I did not see the crash I saw in the artix built version when clicking on the tint2conf launcher. So far as I know, I have not altered any of the makepkg config. My system is up to date. A difference might be that I am using a ryzen 7 system.
This seems to indicate that the problem lies in the build environment somehow.
I also rebuild tint2 but in my case the "buffer overflow detected" segfault in tint2conf still there. I have an old AMD FX cpu though,
The problem, as suggested by seth in the arch forum, could be in some artix toolchain. I also expicitly installed the arch word repository tint2 package, and it works flawlessy.
The build server has been known to differ slightly from a local build. But never in a way that would affect some users but not others, from what I've seen.
The problem is the the build server now; if the local build could differs for one or all users i think could be a minor problem.
If there is a corruption in some library, like seth suggest in the arch forum post, it is more alarming.....
I have tested the following on two platforms with up to date artix good means that launcher tint2conf did not crash I did not observe crashes with other apps eg firefox xfce4-terminal etc etc.
arch tint2 amd-ryzen7 good intel-i5 good
artix tint2 amd-ryzen7 bad intel-i5 bad
artix ryzen7 build amd-ryzen7 good intel-i5 good
artix i5 build amd-ryzen7 good intel-i5 good
so it seems that the crashes only occur with the artix built package. I did not change any other software except the test launcher app itself which is part of tint2.
EDIT: as an experiment I extracted the artix pkg version of /usr/bin/tint2conf from the artix pkgs. If I do that the tint2conf launch fails.
EDIT:the artix tint2 will not even run if I add the geany.desktop as a launcher. I see the buffer overflow when tint2 is reading the desktop file and tint2 crashes. Artix pkg does not crrash launching a 'good (home built)' tint2conf. Home built pkgs have no problem with geany.
I would bet it's because Artix was built with fortify source 3 and Arch was built with fortify source 2 even though their devtools has fortify source 3.
Is there some test I can try? I'm just building with makepkg and know nothing of fortify?
EDIT: I used arch check sec and see these results
$ checksec --file=/bin/tint2
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols No 4 12 /bin/tint2
$ checksec --file=artix-tint2
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols No 5 13 artix-tint2
tint2 is my self built binary and artix-tint2 is the one from the artix package
EDIT: FWIW the arch tint2 gives this
$ checksec --file=/bin/tint2
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols No 4 12 /bin/tint2
You can export it in the PKGBUIILD. e.g. (excuse the spaces/tabs mismatch)
# Maintainer: Cory Sanin <[email protected]>
# Contributor: Alexander F. Rødseth <[email protected]>
# Contributor: Robin Candau <[email protected]>
# Contributor: Blue Peppers <[email protected]>
# Contributor: Stefan Husmann <[email protected]>
# Contributor: Yannick LM <[email protected]>
pkgname=tint2
pkgver=17.0.2
pkgrel=4
pkgdesc='Basic, good-looking task manager for WMs'
arch=(x86_64)
url='https://gitlab.com/o9000/tint2'
license=(GPL-2.0-only)
depends=(gtk3 imlib2 startup-notification)
makedepends=(cmake git ninja setconf)
source=("git+${url}.git#tag=${pkgver}"
fix_segfault.patch)
sha256sums=('60dcde15ac09508daffe59b9c35244fee771f66ee989193f37d81c823fc643da'
'b7cd2936bb807478bbb356b96879dedbbfc464ed2f930f426a0123e39884f78f')
prepare() {
setconf "${pkgname}/get_version.sh" VERSION="${pkgver}"
# Patch to fix segfault issue when opening some apps like conky, mpv or steam
# See https://gitlab.archlinux.org/archlinux/packaging/packages/tint2/-/issues/1
cd "${pkgname}"
patch -Np1 < "${srcdir}/fix_segfault.patch"
}
build() {
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
mkdir -p build
cd build
cmake ../"${pkgname}" \
-D CMAKE_INSTALL_PREFIX=/usr \
-D ENABLE_TINT2CONF=1 \
-G Ninja
ninja
}
package() {
DESTDIR="${pkgdir}" ninja -C build install
}
Well done Dudemanguy, your suggestion works. For some reason your substitution using bashism did not work for me so I used
export CFLAGS="$(echo ${CFLAGS} | sed -e's/_FORTIFY_SOURCE=2/_FORTIFY_SOURCE=3')"
instead. I checked that CFLAGS did change to =3 and with that local build installed the buffer overflow is present ie using geany.desktop causes tint2 to crash immediately and if I comment that then launching tint2conf starts and crashes the app with tint2 surviving. So Mr Homes your deductions were right on the mark 8) ;D
EDIT: sorry for confusion; your code is about forcing the use of _FORTIFY_SOURCE=2 starting from _FORTIFY_SOURCE=3. On my system makepkg.conf seems to have _FORTIFY_SOURCE=2 and builds seem not to error. So I tried _FORTIFY_SOURCE=3 and I see errors.. Using gdb I see that the crash caused by geany.desktop involves a sprintf somewhere in the launcher code. I need to get symbols involved somehow.
After using gdb with more symbols I see the crash with launcher_item=geany.desktop as
#5 0x00007ffff72ed75b in __GI___fortify_fail (msg=msg@entry=0x7ffff7376148 "buffer overflow detected") at fortify_fail.c:24
#6 0x00007ffff72ed106 in __GI___chk_fail () at chk_fail.c:28
#7 0x00007ffff72ee965 in ___snprintf_chk
(s=s@entry=0x5555555f5106 "%", maxlen=maxlen@entry=118, flag=flag@entry=2, slen=slen@entry=112, format=format@entry=0x5555555a267f "%c%c")
at snprintf_chk.c:29
#8 0x000055555557ca7c in snprintf (__fmt=0x5555555a267f "%c%c", __n=118, __s=0x5555555f5106 "%") at /usr/include/bits/stdio2.h:54
#9 expand_exec (entry=entry@entry=0x7fffffffde10, path=0x5555555eef00 "geany.desktop")
at /home/robin/devel/tint2/src/tint2/src/launcher/apps-common.c:106
#10 0x000055555557ceb7 in read_desktop_file_full_path
(path=path@entry=0x5555555d4840 "/usr/share/applications/geany.desktop", entry=entry@entry=0x7fffffffde10)
at /home/robin/devel/tint2/src/tint2/src/launcher/apps-common.c:219
The code at line apps-common.c:106 looks like
} else if (*p == 'f' || *p == 'F') {
snprintf(q, buf_size, "%c%c", '%', *p);
q += 2;
buf_size -= 2;
q--; // To balance the q++ in the for
} else {......
I can try eliminating the check by using the obvious direct copy character by character.
I am unsure what causes the actual FORTIFY failure at apps-common line 106. My guess is that because the pointer q has no obvious length the check is being overcautious.
I replace the snprintf version with a more explicit code ie
} else if (*p == 'f' || *p == 'F') {
//snprintf(q, buf_size, "%c%c", '%', *p);
if (q+2 >= exec2+buf_size ){
fprintf(stderr,"*** buffer overflow detected at %s:%04d ***\n", __FILE__, __LINE__);
abort();
}
q[0] = '%';
q[1] = *p;
q += 2;
buf_size -= 2;
q--; // To balance the q++ in the for
} else {
and I then see no errors with _FORTIFY_SOURCE=3 neither the geany.desktop or tint2conf.desktop seem to cause me problems. I can probably make a patch, but where do I send it?
Since there's no official tint2 issue tracker maybe just post the patch here. Thanks for the job :-)
here you are; this is only needed for _FORTIFY_SOURCE=3
diff --git a/PKGBUILD b/PKGBUILD
index 76552c2..05e01be 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -15,9 +15,12 @@ license=(GPL-2.0-only)
depends=(gtk3 imlib2 startup-notification)
makedepends=(cmake git ninja setconf)
source=("git+${url}.git#tag=${pkgver}"
- fix_segfault.patch)
+ fix_segfault.patch
+ fix_overflow.patch
+ )
sha256sums=('60dcde15ac09508daffe59b9c35244fee771f66ee989193f37d81c823fc643da'
- 'b7cd2936bb807478bbb356b96879dedbbfc464ed2f930f426a0123e39884f78f')
+ 'b7cd2936bb807478bbb356b96879dedbbfc464ed2f930f426a0123e39884f78f'
+ '9226b30dcec17cf03ac0873d90e5df3619c7e44efc2b527f4cec0ada49ac41cc')
prepare() {
setconf "${pkgname}/get_version.sh" VERSION="${pkgver}"
@@ -25,6 +28,7 @@ prepare() {
# See https://gitlab.archlinux.org/archlinux/packaging/packages/tint2/-/issues/1
cd "${pkgname}"
patch -Np1 < "${srcdir}/fix_segfault.patch"
+ patch -Np1 < "${srcdir}/fix_overflow.patch"
}
build() {
$ cat fix_overflow.patch
--- a/src/launcher/apps-common.c
+++ b/src/launcher/apps-common.c
@@ -104,6 +104,10 @@
q--; // To balance the q++ in the for
} else if (*p == 'f' || *p == 'F') {
- snprintf(q, buf_size, "%c%c", '%', *p);
- q += 2;
+ if (q+2 >= exec2+buf_size ){
+ fprintf(stderr,"*** buffer overflow detected at %s:%04d ***\n", __FILE__, __LINE__);
+ abort();
+ }
+ *q++ = '%';
+ *q++ = *p;
buf_size -= 2;
q--; // To balance the q++ in the for
For anyone interested here is my git diff HEAD against the Artix tint2 gitea; probably would be wise to run updpkgsums if you copy from here.
diff --git a/PKGBUILD b/PKGBUILD
index 76552c2..05e01be 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -15,9 +15,12 @@ license=(GPL-2.0-only)
depends=(gtk3 imlib2 startup-notification)
makedepends=(cmake git ninja setconf)
source=("git+${url}.git#tag=${pkgver}"
- fix_segfault.patch)
+ fix_segfault.patch
+ fix_overflow.patch
+ )
sha256sums=('60dcde15ac09508daffe59b9c35244fee771f66ee989193f37d81c823fc643da'
- 'b7cd2936bb807478bbb356b96879dedbbfc464ed2f930f426a0123e39884f78f')
+ 'b7cd2936bb807478bbb356b96879dedbbfc464ed2f930f426a0123e39884f78f'
+ '9226b30dcec17cf03ac0873d90e5df3619c7e44efc2b527f4cec0ada49ac41cc')
prepare() {
setconf "${pkgname}/get_version.sh" VERSION="${pkgver}"
@@ -25,6 +28,7 @@ prepare() {
# See https://gitlab.archlinux.org/archlinux/packaging/packages/tint2/-/issues/1
cd "${pkgname}"
patch -Np1 < "${srcdir}/fix_segfault.patch"
+ patch -Np1 < "${srcdir}/fix_overflow.patch"
}
build() {
diff --git a/fix_overflow.patch b/fix_overflow.patch
new file mode 100644
index 0000000..5807bea
--- /dev/null
+++ b/fix_overflow.patch
@@ -0,0 +1,15 @@
+--- a/src/launcher/apps-common.c
++++ b/src/launcher/apps-common.c
+@@ -104,6 +104,10 @@
+ q--; // To balance the q++ in the for
+ } else if (*p == 'f' || *p == 'F') {
+- snprintf(q, buf_size, "%c%c", '%', *p);
+- q += 2;
++ if (q+2 >= exec2+buf_size ){
++ fprintf(stderr,"*** buffer overflow detected at %s:%04d ***\n", __FILE__, __LINE__);
++ abort();
++ }
++ *q++ = '%';
++ *q++ = *p;
+ buf_size -= 2;
+ q--; // To balance the q++ in the for
It's a shame that there's no proper artix bugtracker. Maybe an email to current tint2 maintainer?
Ambie I notice that at first you tried a local build that failed. does your /etc/makepkg.conf CFLAGS contain
-D_FORTIFY_SOURCE=2 or -D_FORTIFY_SOURCE=3
The tint2 maintainer is corysanin (https://forum.artixlinux.org/index.php?action=profile;u=2331) and he commented in this thread. If you have -D_FORTIFY_SOURCE=3 and the patch fixes the local build for you then perhaps you can drop him an email to say that this patch fixes an issue for you. It does for me when I use -D_FORTIFY_SOURCE=3
I pushed the patched version to gremlins. Let me know if it works.
It's -D_FORTIFY_SOURCE=3 in my conf. Today I built tint2 with your patch and it works all right.
Just tried it, works for me.