[PATCH] fixdep: avoid underflow when end of entry doesn't coincide with EOF

Arsen Arsenović arsen at gentoo.org
Thu Feb 23 13:35:41 UTC 2023 

Hi Bernhard,

Bernhard Reutner-Fischer <rep.dot.nop at gmail.com> writes:

> Hi Arsen!
>
> On Tue, 21 Feb 2023 20:20:31 +0100
> Arsen Arsenović <arsen at gentoo.org> wrote:
>
>> Bug: https://bugs.gentoo.org/893776
>> Closes: https://bugs.busybox.net/show_bug.cgi?id=15326
>> Signed-off-by: Arsen Arsenović <arsen at gentoo.org>
>> ---
>> Hi,
>> 
>> This is a fix for the recently reported scandep-related build failure.
>> The linked Gentoo bug also includes a write-up explaining how the error
>> happens.
>
> I think we lifted fixdep from the kernel, either
> linux/scripts/basic/fixdep.c
> or
> linux/tools/build/fixdep.c
>
> Can you see if we diverged in other ways, too, or if any of the linux
> ones suffer from the same problem?

The Linux one appears to not exhibit the crash on this edge case:

  /tmp/busybox $ ../linux/scripts/basic/fixdep foo \
                 scripts/kconfig/kxgettext.o \
                 foobar
  <snip>
  /tmp/busybox $ scripts/basic/fixdep foo \
                 scripts/kconfig/kxgettext.o \
                 foobar
  <snip>
  *** buffer overflow detected ***: terminated
  Aborted (core dumped)
  /tmp/busybox 134 $

I hadn't checked there before, since I didn't realize this was shared
code.

> That said, i think it would be worthwhile (and overdue) to update our
> kconfig as a whole, but that's some work..
>
> In f3d1e213fef45ba2df4090e9cd02217d1ef82f00 i pulled check-lxdialog
> from linux-2.6.26
> I guess Denys used kconfig from around 2.6.17 initially and i fear we
> never really updated it in busybox. I did update it in buildroot once
> or twice and, way back then, stored the buildroot specific diff to ease
> future updates. But i fear we never did this in busybox :-/ But checking
> 7d219aab70e6951ab82c27c202cac05016696723 against the one in 2.6.17-ish
> might be a start. Or, of course, just sit down and do a sweeping update
> to the current kconfig and bring forward the necessary busybox specific
> bits. Maybe someone volunteers to have a look?

fixdep.c seems to have accumulated a lot of change over the years
indeed, it's even using mmap now!  It's indeed probably worthwhile
updating.  The patch I posted could still be a useful hotfix in the
meanwhile, but I'm afraid that I can't help much with Kconfig, it mostly
goes over my head :)

Thanks, have a lovely day.
-- 
Arsen Arsenović
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 381 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20230223/5aa24e52/attachment.asc>

More information about the busybox mailing list