Experimental Physics and Industrial Control System
During an upgrade of our build system, I encountered this error:
*** buffer overflow detected ***: terminated
[1] 2022546 IOT instruction (core dumped) ./result/bin/softIoc
-S -d nixos/tests/archiver-appliance/test.db
After a bit of debugging, I found that _FORTIFY_SOURCE=3 was enabled by
default, which caused extra checks to be done in `strcpy`, which failed
in this particular instance:
1. running `softIoc -S -d test.db` (see attachments for the .db file)
2. EPICS reads the calcExample record
3. EPICS calls dbAllocRecord
4. EPICS initialize the CALC field
5. EPICS copies the initial value of CALC `"0"` to the alloc'ed record
6. crash because overflow detected
See the backtrace in the attachments.
This is weird because the CALC value is a char[80], so there shouldn't
be any overflow.
Can anyone reproduce? Can anyone see why this crashes?
In the meantime, I'll just fall back to _FORTIFY_SOURCE=2
Thanks a lot, and have a great day.
--
Rémi NICOLE <remi.nicole at cea.fr>
CEA/DRF/IRFU/DIS/LDISC
# Adapted from: https://github.com/epics-base/epics-base/blob/524f81b8bd147bb714c9ea7b7462b8912a134246/modules/database/src/template/top/exampleApp/Db/dbExample1.db
# To test regularly changing records
record(ai, "aiExample")
{
field(DESC, "Analog input")
field(INP, "calcExample.VAL NPP NMS")
field(EGUF, "10")
field(EGU, "Counts")
field(HOPR, "10")
field(LOPR, "0")
field(HIHI, "8")
field(HIGH, "6")
field(LOW, "4")
field(LOLO, "2")
field(HHSV, "MAJOR")
field(HSV, "MINOR")
field(LSV, "MINOR")
field(LLSV, "MAJOR")
}
record(calc, "calcExample") {
field(DESC, "Counter")
field(SCAN, "1 second")
field(FLNK, "aiExample")
field(CALC, "(A<B)?(A+C):D")
field(INPA, "calcExample.VAL NPP NMS")
field(INPB, "9")
field(INPC, "1")
field(INPD, "0")
field(EGU, "Counts")
field(HOPR, "10")
field(HIHI, "8")
field(HIGH, "6")
field(LOW, "4")
field(LOLO, "2")
field(HHSV, "MAJOR")
field(HSV, "MINOR")
field(LSV, "MINOR")
field(LLSV, "MAJOR")
}
# To test "static" records
record(ai, "static") {
field(VAL, "1")
}
# To test the ADEL field
record(ai, "staticDeadband") {
field(VAL, 0)
field(ADEL, 5)
}
# To test "static", but regularly processed records
record(ai, "staticProcessed") {
field(VAL, 0)
field(SCAN, "1 second")
field(ADEL, -1)
}
# To test waveforms
record(waveform, "waveform") {
field(NELM, 10)
}
#0 0x00007ffff78a4d7c in __pthread_kill_implementation () from /nix/store/j6mwswpa6zqhdm1lm2lv9iix3arn774g-glibc-2.38-27/lib/libc.so.6
#1 0x00007ffff78559c6 in raise () from /nix/store/j6mwswpa6zqhdm1lm2lv9iix3arn774g-glibc-2.38-27/lib/libc.so.6
#2 0x00007ffff783e8fa in abort () from /nix/store/j6mwswpa6zqhdm1lm2lv9iix3arn774g-glibc-2.38-27/lib/libc.so.6
#3 0x00007ffff783f767 in __libc_message.cold () from /nix/store/j6mwswpa6zqhdm1lm2lv9iix3arn774g-glibc-2.38-27/lib/libc.so.6
#4 0x00007ffff79337f9 in __fortify_fail () from /nix/store/j6mwswpa6zqhdm1lm2lv9iix3arn774g-glibc-2.38-27/lib/libc.so.6
#5 0x00007ffff79331b4 in __chk_fail () from /nix/store/j6mwswpa6zqhdm1lm2lv9iix3arn774g-glibc-2.38-27/lib/libc.so.6
#6 0x00007ffff7f40b91 in strcpy (__src=0x45f770 "0", __dest=0x4d1be8 "")
at /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-glibc-2.38-27-dev/include/bits/string_fortified.h:79
#7 dbAllocRecord (pdbentry=pdbentry@entry=0x422638, precordName=precordName@entry=0x422578 "calcExample") at ../dbStatic/dbStaticRun.c:125
#8 0x00007ffff7f3635f in dbCreateRecord (pdbentry=pdbentry@entry=0x422638, precordName=precordName@entry=0x422578 "calcExample")
at ../dbStatic/dbStaticLib.c:1441
#9 0x00007ffff7f3b237 in dbRecordHead (recordType=recordType@entry=0x4225d8 "calc", name=name@entry=0x422578 "calcExample", visible=visible@entry=0)
at ../dbStatic/dbLexRoutines.c:1132
#10 0x00007ffff7f3dd14 in dbRecordHead (visible=0, name=0x422578 "calcExample", recordType=0x4225d8 "calc") at ../dbStatic/dbLexRoutines.c:1104
#11 yyparse () at ../dbStatic/dbYacc.y:234
#12 pvt_yy_parse () at ../dbStatic/dbYacc.y:395
#13 dbReadCOM (ppdbbase=ppdbbase@entry=0x7ffff7f77da0 <pdbbase>, filename=filename@entry=0x7fffffffbe5c "nixos/tests/archiver-appliance/test.db",
fp=fp@entry=0x0, path=path@entry=0x0, substitutions=substitutions@entry=0x7fffffffb6c0 "") at ../dbStatic/dbLexRoutines.c:294
#14 0x00007ffff7f3f74d in dbReadDatabase (ppdbbase=ppdbbase@entry=0x7ffff7f77da0 <pdbbase>,
filename=filename@entry=0x7fffffffbe5c "nixos/tests/archiver-appliance/test.db", path=path@entry=0x0, substitutions=substitutions@entry=0x7fffffffb6c0 "")
at ../dbStatic/dbLexRoutines.c:350
#15 0x00007ffff7f0c52d in dbLoadRecords (file=0x7fffffffbe5c "nixos/tests/archiver-appliance/test.db", subs=0x7fffffffb6c0 "") at ../db/dbAccess.c:800
#16 0x0000000000407595 in main (argc=4, argv=0x7fffffffb888)
at /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-gcc-12.3.0/include/c++/12.3.0/bits/basic_string.h:233
- Navigate by Date:
- Prev:
Build failed: epics-base base-win32_static_set_thread_names-55 AppVeyor via Core-talk
- Next:
Build failed: EPICS Base 7 base-7.0-1096 AppVeyor via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
<2024>
- Navigate by Thread:
- Prev:
Build failed: epics-base base-win32_static_set_thread_names-55 AppVeyor via Core-talk
- Next:
Build failed: EPICS Base 7 base-7.0-1096 AppVeyor via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
<2024>