Bug#1088681: gnome-system-monitor: strcpy overflow inside glibtop_get_disk_l()
Simon McVittie
smcv at debian.org
Fri Nov 29 15:17:44 GMT 2024
Control: retitle -1 gnome-system-monitor: strcpy overflow inside glibtop_get_disk_l()
Control: reassign -1 libgtop-2.0-11 2.41.3-1
Control: affects -1 + gnome-system-monitor
On Sat, 30 Nov 2024 at 00:43:47 +1100, Konomi wrote:
> gnome-system-monitor instantly crashes on my system. coredumpctl shows the
> following information:
...
> #5 0x00007f1d50525d00 __GI___chk_fail (libc.so.6 + 0x11bd00)
> #6 0x00007f1d50527622 __GI___strcpy_chk (libc.so.6 + 0x11d622)
> #7 0x00007f1d52a93304 n/a (libgtop-2.0.so.11 + 0xa304)
> #8 0x00007f1d52a8f92b glibtop_get_disk_l (libgtop-2.0.so.11 +
> 0x692b)
> #9 0x000055ca3c4ede9b n/a (/usr/bin/gnome-system-monitor +
> 0x39e9b)
You were correct to report this to gnome-system-monitor at first, but
this looks like a string buffer overflow inside libgtop being caught by
glibc's "fortify" hardening, so I'm reassigning this to the version of
libgtop you seem to have been using.
Looking at sysdeps/linux/disk.c, there are some unsafe-looking uses of
strcpy() which could well be the problem here.
If you run 'lsblk --output NAME,TYPE -i -n' in a terminal, do any of the
drives that are listed have unusually long values for the name or type?
smcv
More information about the pkg-gnome-maintainers
mailing list