GNOME Bugzilla – Bug 788495
make check fails on 32bit x86 and armhf with musl libc (Stable component GUIDs)
Last modified: 2020-11-17 13:09:33 UTC
Created attachment 360893 [details] testsuite.log ## ------------------------- ## ## msitools 0.97 test suite. ## ## ------------------------- ## ... wixl 16: Invalid command line ok 17: WiX tutorial SampleFirst ok 18: SampleUser ok 19: SampleMachine ok 20: Stable component GUIDs FAILED (wixl.at:55) 21: WiX tutorial SampleFragment ok 22: Preprocessor variables ok 23: Preprocessor include & condition ok 24: System include directory ok 25: ARP example ok 26: Binary/CustomAction ok Similar happens with armhf. Does not happen on x86_64, ppc64le and s390x, so it seems to only affect 32 bit systems.
seems like msiinfo crashes. I was able to get a core dump. Here is the backtrace: Core was generated by `/home/ncopa/aports/testing/msitools/src/msitools-0.97/.libs/lt-msiinfo export -'. Program terminated with signal SIGSEGV, Segmentation fault.
+ Trace 238017
Here is the problem, when type="i2": ... type = libmsi_record_get_string(types, i); // type="i2" // the buffer allocated for type is only 3 bytes. ('i','2','\0'). ... switch (type[0]) { case 'l': case 'L': strcat(extra, " LOCALIZABLE"); /* fall through */ case 's': case 'S': strcpy(size, type+1); sprintf(type, "CHAR(%s)", size); break; case 'i': case 'I': len = atol(type + 1); if (len <= 2) strcpy(type, "INT"); // here you try write 4 bytes ('I','N', 'T', '\0') to the 3 byte allocated buffer. else if (len == 4) strcpy(type, "LONG"); else abort(); break; case 'v': case 'V': strcpy(type, "OBJECT"); break; default: abort(); } printf("`%s` %s%s", name, type, extra); g_free(name); g_free(type); // since the buffer is overflowed above, the musl free() goes boom here.
Created attachment 360914 [details] [review] 0001-msiinfo-fix-buffer-overflow-segfault.patch This fixes the issue on alpine linux x86 and armhf.
Thanks, pushed with some changes: https://gitlab.gnome.org/GNOME/msitools/-/commit/1e30d26baaede98c9be8754bf2b88afff4d9d1e3