Conky: journal: segfault

Created on 4 Aug 2018  路  5Comments  路  Source: brndnmtthws/conky

Program received signal SIGSEGV, Segmentation fault.
```gdb
(gdb) r -c /tmp/conky.txt
Starting program: /usr/local/bin/conky -c /tmp/conky.txt
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
conky: desktop window (25a) is root window
conky: drawing to desktop window
conky: can't load font '6x10'
conky: can't load font '6x10'

Program received signal SIGSEGV, Segmentation fault.
0x00005555555bfcc4 in read_log (read=0x7fffffffd908, length=, time=0x7fffffffd918, timestamp=,
jh=0x55555588d300, p=0x555555872040 "Aug 04 00:09:19z420 /py3status[32518]:", p_max_size=16384)
at /home/chris/src/conky/src/journal.cc:142
142 p[*read++] = ' ';
(gdb) bt full

0 0x00005555555bfcc4 in read_log (read=0x7fffffffd908, length=, time=0x7fffffffd918,

timestamp=<optimized out>, jh=0x55555588d300, p=0x555555872040 "Aug 04 00:09:19z420 /py3status[32518]:", p_max_size=16384)
at /home/chris/src/conky/src/journal.cc:142
    tm = {tm_sec = 19, tm_min = 9, tm_hour = 0, tm_mday = 4, tm_mon = 7, tm_year = 118, tm_wday = 6, tm_yday = 215,
      tm_isdst = 1, tm_gmtoff = -18000, tm_zone = 0x555555891b20 "CDT"}
    jh = 0x55555588d300
    length = <optimized out>
    read = 0x7fffffffd920
    p_max_size = 16384
    p = 0x555555872040 "Aug 04 00:09:19z420 /py3status[32518]:"
    timestamp = <optimized out>
    time = 0x7fffffffd918
    tm = <optimized out>
    tm = <optimized out>

1 0x00005555555bff5b in print_journal (obj=, p=0x555555872040 "Aug 04 00:09:19z420 /py3status[32518]:",

p_max_size=16384) at /home/chris/src/conky/src/journal.cc:170
    j = <optimized out>
    jh = 0x55555588d300
    read = 15
    length = 37
    time = 1533359359
    timestamp = 1533359359743849

2 0x00005555555748e3 in generate_text_internal (p=p@entry=0x555555872040 "Aug 04 00:09:19z420 /py3status[32518]:",

p_max_size=16384, root=...) at /home/chris/src/conky/src/conky.cc:860
    obj = 0x555555871cc0
    a = <optimized out>

3 0x00005555555775ad in generate_text () at /usr/include/c++/8.1.1/bits/unique_ptr.h:342

    i = <optimized out>
    k = <optimized out>
    mw = <optimized out>
    tbs = <optimized out>
    ui = <optimized out>
    p = 0x555555872040 "Aug 04 00:09:19z420 /py3status[32518]:"
    j = <optimized out>
    time = <optimized out>
    p = <optimized out>
    i = <optimized out>
    j = <optimized out>
    k = <optimized out>
    mw = <optimized out>
    tbs = <optimized out>
    ui = <optimized out>
    time = <optimized out>
    tmp_p = <optimized out>

4 update_text () at /home/chris/src/conky/src/conky.cc:1980

No locals.

5 0x000055555557a71e in main_loop () at /home/chris/src/conky/src/conky.cc:2094

    fdsr = {fds_bits = {0 <repeats 16 times>}}
    tv = {tv_sec = 0, tv_usec = 0}
    s = <optimized out>
    terminate = 0
    t = <optimized out>
    inotify_config_wd = 1
    inotify_buff = '\000' <repeats 249 times>...

6 0x000055555556a9ae in main () at /home/chris/src/conky/src/conky.cc:3162

    curl_global = <optimized out>

7 0x00007ffff4bb406b in __libc_start_main () from /usr/lib/libc.so.6

No symbol table info available.

8 0x000055555556f61a in _start () at /home/chris/src/conky/src/conky.cc:3212

No symbol table info available.
(gdb)

bug
Source
picture lasers

All 5 comments

I guess that read in

p[*read++] = ' ';

is overflowing the maximum p size, so a check of if (p_max_size < read) {} should be done several times.

su8 picture su8 on 4 Aug 2018

Can you test the following bisect:

diff --git a/src/journal.cc b/src/journal.cc
index 5e694c29..c52bf784 100644
--- a/src/journal.cc
+++ b/src/journal.cc
@@ -129,6 +129,11 @@ bool read_log(size_t *read, size_t *length, time_t *time, uint64_t *timestamp,
            strftime(p + *read, p_max_size - *read, "%b %d %H:%M:%S", &tm)) <= 0)
     return false;
   *read += *length;
+
+  if (p_max_size < *read) {
+    *read = p_max_size - 1;
+    return false;
+  }
   p[*read++] = ' ';

   if (print_field(jh, "_HOSTNAME", ' ', read, p, p_max_size) < 0) return false;
@@ -138,7 +143,16 @@ bool read_log(size_t *read, size_t *length, time_t *time, uint64_t *timestamp,

   if (print_field(jh, "_PID", ']', read, p, p_max_size) < 0) return false;

+  if (p_max_size < *read) {
+    *read = p_max_size - 1;
+    return false;
+  }
   p[*read++] = ':';
+
+  if (p_max_size < *read) {
+    *read = p_max_size - 1;
+    return false;
+  }
   p[*read++] = ' ';
su8 picture su8 on 4 Aug 2018
1

On manjaro without this patch conky crashes, with it everything is working fine.

screenshot_2018-08-04_19-36-00

su8 picture su8 on 4 Aug 2018
1

I don't crash anymore with this patch. :+1:

lasers picture lasers on 5 Aug 2018
1

The patch has been mergein in https://github.com/brndnmtthws/conky/commit/4155ac253b77ff736a1fd32ef61dde15f636b16a#diff-70c6a976d8cb5453c87fb78639c96f37R133 :octocat:

su8 picture su8 on 6 Aug 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

akorop picture akorop  路  3Comments
txtsd picture txtsd  路  4Comments
nwwt picture nwwt  路  5Comments
zero77 picture zero77  路  3Comments
ghost picture ghost  路  4Comments