ReldepParser: Reject overlong dependency strings #268
Conversation
c61e14d to
6b26661
Compare
|
I am really sorry but I am unable to reproduce the issue with |
Passing a very long package name triggered a segfault:
# dnf5 downgrade $(perl -e 'print q{A} x 13390')
Updating and loading repositories:
Repositories loaded.
Segmentation fault (core dumped)
This is caused by a known bug in GCC std::regex_match().
This patch prevents from the crash by rejecting strings longer than
1 KB. Another solution would be to move to a heap-based regular
expression engine, like PCRE2.
<https://bugzilla.redhat.com/show_bug.cgi?id=2164792>
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164>
|
It happens both with downgrade and with install. The exact length when the bug triggers varies based how the code is compiled (compiler version, compiler options). I can reproduce it with a code built from the latest git tree (commit 3092cd6), that build requires a longer argument: Running it later under debugger and listing outmost 16 frames confirms it's the same crash. Where can I found dnf5-5.0.5-20230207005715.11.g3388f6fc.fc36.x86_64? Fedora has dnf5-5.0.5-1.fc38.x86_64. |
|
I can see you pushed new commits, I will push a rebased patch. |
6b26661 to
3ff24ee
Compare
That should be from our nightly Copr: https://copr.fedorainfracloud.org/coprs/rpmsoftwaremanagement/dnf5-unstable/ |
|
The same crash with unstable dnf5: |
|
I confirm that it is reproducible. |
Passing a very long package name triggered a segfault:
This is caused by a known bug in GCC std::regex_match().
This patch prevents from the crash by rejecting strings longer than 1 KB. Another solution would be to move to a heap-based regular expression engine, like PCRE2.
https://bugzilla.redhat.com/show_bug.cgi?id=2164792 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164