In 1.9.54, fetchnews.c, line 1625, there is a call to ln_log() that contains the formatting string "%p". This is eventually passed to vsnprintf. The included version doesn't support %p, and calls abort(). Fix: Replacing the %p with %d fixes the abort() (though gcc complains about the pointer/integer formatting; a better fix might be to avoid printing a pointer that is likely meaningless to the user).
Responsible Changed From-To: freebsd-ports-bugs->vs I contacted Matthias about this.
Jeff, what FreeBSD version are you running? Leafnode should not be using its vsnprintf replacement code on any supported (as in security updates) FreeBSD version. If it does, either your FreeBSD version is outdated, or the vsnprintf fix has not been backported to your version, might be 4.8. If you're running 4.8, try this patch for your libc: http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdio/vsnprintf.c.diff?r1=1.12.2.1&r2=1.12.2.2&sortby=date&only_with_tag=RELENG_4 I will fix this upstream regardless. Expect a followup patch later today. -- Matthias Andree
>Submitter-Id: current-users >Originator: Matthias Andree >Organization: >Confidential: no >Synopsis: ports/67111: fix bogus fetchnews abort() >Severity: non-critical >Priority: low >Category: ports >Class: maintainer-update >Release: FreeBSD 4.10-PRERELEASE i386 >Environment: System: FreeBSD libertas.emma.line.org 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #107: Mon May 17 11:47:47 CEST 2004 >Description: This fixes a bogus fetchnews abort() on releases with broken vsnprintf. Generated with FreeBSD Port Tools 0.50 >How-To-Repeat: >Fix: --- leafnode-1.9.54_1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/news/leafnode/Makefile /root/ports/news/leafnode/Makefile --- /usr/ports/news/leafnode/Makefile Mon May 24 15:27:56 2004 +++ /root/ports/news/leafnode/Makefile Mon May 24 15:28:11 2004 @@ -7,7 +7,7 @@ PORTNAME= leafnode PORTVERSION= 1.9.54 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= news MASTER_SITES= ${MASTER_SITE_SOURCEFORGE_EXTENDED:S/$/:sourceforge/} \ http://osdn.dl.sourceforge.net/sourceforge/${PORTNAME}/:sourceforge \ diff -ruN --exclude=CVS /usr/ports/news/leafnode/files/patch-fetchnews.c /root/ports/news/leafnode/files/patch-fetchnews.c --- /usr/ports/news/leafnode/files/patch-fetchnews.c Thu Jan 1 01:00:00 1970 +++ /root/ports/news/leafnode/files/patch-fetchnews.c Mon May 24 15:23:39 2004 @@ -0,0 +1,20 @@ +Index: fetchnews.c +=================================================================== +RCS file: /var/CVS/leafnode-1/fetchnews.c,v +retrieving revision 1.173 +retrieving revision 1.174 +diff -u -r1.173 -r1.174 +--- fetchnews.c 7 May 2004 08:34:15 -0000 1.173 ++++ fetchnews.c 24 May 2004 13:23:22 -0000 1.174 +@@ -1622,8 +1622,9 @@ + freelist(groups); + } else { + ln_log(LNLOG_SINFO, LNLOG_CSERVER, +- "%s: getting all newsgroups (debug: active: %p, forceactive: %s)", +- current_server->name, (void *)active, forceactive ? "true" : "false"); ++ "%s: getting all newsgroups (debug: active: %s, forceactive: %s)", ++ current_server->name, ++ active ? "set" : "nil", forceactive ? "true" : "false"); + xsnprintf(lineout, SIZE_lineout, "LIST\r\n"); + putaline(); + if (nntpreply(current_server) != 215) { --- leafnode-1.9.54_1.patch ends here ---
On Mon, 24 May 2004, Matthias Andree wrote: > what FreeBSD version are you running? 5.1-RELEASE-p10 > Leafnode should not be using its vsnprintf replacement code on any > supported (as in security updates) FreeBSD version. If it does, either > your FreeBSD version is outdated, or the vsnprintf fix has not been > backported to your version, might be 4.8. From the patch you mentioned below, it looks like the changes went into the 5.2 branch but not 5.1. I'm planning on upgrading to 5.2.1 tonight, anyway. I will confirm that leafnode uses the new vsnprintf on the upgraded system. > I will fix this upstream regardless. Expect a followup patch later > today. OK. I grepped and I believe that to be the only spot where %p is used. There may still be other formatting specifiers not supported by the internal vsnprintf. -Peff
Jeff King: > From the patch you mentioned below, it looks like the changes went into > the 5.2 branch but not 5.1. I'm planning on upgrading to 5.2.1 tonight, > anyway. I will confirm that leafnode uses the new vsnprintf on the > upgraded system. You'd need to reinstall the old (1.9.54) version of the leafnode port, for the new (1.9.54_1) would not trigger the problem, %p got replaced by a %s with interpreted value ("nil" or "set"). > OK. I grepped and I believe that to be the only spot where %p is used. > There may still be other formatting specifiers not supported by the > internal vsnprintf. I'd considered hacking up a quick Perl script to scan, but I wonder if it's worthwhile. -- Matthias Andree Encrypted mail welcome: my GnuPG key ID is 0x052E7D95
State Changed From-To: open->closed Fixed, thanks!
On Tue, 25 May 2004, Matthias Andree wrote: > You'd need to reinstall the old (1.9.54) version of the leafnode port, > for the new (1.9.54_1) would not trigger the problem, %p got replaced by > a %s with interpreted value ("nil" or "set"). Just to follow up, I checked 1.9.54 on 5.2.1-RELEASE-p7, and it correctly uses the system snprintf routines. So that was the culprit. > I'd considered hacking up a quick Perl script to scan, but I wonder if > it's worthwhile. You can get rid of most of the cruft with: perl -ne 'print if /%(?![+.*-]*\d*l?[dicus])/' *.c Leaving mostly uses of the '%' binary operator. The things I noticed were: - It looks like %m is used quite frequently, but is not supported by the built-in vsnprintf. This might cause abort()s for users of the built-in vsnprintf. - applyfilter.c:189 contains printf("%", c[i % 4]); We seem to be missing a format specifier. Other than that, it looked good to me. -Peff