"stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Issues related to applications and software problems and general support
Post Reply
invade
Posts: 26
Joined: 2020/02/26 14:26:51

"stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by invade » 2021/06/08 15:13:27

Hi.

I am experiencing the following during repeatable tests:

Test 1:

1. Start a container using the latest (8.3.201) Docker image.

2. Set variable VERSION to anything, say 1.

3. Create a text file containing the string "VERSION".

4. sed -i "s/VERSION/${VERSION/.rc/~rc}/" file

5. String substitution works as expected.

Test 2:

1. Start a container using the latest (8.3.201) Docker image.

2. dnf makecache.

3. dnf upgrade (which upgrades to 8.4.2105)

4. Set variable VERSION to anything, say 1.

5. Create a text file containing the string "VERSION".

6. sed -i "s/VERSION/${VERSION/.rc/~rc}/" file

7. The following is reported:
*** stack smashing detected ***: <unknown> terminated
and the container crashes.

8. The following is logged on the host (Fedora):

Code: Select all

Jun 08 13:00:56 localhost abrt-server[29178]: Blacklisted package 'bash'
Jun 08 13:00:56 localhost abrt-server[29178]: 'post-create' on '/var/spool/abrt/ccpp-2021-06-08-13:00:55.861039-28753' exited with 1
Jun 08 13:00:56 localhost abrt-server[29178]: Deleting problem directory '/var/spool/abrt/ccpp-2021-06-08-13:00:55.861039-28753'
Jun 08 13:00:56 localhost abrt-dump-journal-oops[833]: abrt-dump-journal-oops: Found oopses: 1
Jun 08 13:00:56 localhost abrt-dump-journal-oops[833]: abrt-dump-journal-oops: Creating problem directories
Jun 08 13:00:57 localhost abrt-server[29190]: Can't find a meaningful backtrace for hashing in '.'
Jun 08 13:00:57 localhost abrt-server[29190]: Preserving oops '.' because DropNotReportableOopses is 'no'
Jun 08 13:00:57 localhost abrt-notification[29207]: System encountered a non-fatal error in ??()
I don't have the skills to debug the crash.

I have performed the same tests in a virtual machine, rather than a container, and everything works in both scenarios.

Three questions:

1. Does anyone happen to know the cause?

2. Should I raise this as a bug? If so, against which component?

3. Should there be an image for CentOS 8.4.2105 on Docker Hub?

Many thanks in advance.

invade
Posts: 26
Joined: 2020/02/26 14:26:51

Re: "stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by invade » 2021/06/09 11:39:12

Further testing shows that the problem is caused by a non escaped tilde (~):

1. Start a container using the latest (8.3.201) Docker image.

2. dnf makecache

3. dnf upgrade (which upgrades to 8.4.2105)

4. VERSION=~rc1
*** stack smashing detected ***: <unknown> terminated

I'm guessing that the problem relates to trying to expand the tilde:
https://www.gnu.org/software/bash/manua ... nsion.html

although I'm not sure stack smashing should be the correct result if it fails.

Escaping the tilde resolves the problem:
4. VERSION=\~rc1

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: "stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by TrevorH » 2021/06/09 16:15:36

I think you should report this on bugzilla.redhat.com. This looks to me like it has the potential to be a security problem since something is wverwriting more memory than it has allocated and it overwriting the magic number that delineates where a processes allocated RAM stops. When the memory is then checked by the memory allocator it sees that its magic marker is missing and whinges about it. It's indicative that something is not checking memory bounds correctly and is (potentially) overwriting memory that doesn't belong to it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

invade
Posts: 26
Joined: 2020/02/26 14:26:51

Re: "stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by invade » 2021/06/09 16:23:03

bugzilla.redhat.com not bugs.centos.org?

I have no way to test if the same problem exists in RHEL.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: "stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by TrevorH » 2021/06/09 16:32:53

Since CentOS is a rebuild of RHEL, if you want the bug fixed then you have to report it to RH. It's free to register for bugzilla and doesn't require anything. You can also get a free Developer RH subscription which comes with a license that allows you to run up to 16 RHEL systems. You just have to renew it once a year.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

invade
Posts: 26
Joined: 2020/02/26 14:26:51

Re: "stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by invade » 2021/06/09 17:02:42

Can do but, based on:
https://wiki.centos.org/ReportBugs

I thought bugzilla.redhat.com was for CentOS Stream and bugs.centos.org was for CentOS Linux.

We have accounts on both.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: "stack smashing detected" in Docker container following upgrade from 8.3.201 to 8.4.2105

Post by TrevorH » 2021/06/09 17:51:21

CentOS just rebuilds what gets released for RHEL. This looks like a bug from RHEL though I've not tested to confirm that. If that's the case then you need to report it to RH or it won't get fixed.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke


Post Reply