Open
Conversation
There are two acknowledged exception cases, which are handled inside falcolibs, but contain an unconditional ASSERT. One happens when reading information about the cgroup for the process (the process can disappear in the meantime, leaving the library failing on trying to open a corresponding procfs entries), another one at reading information about the process itself (the same story, the process can be already finished at this point, leaving no procfs entries). Both errors are valid from the design point of view, and they do not represent any significant issue, so it doesn't make sense to throw an ASSERT in the debug mode. Note, that there are more `ASSERTS(false)`, but only those two are proven to be fine to remove at the moment.
Stringy
pushed a commit
that referenced
this pull request
Feb 26, 2026
glibc-2.42 added __inet_ntop_chk fortification, which started to fail: *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. 0x00007ffff629b0dc in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff629b0dc in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff6242572 in raise () from /lib64/libc.so.6 #2 0x00007ffff6229f3b in abort () from /lib64/libc.so.6 #3 0x00007ffff622b148 in __libc_message_impl.cold () from /lib64/libc.so.6 #4 0x00007ffff6327337 in __fortify_fail () from /lib64/libc.so.6 #5 0x00007ffff6326c92 in __chk_fail () from /lib64/libc.so.6 #6 0x00007ffff6327a62 in __inet_ntop_chk () from /lib64/libc.so.6 #7 0x000055555569da3d in inet_ntop (__af=10, __src=0x555555ee0800, __dst=0x7fffffff4f90 "\260P\377\377\377\177", __dst_size=100) at /usr/include/bits/inet-fortified.h:36 #8 ipv6tuple_to_string[abi:cxx11](ipv6tuple*, bool) (tuple=0x555555ee0800, resolve=false) at /tmp/portage/dev-debug/sysdig-0.40.1/work/libs-0.20.0/userspace/libsinsp/utils.c Use INET6_ADDRSTRLEN as destination buffer size. Fixes: falcosecurity/libs#2573 Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are two acknowledged exception cases, which are handled inside
falcolibs, but contain an unconditional ASSERT. One happens when reading
information about the cgroup for the process (the process can disappear
in the meantime, leaving the library failing on trying to open a
corresponding procfs entries), another one at reading information about
the process itself (the same story, the process can be already finished
at this point, leaving no procfs entries).
Both errors are valid from the design point of view, and they do not
represent any significant issue, so it doesn't make sense to throw an
ASSERT in the debug mode. Note, that there are more
ASSERTS(false),but only those two are proven to be fine to remove at the moment.