Runtime Error Bug in the unnethack Nixpkgs

[naidneelttil]

Describe the bug

when attempting to run this program it immediately gives a buffer overflow detected error
the stacktrace seems to indicate the issue originated on line 15 of .wrapped_unnethack in the nix store.
after getting the error it also alters the terminal. making nothing typed in visible.

Steps To Reproduce

Steps to reproduce the behavior:

1. run the command nix run "nixpkgs#unnethack"

Expected behavior

I expect the program to run without a buffer overflow detected and the terminal not to be effected.

Screenshots

If applicable, add screenshots to help explain your problem.
this is what it looks like when the program is run:

Additional context

N/A

Notify maintainers

@trofi
@Profpatsch

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
- system: `"x86_64-linux"`
 - host os: `Linux 6.6.9-200.fc39.x86_64, Fedora Linux, 39.20240113.0 (Silverblue), nobuild`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.19.2`
 - nixpkgs: `/var/home/naidneelttil/.nix-defexpr/channels/nixpkgs`

---

Add a 👍 reaction to issues you find important.

[trofi]

Yeah, that's probably fortify3 hardening. gcc build log even tells us that we have a few overruns:

display.c:1496:84: warning: '%s' directive writing up to 255 bytes into a region of size between 145 and 155 [-Wformat-overflow=]
 1496 |                 Sprintf(tmpbuf, "<span title=\"you\" class=\"nh_inv_%d nh_player\">%s</span>", color, html_c);
      |                                                                                    ^~                 ~~~~~~

I'll try to extract a backtrace to verify.

[trofi]

$ coredumpctl debug

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f734250c0e3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f73424bce06 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f73424a58f5 in __GI_abort () at abort.c:79
#4  0x00007f73424a67a1 in __libc_message (fmt=fmt@entry=0x7f734261e2f8 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007f734259b1d9 in __GI___fortify_fail (msg=msg@entry=0x7f734261e2df "buffer overflow detected") at fortify_fail.c:24
#6  0x00007f734259ab94 in __GI___chk_fail () at chk_fail.c:28
#7  0x00000000005b2ac5 in strcpy (__src=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)",
    __dest=0x7ffe68838990 "\001") at /nix/store/B0S2LKF593R3585038WS4JD3LYLF2WDX-glibc-2.38-44-dev/include/bits/string_fortified.h:79
#8  curses_break_str (str=str@entry=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)", width=width@entry=163,
    line_num=line_num@entry=1) at ../win/curses/cursmisc.c:275
#9  0x00000000005b3f51 in curses_character_input_dialog (prompt=prompt@entry=0x7ffe68838cf0 "Shall I pick a character's race, role, gender and alignment for you?",
    choices=choices@entry=0x7ffe68838d70 "YNTQ", def=def@entry=121) at ../win/curses/cursdial.c:211
#10 0x00000000005b9ca0 in curses_choose_character () at ../win/curses/cursinit.c:556
#11 0x0000000000404eb1 in main (argc=<optimized out>, argv=<optimized out>) at ./../sys/unix/unixmain.c:309

This corresponds to this gcc warning:

../win/curses/cursmisc.c: In function 'curses_break_str':
../win/curses/cursmisc.c:275:5: warning: '__builtin___strcpy_chk' writing one too many bytes into a region of a size that depends on 'strlen' [-Wstringop-overflow=]
  275 |     strcpy(substr, str);
      |     ^

[trofi]

Proposed the change as #292170