Bug 151570
Summary: | Buffer overflow in strace | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robin Green <greenrd> | ||||
Component: | strace | Assignee: | Roland McGrath <roland> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4 | CC: | dan, jorton, ldv, ofudd, thh, wtogami | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 4.5.14 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-04-03 08:32:10 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 136450 | ||||||
Attachments: |
|
Description
Robin Green
2005-03-19 23:53:39 UTC
Created attachment 112153 [details]
Typescript created using /usr/bin/script
I had to use /usr/bin/script to capture this, because the error gets written to
/dev/tty, not stderr.
This should already be fixed in the rawhide package (4.5.10-1). Can you test that version? It's still broken in 4.5.10-1. This wasn't the bug I thought it was, but was a simple one. I've fixed it upstream. Is this fixed in dist-fc4? It looks like there is still a strace overflow in select() handling in the fc4 strace (strace-4.5.11-1): when stracing some test program I hit: select(4, [3], NULL, NULL, {120, 0}*** buffer overflow detected ***: strace terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x41d565] /lib/libc.so.6(__vsprintf_chk+0x0)[0x41ce30] /lib/libc.so.6(_IO_default_xsputn+0x97)[0x39fb58] /lib/libc.so.6(_IO_vfprintf+0xd92)[0x37aaf4] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x41ced1] /lib/libc.so.6(__sprintf_chk+0x30)[0x41ce24] strace[0x804f497] strace[0x804c879] strace[0x804ba80] /lib/libc.so.6(__libc_start_main+0xc6)[0x353de6] strace[0x80495d1] strace-4.5.11-1 ( while stracing a monotone initial pull ) time(NULL) = 1119655481 ioctl(2, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0 write(2, "\rmonotone: [bytes in: 6.4M] [byt"..., 80) = 80 select(5, [4], [4], [4], {21600, 0}) = 1 (in [4], left {21600, 0}) select(5, [4], NULL, NULL, {21600, 0}) = 1 (in [4], left {21600, 0}) recv(4, "\224\275\fU \303Z\226]\177\0358w*b\271\3531\201\271\33"..., 4095, 0) =4095 time(NULL) = 1119655481 ioctl(2, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0 write(2, "\rmonotone: [bytes in: 6.4M] [byt"..., 80) = 80 select(5, [4], [4], [4], {21600, 0}) = 1 (in [4], left {21600, 0}) select(5, [4], NULL, NULL, {21600, 0}) = 1 (in [4], left {21600, 0}) recv(4, "\255\352:\342:f\344~\330\330\267\266\262D\265\307\230%"..., 4095, 0) =3742 time(NULL) = 1119655481 ioctl(2, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0 write(2, "\rmonotone: [bytes in: 6.4M] [byt"..., 80) = 80 select(5, [4], [4], [4], {21600, 0}*** buffer overflow detected ***: strace terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x8fc565] /lib/libc.so.6(__vsprintf_chk+0x0)[0x8fbe30] /lib/libc.so.6(_IO_default_xsputn+0x97)[0x87eb58] /lib/libc.so.6(_IO_vfprintf+0x1b05)[0x85a867] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x8fbed1] /lib/libc.so.6(__sprintf_chk+0x30)[0x8fbe24] strace[0x804f497] strace[0x804c879] strace[0x804ba80] /lib/libc.so.6(__libc_start_main+0xc6)[0x832de6] strace[0x80495d1] ======= Memory map: ======== 005a2000-005ab000 r-xp 00000000 fd:00 7373866 /lib/libgcc_s-4.0.0-20050520.so.1 005ab000-005ac000 rwxp 00009000 fd:00 7373866 /lib/libgcc_s-4.0.0-20050520.so.1 00800000-0081a000 r-xp 00000000 fd:00 7372821 /lib/ld-2.3.5.so 0081a000-0081b000 r-xp 00019000 fd:00 7372821 /lib/ld-2.3.5.so 0081b000-0081c000 rwxp 0001a000 fd:00 7372821 /lib/ld-2.3.5.so 0081e000-00942000 r-xp 00000000 fd:00 7372823 /lib/libc-2.3.5.so 00942000-00944000 r-xp 00124000 fd:00 7372823 /lib/libc-2.3.5.so 00944000-00946000 rwxp 00126000 fd:00 7372823 /lib/libc-2.3.5.so 00946000-00948000 rwxp 00946000 00:00 0 00af5000-00af6000 r-xp 00af5000 00:00 0 08047000-08071000 r-xp 00000000 fd:00 5941209 /usr/bin/strace 08071000-08072000 rw-p 0002a000 fd:00 5941209 /usr/bin/strace 08072000-08079000 rw-p 08072000 00:00 0 09913000-09934000 rw-p 09913000 00:00 0 [heap] b7f60000-b7f61000 rw-p b7f60000 00:00 0 b7f70000-b7f71000 rw-p b7f70000 00:00 0 bfe5b000-bfe71000 rw-p bfe5b000 00:00 0 [stack] Aborted This is fixed upstream. New package shortly. I also wanted to report strace dying with a buffer overflow in select(). # strace -p `pidof dhcpd` Process 26092 attached - interrupt to quit --- SIGSTOP (Stopped (signal)) @ 0 (0) --- --- SIGSTOP (Stopped (signal)) @ 0 (0) --- select(8, [4 6 7], [], [], {86373, 168000} *** buffer overflow detected ***: strace terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x3fd565] /lib/libc.so.6(__vsprintf_chk+0x0)[0x3fce30] /lib/libc.so.6(_IO_default_xsputn+0x97)[0x37fb58] /lib/libc.so.6(_IO_vfprintf+0x1b05)[0x35b867] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x3fced1] /lib/libc.so.6(__sprintf_chk+0x30)[0x3fce24] strace[0x804f497] strace[0x804c879] strace[0x804ba80] /lib/libc.so.6(__libc_start_main+0xc6)[0x333de6] strace[0x80495d1] ======= Memory map: ======== 002fd000-00317000 r-xp 00000000 fd:00 2783627 /lib/ld-2.3.5.so 00317000-00318000 r-xp 00019000 fd:00 2783627 /lib/ld-2.3.5.so 00318000-00319000 rwxp 0001a000 fd:00 2783627 /lib/ld-2.3.5.so 0031f000-00443000 r-xp 00000000 fd:00 2783628 /lib/libc-2.3.5.so 00443000-00445000 r-xp 00124000 fd:00 2783628 /lib/libc-2.3.5.so 00445000-00447000 rwxp 00126000 fd:00 2783628 /lib/libc-2.3.5.so 00447000-00449000 rwxp 00447000 00:00 0 00689000-00692000 r-xp 00000000 fd:00 2783632 /lib/libgcc_s-4.0.0-20050520.so.1 00692000-00693000 rwxp 00009000 fd:00 2783632 /lib/libgcc_s-4.0.0-20050520.so.1 08047000-08071000 r-xp 00000000 fd:00 3545407 /usr/bin/strace 08071000-08072000 rwxp 0002a000 fd:00 3545407 /usr/bin/strace 08072000-08079000 rwxp 08072000 00:00 0 09ac0000-09ae1000 rwxp 09ac0000 00:00 0 [heap] b7f9c000-b7f9e000 rwxp b7f9c000 00:00 0 b7fb9000-b7fba000 r-xp b7fb9000 00:00 0 bfda5000-bfdba000 rw-p bfda5000 00:00 0 [stack] Abort Where do we get the new package? 4.5.14 is in fc4 updates and in fc5 |