Bug 1044766

Summary: [abrt] ltrace-0.7.2-5.fc19: strlen: Process /usr/bin/ltrace was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Victor Stinner <victor.stinner>
Component: ltraceAssignee: Petr Machata <pmachata>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: lnie, misc, mnewsome, pmachata
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/ae6d8c13e974975d74362aef671d980d1a029e40
Whiteboard: abrt_hash:c6fb2f360e3bc2489d3717553f8d1a1c0b7c4cc9
Fixed In Version: ltrace-0.7.2-8.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-11 22:58:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Victor Stinner 2013-12-18 23:36:17 UTC
Description of problem:
Hi,

While debugging my Fusil the fuzzer program, I hit a bug in the ltrace project on my Fedora 19. When ltrace is used with -e PATTERN option and a program without its absolution path (ex: pwd vs /usr/bin/pwd) and without the PATH environment variable (ex: "unset PATH"), it does crash.

Example:

$  env -i /usr/bin/ltrace -e getenv pwd
Erreur de segmentation (core dumped)
/home/haypo/prog/HG/fusil

It works if -e option is not used, or if the full path to the tested program is used.

It looks like the bug was fixed upstream in the commit aafb00b7d7751049b99cac3953b5021e4f474ac4:
http://anonscm.debian.org/gitweb/?p=collab-maint/ltrace.git;a=commit;h=aafb00b7d7751049b99cac3953b5021e4f474ac4

It looks also like the release version 0.7.3 includes the fix, so upgrading ltrace from 0.7.90-git to 0.7.3 should fix this crash.

Workarounds:
- set the PATH environment variable
- or: don't use -e PATTERN option
- or: pass the full path to the program

Version-Release number of selected component:
ltrace-0.7.2-5.fc19

Additional info:
reporter:       libreport-2.1.9
backtrace_rating: 4
cmdline:        /usr/bin/ltrace -e xxx pwd
crash_function: strlen
environ:        
executable:     /usr/bin/ltrace
kernel:         3.11.9-200.fc19.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 strlen at ../sysdeps/x86_64/strlen.S:31
 #1 __regexec at regexec.c:242
 #2 re_match_or_error at filter.c:114
 #3 filter_matches_library at filter.c:155
 #4 read_module at ltrace-elf.c:975
 #5 ltelf_read_main_binary at ltrace-elf.c:1023
 #6 breakpoints_init at breakpoints.c:398
 #7 process_init_main at proc.c:167
 #8 process_init at proc.c:199
 #9 open_program at proc.c:292

Comment 1 Victor Stinner 2013-12-18 23:36:23 UTC
Created attachment 838682 [details]
File: backtrace

Comment 2 Victor Stinner 2013-12-18 23:36:25 UTC
Created attachment 838683 [details]
File: cgroup

Comment 3 Victor Stinner 2013-12-18 23:36:27 UTC
Created attachment 838684 [details]
File: core_backtrace

Comment 4 Victor Stinner 2013-12-18 23:36:29 UTC
Created attachment 838685 [details]
File: dso_list

Comment 5 Victor Stinner 2013-12-18 23:36:32 UTC
Created attachment 838686 [details]
File: exploitable

Comment 6 Victor Stinner 2013-12-18 23:36:34 UTC
Created attachment 838687 [details]
File: limits

Comment 7 Victor Stinner 2013-12-18 23:36:36 UTC
Created attachment 838688 [details]
File: maps

Comment 8 Victor Stinner 2013-12-18 23:36:38 UTC
Created attachment 838689 [details]
File: open_fds

Comment 9 Victor Stinner 2013-12-18 23:36:40 UTC
Created attachment 838690 [details]
File: proc_pid_status

Comment 10 Victor Stinner 2013-12-18 23:36:48 UTC
Created attachment 838691 [details]
File: var_log_messages

Comment 11 Petr Machata 2014-01-15 17:05:01 UTC
Thanks.  It seems for Rawhide we instead need http://anonscm.debian.org/gitweb/?p=collab-maint/ltrace.git;a=commitdiff_plain;h=0ba3c5ee and http://anonscm.debian.org/gitweb/?p=collab-maint/ltrace.git;a=commitdiff_plain;h=2bfea358

> It looks also like the release version 0.7.3 includes the fix, so upgrading 
> ltrace from 0.7.90-git to 0.7.3 should fix this crash.

It's the other way around, 0.7.90 is much newer than 0.7.3 ;)  I'll bring the patch you reference to F19 and F20, and the other two patches to Rawhide.

Comment 12 Fedora Update System 2014-01-15 17:32:03 UTC
ltrace-0.7.2-8.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/ltrace-0.7.2-8.fc20

Comment 13 Fedora Update System 2014-01-15 17:50:45 UTC
ltrace-0.7.2-6.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/ltrace-0.7.2-6.fc19

Comment 14 lnie 2014-01-16 02:54:59 UTC
ltrace-0.7.2-8.fc20 works

Comment 15 Fedora Update System 2014-01-16 07:00:16 UTC
Package ltrace-0.7.2-8.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ltrace-0.7.2-8.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-0897/ltrace-0.7.2-8.fc20
then log in and leave karma (feedback).

Comment 16 Fedora Update System 2014-02-11 22:58:23 UTC
ltrace-0.7.2-6.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2014-02-11 23:08:48 UTC
ltrace-0.7.2-8.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.