Bug 167985

Summary:

*** buffer overflow detected ***: /usr/libexec/gnome-vfs-daemon terminated

Product:

[Fedora] Fedora

Reporter:

sangu <sangu.fedora>

Component:

hal

Assignee:

David Zeuthen <davidz>

Status:

CLOSED RAWHIDE

QA Contact:

Severity:

medium

Docs Contact:

Priority:

medium

Version:

rawhide

CC:

johnp, mclasen, rodd, tjarls

Target Milestone:

---

Target Release:

---

Hardware:

i386

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2005-09-27 23:10:01 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Fixes the length of the buffer sent into readlink	none
Amended patch	none
Backported patch from CVS	none

Description sangu 2005-09-10 01:54:47 UTC

Description of problem:
gnome-vfs-daemon doesn't start.

$/usr/libexec/gnome-vfs-daemon
*** buffer overflow detected ***: /usr/libexec/gnome-vfs-daemon terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xb24495]
/lib/libc.so.6[0xb24a0d]
/usr/libexec/gnome-vfs-daemon(_gnome_vfs_hal_mounts_modify_volume+0x1be)[0x805a314]
/usr/libexec/gnome-vfs-daemon[0x8056757]
/usr/libexec/gnome-vfs-daemon[0x80572b4]
/usr/lib/libgobject-2.0.so.0(g_type_create_instance+0x4d2)[0x8e5881]
/usr/lib/libgobject-2.0.so.0[0x8cc570]
/usr/lib/libgobject-2.0.so.0(g_object_newv+0x1d6)[0x8cd1c9]
/usr/lib/libgobject-2.0.so.0(g_object_new_valist+0x22b)[0x8cdd74]
/usr/lib/libgobject-2.0.so.0(g_object_new+0x3c)[0x8cdf1c]
/usr/lib/libgnomevfs-2.so.0(_gnome_vfs_get_volume_monitor_internal+0xfa)[0xc56bdb]
/usr/lib/libgnomevfs-2.so.0(gnome_vfs_get_volume_monitor+0x1e)[0xc56c24]
/usr/libexec/gnome-vfs-daemon(main+0xd3)[0x805076e]
/lib/libc.so.6(__libc_start_main+0xdf)[0xa5b4ff]
/usr/libexec/gnome-vfs-daemon[0x804f781]
======= Memory map: ========
00111000-00130000 r-xp 00000000 03:08 328954     /usr/lib/libdbus-glib-1.so.1.0.0
00130000-00131000 rwxp 0001f000 03:08 328954     /usr/lib/libdbus-glib-1.so.1.0.0
00131000-00187000 r-xp 00000000 03:08 342524     /usr/lib/libbonobo-2.so.0.0.0
00187000-00191000 rwxp 00056000 03:08 342524     /usr/lib/libbonobo-2.so.0.0.0
00191000-00195000 r-xp 00000000 03:08 343484     /usr/lib/libgthread-2.0.so.0.800.1
00195000-00196000 rwxp 00003000 03:08 343484     /usr/lib/libgthread-2.0.so.0.800.1
00196000-00221000 r-xp 00000000 03:08 341853    
/usr/lib/libglib-2.0.so.0.800.100221000-00222000 rwxp 0008b000 03:08 341853    
/usr/lib/libglib-2.0.so.0.800.100222000-00239000 r-xp 00000000 03:08 343066    
/usr/lib/libgssapi_krb5.so.2.2
00239000-0023a000 rwxp 00016000 03:08 343066     /usr/lib/libgssapi_krb5.so.2.2
0023a000-0025d000 r-xp 00000000 03:08 343168     /usr/lib/libk5crypto.so.3.0
0025d000-0025e000 rwxp 00023000 03:08 343168     /usr/lib/libk5crypto.so.3.0
0025e000-00270000 r-xp 00000000 03:08 341442     /usr/lib/libz.so.1.2.3
00270000-00271000 rwxp 00011000 03:08 341442     /usr/lib/libz.so.1.2.3
00271000-0027f000 r-xp 00000000 03:08 896018     /lib/libpthread-2.3.90.so
0027f000-00280000 r-xp 0000d000 03:08 896018     /lib/libpthread-2.3.90.so
00280000-00281000 rwxp 0000e000 03:08 896018     /lib/libpthread-2.3.90.so
00281000-00283000 rwxp 00281000 00:00 0
00286000-0028d000 r-xp 00000000 03:08 341827     /usr/lib/libhal-storage.so.1.0.0
0028d000-0028e000 rwxp 00007000 03:08 341827     /usr/lib/libhal-storage.so.1.0.0
0028e000-0029d000 r-xp 00000000 03:08 896020     /lib/libresolv-2.3.90.so
0029d000-0029e000 r-xp 0000e000 03:08 896020     /lib/libresolv-2.3.90.so
0029e000-0029f000 rwxp 0000f000 03:08 896020     /lib/libresolv-2.3.90.so
0029f000-002a1000 rwxp 0029f000 00:00 0
002a1000-002a9000 r-xp 00000000 03:08 896023     /lib/librt-2.3.90.so
002a9000-002aa000 r-xp 00007000 03:08 896023     /lib/librt-2.3.90.so
002aa000-002ab000 rwxp 00008000 03:08 896023     /lib/librt-2.3.90.so
002ab000-002b5000 rwxp 002ab000 00:00 0
002b5000-002c6000 r-xp 00000000 03:08 895858     /lib/libnsl-2.3.90.so
002c6000-002c7000 r-xp 00011000 03:08 895858     /lib/libnsl-2.3.90.so
002c7000-002c8000 rwxp 00012000 03:08 895858     /lib/libnsl-2.3.90.so
002c8000-002ca000 rwxp 002c8000 00:00 0
002ca000-002cd000 r-xp 00000000 03:08 328933     /usr/lib/libkrb5support.so.0.0
002cd000-002ce000 rwxp 00002000 03:08 328933     /usr/lib/libkrb5support.so.0.0
002ce000-002d7000 r-xp 00000000 03:08 895872     /lib/libnss_files-2.3.90.so
002d7000-002d8000 r-xp 00008000 03:08 895872     /lib/libnss_files-2.3.90.so
002d8000-002d9000 rwxp 00009000 03:08 895872     /lib/libnss_files-2.3.90.so
002d9000-002e0000 r-xp 00000000 03:08 179251    
/usr/lib/gnome-vfs-2.0/modules/libfile.so
002e0000-002e1000 rwxp 00006000 03:08 179251    
/usr/lib/gnome-vfs-2.0/modules/libfile.so
002e1000-002e7000 r-xp 00000000 03:08 341509     /usr/lib/libfam.so.0.0.0
002e7000-002e8000 rwxp 00006000 03:08 341509     /usr/lib/libfam.so.0.0.0
002ed000-002f5000 r-xp 00000000 03:08 341891     /usr/lib/libhal.so.1.0.0
002f5000-002f6000 rwxp 00008000 03:08 341891     /usr/lib/libhal.so.1.0.0
002f6000-00413000 r-xp 00000000 03:08 341549     /usr/lib/libxml2.so.2.6.21
00413000-0041b000 rwxp 0011d000 03:08 341549     /usr/lib/libxml2.so.2.6.21
0041b000-0041c000 rwxp 0041b000 00:00 0
0041c000-00516000 r-xp 00000000 03:08 895693     /lib/libcrypto.so.0.9.7f
00516000-00528000 rwxp 000fa000 03:08 895693     /lib/libcrypto.so.0.9.7f
00528000-0052b000 rwxp 00528000 00:00 0
0052b000-00534000 r-xp 00000000 03:08 894330     /lib/libgcc_s-4.0.1-20050906.so.1
00534000-00535000 rwxp 00009000 03:08 894330     /lib/libgcc_s-4.0.1-20050906.so.1
00588000-005d4000 r-xp 00000000 03:08 343823     /usr/lib/libORBit-2.so.0.0.0
005d4000-005e0000 rwxp 0004b000 03:08 343823     /usr/lib/libORBit-2.so.0.0.0
005e7000-00619000 r-xp 00000000 03:08 328969     /usr/lib/libgconf-2.so.4.1.0
00619000-0061c000 rwxp 00031000 03:08 328969     /usr/lib/libgconf-2.so.4.1.0
0061c000-0068d000 r-xp 00000000 03:08 328930     /usr/lib/libkrb5.so.3.2
0068d000-0068f000 rwxp 00071000 03:08 328930     /usr/lib/libkrb5.so.3.2
00787000-007bd000 r-xp 00000000 03:08 894469     /lib/libssl.so.0.9.7f
007bd000-007c0000 rwxp 00036000 03:08 894469     /lib/libssl.so.0.9.7f
007c1000-007d3000 r-xp 00000000 03:08 327448    
/usr/lib/libbonobo-activation.so.4.0.0
007d3000-007d6000 rwxp 00011000 03:08 327448    
/usr/lib/libbonobo-activation.so.4.0.0
008bf000-008fa000 r-xp 00000000 03:08 343476     /usr/lib/libgobject-2.0.so.0.800.1
008fa000-008fb000 rwxp 0003b000 03:08 343476     /usr/lib/libgobject-2.0.so.0.800.1
008fb000-00910000 r-xp 00000000 03:08 344065     /usr/lib/libhowl.so.0.0.0
00910000-00912000 rwxp 00014000 03:08 344065     /usr/lib/libhowl.so.0.0.0
00912000-00a24000 rwxp 00912000 00:00 0
00a2b000-00a44000 r-xp 00000000 03:08 894168     /lib/ld-2.3.90.so
00a44000-00a45000 r-xp 00018000 03:08 894168     /lib/ld-2.3.90.so
00a45000-00a46000 rwxp 00019000 03:08 894168     /lib/ld-2.3.90.so
00a46000-00b6b000 r-xp 00000000 03:08 894419     /lib/libc-2.3.90.so
00b6b000-00b6d000 r-xp 00124000 03:08 894419     /lib/libc-2.3.90.so
00b6d000-00b6f000 rwxp 00126000 03:08 894419     /lib/libc-2.3.90.so
00b6f000-00b71000 rwxp 00b6f000 00:00 0
00c18000-00c7b000 r-xp 00000000 03:08 328956     /usr/lib/libgnomevfs-2.so.0.1200.0
00c7b000-00c80000 rwxp 00062000 03:08 328956     /usr/lib/libgnomevfs-2.so.0.1200.0
00dd1000-00dd3000 r-xp 00000000 03:08 894424     /lib/libcom_err.so.2.1
00dd3000-00dd4000 rwxp 00001000 03:08 894424     /lib/libcom_err.so.2.1
00e1c000-00e1e000 r-xp 00000000 03:08 895831     /lib/libdl-2.3.90.so
00e1e000-00e1f000 r-xp 00001000 03:08 895831     /lib/libdl-2.3.90.so
00e1f000-00e20000 rwxp 00002000 03:08 895831     /lib/libdl-2.3.90.so
00e31000-00e54000 r-xp 00000000 03:08 895854     /lib/libm-2.3.90.so
00e54000-00e55000 r-xp 00022000 03:08 895854     /lib/libm-2.3.90.so
00e55000-00e56000 rwxp 00023000 03:08 895854     /lib/libm-2.3.90.so
00e67000-00e6b000 r-xp 00000000 03:08 343881    
/usr/lib/libORBitCosNaming-2.so.0.0.0
00e6b000-00e6c000 rwxp 00004000 03:08 343881    
/usr/lib/libORBitCosNaming-2.so.0.0.0
00f48000-00f4f000 r-xp 00000000 03:08 342592     /usr/lib/libpopt.so.0.0.0
00f4f000-00f50000 rwxp 00007000 03:08 342592     /usr/lib/libpopt.so.0.0.0
00f60000-00fcf000 r-xp 00000000 03:08 328952     /usr/lib/libdbus-1.so.1.0.0
00fcf000-00fd0000 rwxp 0006f000 03:08 328952     /usr/lib/libdbus-1.so.1.0.0
00fd5000-00fd8000 r-xp 00000000 03:08 343455     /usr/lib/libgmodule-2.0.so.0.800.1
00fd8000-00fd9000 rwxp 00002000 03:08 343455     /usr/lib/libgmodule-2.0.so.0.800.1
08048000-08061000 r-xp 00000000 03:08 359116     /usr/libexec/gnome-vfs-daemon
08061000-08063000 rw-p 00018000 03:08 359116     /usr/libexec/gnome-vfs-daemon
08063000-08064000 rw-p 08063000 00:00 0
080ca000-080eb000 rw-p 080ca000 00:00 0          [heap]
b7cc5000-b7ce0000 r--p 00000000 03:08 878644    
/usr/share/locale/ko/LC_MESSAGES/libc.mo
b7ce0000-b7ce6000 r--s 00000000 03:08 749437     /usr/lib/gconv/gconv-modules.cache
b7ce6000-b7ced000 r--p 00000000 03:08 878119    
/usr/share/locale/ko/LC_MESSAGES/gnome-vfs-2.0.mo
b7ced000-b7d7e000 r--p 001b8000 03:08 457364     /usr/lib/locale/locale-archive
b7d7e000-b7f7e000 r--p 00000000 03:08 457364     /usr/lib/locale/locale-archive
b7f7e000-b7f86000 rw-p b7f7e000 00:00 0
bff85000-bff9b000 rw-p bff85000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

backtrace 

#0  0x002827f2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00bd38f8 in raise () from /lib/libc.so.6
#2  0x00bd5068 in abort () from /lib/libc.so.6
#3  0x00c08a0a in __libc_message () from /lib/libc.so.6
#4  0x00c89495 in __chk_fail () from /lib/libc.so.6
#5  0x00c89a0d in __readlink_chk () from /lib/libc.so.6
#6  0x0805a314 in _gnome_vfs_hal_mounts_modify_volume (
    volume_monitor_daemon=0x9d88da8, volume=0x9d97e78)
    at /usr/include/bits/unistd.h:98
#7  0x08056757 in update_mtab_volumes (volume_monitor_daemon=0x9d88da8)
    at gnome-vfs-volume-monitor-daemon.c:1048
#8  0x080572b4 in gnome_vfs_volume_monitor_daemon_init (
    volume_monitor_daemon=0x9d88da8) at gnome-vfs-volume-monitor-daemon.c:190
#9  0x00dd4881 in IA__g_type_create_instance (type=165179840) at gtype.c:1596
#10 0x00dbb570 in g_object_constructor (type=165179840,
    n_construct_properties=0, construct_params=0x0) at gobject.c:1011
#11 0x00dbc1c9 in IA__g_object_newv (object_type=165179840, n_parameters=0,
    parameters=0x0) at gobject.c:908
#12 0x00dbcd74 in IA__g_object_new_valist (object_type=165179840,
    first_property_name=0x0, var_args=Variable "var_args" is not available.
) at gobject.c:951
#13 0x00dbcf1c in IA__g_object_new (object_type=165179840,
    first_property_name=0x0) at gobject.c:789
#14 0x00385bdb in _gnome_vfs_get_volume_monitor_internal (create=1)
---Type <return> to continue, or q <return> to quit---
    at gnome-vfs-volume-monitor.c:251
#15 0x00385c24 in gnome_vfs_get_volume_monitor ()
    at gnome-vfs-volume-monitor.c:278
#16 0x0805076e in main (argc=1, argv=0xbf8c7754) at gnome-vfs-daemon.c:611


Version-Release number of selected component (if applicable):
gnome-vfs2-2.12.0-1

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
hal-0.5.4-3

Comment 1 Charles Lopes 2005-09-12 13:19:43 UTC

I'm getting the same error. _gnome_vfs_hal_mounts_modify_volume is being called
for /var/lib/nfs/rpc_pipefs:

(gdb) print *vol->priv
$5 = {id = 2, volume_type = GNOME_VFS_VOLUME_TYPE_MOUNTPOINT,
  device_type = GNOME_VFS_DEVICE_TYPE_HARDDRIVE, drive = 0x0,
  activation_uri = 0x9a84540 "file:///var/lib/nfs/rpc_pipefs",
  filesystem_type = 0x9a8b688 "rpc_pipefs",
  display_name = 0x9a8b6b8 "rpc_pipefs",
  icon = 0x9a845b8 "gnome-dev-harddisk", is_user_visible = 0,
  is_read_only = 0, is_mounted = 1, device_path = 0x9a8b678 "sunrpc",
  unix_device = 19, hal_udi = 0x0, hal_drive_udi = 0x0, gconf_id = 0x0}

Comment 2 Rodd Clarkson 2005-09-19 13:12:46 UTC

I'm seeing similar problems too.

Comment 3 David Zeuthen 2005-09-19 16:42:34 UTC

I can reproduce this - I happened after an upgrade of D-BUS so I'm adding
johnp as Cc

Comment 4 David Zeuthen 2005-09-19 16:45:38 UTC

With "I happened after an upgrade of D-BUS" I meant to say "it probably happened
after an upgrade to D-BUS 0.50.0". Sorry for the confusion.

Comment 5 Rodd Clarkson 2005-09-19 21:30:10 UTC

Hmmm, I just looked and I'm using dbus-0.50 too, which was upgraded around the
9th of Sept, with is around the time I started noticing something was wrong (but
was fighting kernel problems) and around the same time that this bug was posted.

Comment 6 John (J5) Palmieri 2005-09-20 01:11:41 UTC

david can you downgrade to 0.36.1 and see if it fixes the issues.  They only
thing that could have caused this is Olivier Andrieu object tree optimizations
but I want to isolate the cause first before I single that piece of code out. 
If you are still seing this issue with the downgraded packages then it is
something else.

Comment 7 Rodd Clarkson 2005-09-20 03:34:45 UTC

I tried to recompile dbus and gnome-vfs2.  dbus-0.50.x recompiled without
problem, but gnome-vfs2 wouldn't.

see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168743

I don't know if it's relevant, but I thought it worth the enquiry

Comment 8 Charles Lopes 2005-09-20 11:22:12 UTC

I do not experience the problem anymore after downgrading to dbus 0.33 from the
FC4 updates.

Comment 9 John (J5) Palmieri 2005-09-20 13:35:19 UTC

Rodd, that looks unrelated and a problem with SMB.

Charles, 0.33 doesn't really help me pinpoint where the problem is but thanks. 
It might help if the error still shows up in 0.36.1.  I'll post the RPM's for
0.36.1 later in the day.

Comment 10 John (J5) Palmieri 2005-09-20 17:58:25 UTC

Please go to http://people.redhat.com/johnp/files/dbus/ to get the 0.36.1 rpms
and tell me if the problem is fixed.

Comment 11 Rodd Clarkson 2005-09-20 23:13:14 UTC

I've downgraded to the 0.36.1 rpms and the problem still exists.

[rodd@localhost ~]$ /usr/libexec/gnome-vfs-daemon
*** buffer overflow detected ***: /usr/libexec/gnome-vfs-daemon terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xb89735]
/lib/libc.so.6[0xb89cad]
/usr/libexec/gnome-vfs-daemon(_gnome_vfs_hal_mounts_modify_volume+0x1be)[0x805a314]
/usr/libexec/gnome-vfs-daemon[0x8056757]
/usr/libexec/gnome-vfs-daemon[0x80572b4]
/usr/lib/libgobject-2.0.so.0(g_type_create_instance+0x4d2)[0xda4881]
/usr/lib/libgobject-2.0.so.0[0xd8b570]
/usr/lib/libgobject-2.0.so.0(g_object_newv+0x1d6)[0xd8c1c9]
/usr/lib/libgobject-2.0.so.0(g_object_new_valist+0x22b)[0xd8cd74]
/usr/lib/libgobject-2.0.so.0(g_object_new+0x3c)[0xd8cf1c]
/usr/lib/libgnomevfs-2.so.0(_gnome_vfs_get_volume_monitor_internal+0xfa)[0x8ecbdb]
/usr/lib/libgnomevfs-2.so.0(gnome_vfs_get_volume_monitor+0x1e)[0x8ecc24]
/usr/libexec/gnome-vfs-daemon(main+0xd3)[0x805076e]
/lib/libc.so.6(__libc_start_main+0xdf)[0xac04ff]
/usr/libexec/gnome-vfs-daemon[0x804f781]
======= Memory map: ========
00111000-00118000 r-xp 00000000 03:09 2015239   
/usr/lib/gnome-vfs-2.0/modules/libfile.so
00118000-00119000 rwxp 00006000 03:09 2015239   
/usr/lib/gnome-vfs-2.0/modules/libfile.so
0019a000-001a8000 r-xp 00000000 03:09 324174     /lib/libpthread-2.3.90.so
001a8000-001a9000 r-xp 0000d000 03:09 324174     /lib/libpthread-2.3.90.so
001a9000-001aa000 rwxp 0000e000 03:09 324174     /lib/libpthread-2.3.90.so
001aa000-001ac000 rwxp 001aa000 00:00 0
0021e000-00237000 r-xp 00000000 03:09 324170     /lib/ld-2.3.90.so
00237000-00238000 r-xp 00018000 03:09 324170     /lib/ld-2.3.90.so
00238000-00239000 rwxp 00019000 03:09 324170     /lib/ld-2.3.90.so
0023b000-00242000 r-xp 00000000 03:09 1820786    /usr/lib/libpopt.so.0.0.0
00242000-00243000 rwxp 00007000 03:09 1820786    /usr/lib/libpopt.so.0.0.0
00245000-00247000 r-xp 00000000 03:09 324195     /lib/libcom_err.so.2.1
00247000-00248000 rwxp 00001000 03:09 324195     /lib/libcom_err.so.2.1
0024a000-00259000 r-xp 00000000 03:09 324193     /lib/libresolv-2.3.90.so
00259000-0025a000 r-xp 0000e000 03:09 324193     /lib/libresolv-2.3.90.so
0025a000-0025b000 rwxp 0000f000 03:09 324193     /lib/libresolv-2.3.90.so
0025b000-0025d000 rwxp 0025b000 00:00 0
0025f000-002d0000 r-xp 00000000 03:09 1820400    /usr/lib/libkrb5.so.3.2
002d0000-002d2000 rwxp 00071000 03:09 1820400    /usr/lib/libkrb5.so.3.2
002d4000-002d7000 r-xp 00000000 03:09 1820249    /usr/lib/libkrb5support.so.0.0
002d7000-002d8000 rwxp 00002000 03:09 1820249    /usr/lib/libkrb5support.so.0.0
002da000-002fd000 r-xp 00000000 03:09 1820322    /usr/lib/libk5crypto.so.3.0
002fd000-002fe000 rwxp 00023000 03:09 1820322    /usr/lib/libk5crypto.so.3.0
00300000-00317000 r-xp 00000000 03:09 1820782    /usr/lib/libgssapi_krb5.so.2.2
00317000-00319000 rwxp 00016000 03:09 1820782    /usr/lib/libgssapi_krb5.so.2.2
0031b000-00415000 r-xp 00000000 03:09 324199     /lib/libcrypto.so.0.9.7f
00415000-00427000 rwxp 000fa000 03:09 324199     /lib/libcrypto.so.0.9.7f
00427000-0042a000 rwxp 00427000 00:00 0
0042c000-00462000 r-xp 00000000 03:09 324200     /lib/libssl.so.0.9.7f
00462000-00465000 rwxp 00036000 03:09 324200     /lib/libssl.so.0.9.7f
00467000-0046b000 r-xp 00000000 03:09 1821755    /usr/lib/libgthread-2.0.so.0.800.1
0046b000-0046c000 rwxp 00003000 03:09 1821755    /usr/lib/libgthread-2.0.so.0.800.1
0046e000-00476000 r-xp 00000000 03:09 324183     /lib/librt-2.3.90.so
00476000-00477000 r-xp 00007000 03:09 324183     /lib/librt-2.3.90.so
00477000-00478000 rwxp 00008000 03:09 324183     /lib/librt-2.3.90.so
00478000-00482000 rwxp 00478000 00:00 0
00484000-0048b000 r-xp 00000000 03:09 1821283    /usr/lib/libhal-storage.so.1.0.0
0048b000-0048c000 rwxp 00007000 03:09 1821283    /usr/lib/libhal-storage.so.1.0.0
004c0000-0050c000 r-xp 00000000 03:09 1821756    /usr/lib/libORBit-2.so.0.0.0
0050c000-00518000 rwxp 0004b000 03:09 1821756    /usr/lib/libORBit-2.so.0.0.0
005e7000-005f9000 r-xp 00000000 03:09 1821769   
/usr/lib/libbonobo-activation.so.4.0.0
005f9000-005fc000 rwxp 00011000 03:09 1821769   
/usr/lib/libbonobo-activation.so.4.0.0
005fe000-00602000 r-xp 00000000 03:09 1821767   
/usr/lib/libORBitCosNaming-2.so.0.0.0
00602000-00603000 rwxp 00004000 03:09 1821767   
/usr/lib/libORBitCosNaming-2.so.0.0.0
00605000-0061a000 r-xp 00000000 03:09 1821809    /usr/lib/libhowl.so.0.0.0
0061a000-0061c000 rwxp 00014000 03:09 1821809    /usr/lib/libhowl.so.0.0.0
0061c000-0072e000 rwxp 0061c000 00:00 0
00730000-00762000 r-xp 00000000 03:09 1821758    /usr/lib/libgconf-2.so.4.1.0
00762000-00765000 rwxp 00031000 03:09 1821758    /usr/lib/libgconf-2.so.4.1.0
00767000-007bd000 r-xp 00000000 03:09 1821801    /usr/lib/libbonobo-2.so.0.0.0
007bd000-007c7000 rwxp 00056000 03:09 1821801    /usr/lib/libbonobo-2.so.0.0.0
00886000-0088c000 r-xp 00000000 03:09 1824192    /usr/lib/libfam.so.0.0.0
0088c000-0088d000 rwxp 00006000 03:09 1824192    /usr/lib/libfam.so.0.0.0
00890000-00898000 r-xp 00000000 03:09 1826459    /usr/lib/libhal.so.1.0.0
00898000-00899000 rwxp 00008000 03:09 1826459    /usr/lib/libhal.so.1.0.0
008ae000-00911000 r-xp 00000000 03:09 1821858    /usr/lib/libgnomevfs-2.so.0.1200.0
00911000-00916000 rwxp 00062000 03:09 1821858    /usr/lib/libgnomevfs-2.so.0.1200.0
009aa000-009bc000 r-xp 00000000 03:09 324191     /lib/libnsl-2.3.90.so
009bc000-009bd000 r-xp 00011000 03:09 324191     /lib/libnsl-2.3.90.so
009bd000-009be000 rwxp 00012000 03:09 324191     /lib/libnsl-2.3.90.so
009be000-009c0000 rwxp 009be000 00:00 0
009c2000-00a31000 r-xp 00000000 03:09 1825188    /usr/lib/libdbus-1.so.1.0.0
00a31000-00a32000 rwxp 0006f000 03:09 1825188    /usr/lib/libdbus-1.so.1.0.0
00a7a000-00a7b000 r-xp 00a7a000 00:00 0          [vdso]
00aab000-00bd0000 r-xp 00000000 03:09 324172     /lib/libc-2.3.90.so
00bd0000-00bd2000 r-xp 00125000 03:09 324172     /lib/libc-2.3.90.so
00bd2000-00bd4000 rwxp 00127000 03:09 324172     /lib/libc-2.3.90.so
00bd4000-00bd6000 rwxp 00bd4000 00:00 0
00bd8000-00bfb000 r-xp 00000000 03:09 324180     /lib/libm-2.3.90.so
00bfb000-00bfc000 r-xp 00022000 03:09 324180     /lib/libm-2.3.90.so
00bfc000-00bfd000 rwxp 00023000 03:09 324180     /lib/libm-2.3.90.so
00bff000-00c01000 r-xp 00000000 03:09 324185     /lib/libdl-2.3.90.so
00c01000-00c02000 r-xp 00001000 03:09 324185     /lib/libdl-2.3.90.so
00c02000-00c03000 rwxp 00002000 03:09 324185     /lib/libdl-2.3.90.so
00c05000-00c17000 r-xp 00000000 03:09 1819081    /usr/lib/libz.so.1.2.3
00c17000-00c18000 rwxp 00011000 03:09 1819081    /usr/lib/libz.so.1.2.3
00cf0000-00d7b000 r-xp 00000000 03:09 1819067   
/usr/lib/libglib-2.0.so.0.800.100d7b000-00d7c000 rwxp 0008b000 03:09 1819067   
/usr/lib/libglib-2.0.so.0.800.100d7e000-00db9000 r-xp 00000000 03:09 1819068   
/usr/lib/libgobject-2.0.so.0.800.1
00db9000-00dba000 rwxp 0003b000 03:09 1819068    /usr/lib/libgobject-2.0.so.0.800.1
00dcd000-00dd0000 r-xp 00000000 03:09 1819072    /usr/lib/libgmodule-2.0.so.0.800.1
00dd0000-00dd1000 rwxp 00002000 03:09 1819072    /usr/lib/libgmodule-2.0.so.0.800.1
00fa9000-00fb2000 r-xp 00000000 03:09 324212     /lib/libnss_files-2.3.90.so
00fb2000-00fb3000 r-xp 00008000 03:09 324212     /lib/libnss_files-2.3.90.so
00fb3000-00fb4000 rwxp 00009000 03:09 324212     /lib/libnss_files-2.3.90.so
04b2e000-04b4d000 r-xp 00000000 03:09 1825216    /usr/lib/libdbus-glib-1.so.1.0.0
04b4d000-04b4e000 rwxp 0001f000 03:09 1825216    /usr/lib/libdbus-glib-1.so.1.0.0
056d6000-057f4000 r-xp 00000000 03:09 1816749    /usr/lib/libxml2.so.2.6.22
057f4000-057fc000 rwxp 0011e000 03:09 1816749    /usr/lib/libxml2.so.2.6.22
057fc000-057fd000 rwxp 057fc000 00:00 0
057ff000-05808000 r-xp 00000000 03:09 324182     /lib/libgcc_s-4.0.1-20050919.so.1
05808000-05809000 rwxp 00009000 03:09 324182     /lib/libgcc_s-4.0.1-20050919.so.1
08041000-08061000 r-xp 00000000 03:09 1819770    /usr/libexec/gnome-vfs-daemon
08061000-08064000 rw-p 0001f000 03:09 1819770    /usr/libexec/gnome-vfs-daemon
09ce7000-09d08000 rw-p 09ce7000 00:00 0          [heap]
b7d65000-b7f65000 r--p 00000000 03:09 1296648    /usr/lib/locale/locale-archive
b7f65000-b7f6d000 rw-p b7f65000 00:00 0
b7f7d000-b7f7e000 rw-p b7f7d000 00:00 0
bfb69000-bfb7e000 rw-p bfb69000 00:00 0          [stack]
Aborted
[rodd@localhost ~]$

Comment 12 Rodd Clarkson 2005-09-20 23:25:16 UTC

Ah, bugger.  The above output is wrong, but downgrading didn't help.

I've just realised that I did the test last night after downgrading the rpms,
and then I've posted this output this morning after doing an update.

Comment 13 Rodd Clarkson 2005-09-20 23:27:02 UTC

try this instead

[rodd@localhost tmp]$ sudo rpm -Uvh dbus-0.36.1-1.i386.rpm
dbus-devel-0.36.1-1.i386.rpm dbus-glib-0.36.1-1.i386.rpm
dbus-x11-0.36.1-1.i386.rpm dbus-python-0.36.1-1.i386.rpm --force
Password:
Preparing...                ########################################### [100%]
   1:dbus                   ########################################### [ 20%]
   2:dbus-glib              ########################################### [ 40%]
   3:dbus-devel             ########################################### [ 60%]
   4:dbus-x11               ########################################### [ 80%]
   5:dbus-python            ########################################### [100%]
[rodd@localhost tmp]$ /usr/libexec/gnome-vfs-daemon
*** buffer overflow detected ***: /usr/libexec/gnome-vfs-daemon terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xb89735]
/lib/libc.so.6[0xb89cad]
/usr/libexec/gnome-vfs-daemon(_gnome_vfs_hal_mounts_modify_volume+0x1be)[0x805a314]
/usr/libexec/gnome-vfs-daemon[0x8056757]
/usr/libexec/gnome-vfs-daemon[0x80572b4]
/usr/lib/libgobject-2.0.so.0(g_type_create_instance+0x4d2)[0xda4881]
/usr/lib/libgobject-2.0.so.0[0xd8b570]
/usr/lib/libgobject-2.0.so.0(g_object_newv+0x1d6)[0xd8c1c9]
/usr/lib/libgobject-2.0.so.0(g_object_new_valist+0x22b)[0xd8cd74]
/usr/lib/libgobject-2.0.so.0(g_object_new+0x3c)[0xd8cf1c]
/usr/lib/libgnomevfs-2.so.0(_gnome_vfs_get_volume_monitor_internal+0xfa)[0x8ecbdb]
/usr/lib/libgnomevfs-2.so.0(gnome_vfs_get_volume_monitor+0x1e)[0x8ecc24]
/usr/libexec/gnome-vfs-daemon(main+0xd3)[0x805076e]
/lib/libc.so.6(__libc_start_main+0xdf)[0xac04ff]
/usr/libexec/gnome-vfs-daemon[0x804f781]
======= Memory map: ========
00111000-00180000 r-xp 00000000 03:09 1824757    /usr/lib/libdbus-1.so.1.0.0
00180000-00181000 rwxp 0006f000 03:09 1824757    /usr/lib/libdbus-1.so.1.0.0
00181000-001f2000 r-xp 00000000 03:09 1820400    /usr/lib/libkrb5.so.3.2
001f2000-001f4000 rwxp 00071000 03:09 1820400    /usr/lib/libkrb5.so.3.2
001f4000-00202000 r-xp 00000000 03:09 324174     /lib/libpthread-2.3.90.so
00202000-00203000 r-xp 0000d000 03:09 324174     /lib/libpthread-2.3.90.so
00203000-00204000 rwxp 0000e000 03:09 324174     /lib/libpthread-2.3.90.so
00204000-00206000 rwxp 00204000 00:00 0
0021e000-00237000 r-xp 00000000 03:09 324170     /lib/ld-2.3.90.so
00237000-00238000 r-xp 00018000 03:09 324170     /lib/ld-2.3.90.so
00238000-00239000 rwxp 00019000 03:09 324170     /lib/ld-2.3.90.so
0023b000-00242000 r-xp 00000000 03:09 1820786    /usr/lib/libpopt.so.0.0.0
00242000-00243000 rwxp 00007000 03:09 1820786    /usr/lib/libpopt.so.0.0.0
00245000-00247000 r-xp 00000000 03:09 324195     /lib/libcom_err.so.2.1
00247000-00248000 rwxp 00001000 03:09 324195     /lib/libcom_err.so.2.1
0024a000-00259000 r-xp 00000000 03:09 324193     /lib/libresolv-2.3.90.so
00259000-0025a000 r-xp 0000e000 03:09 324193     /lib/libresolv-2.3.90.so
0025a000-0025b000 rwxp 0000f000 03:09 324193     /lib/libresolv-2.3.90.so
0025b000-0025d000 rwxp 0025b000 00:00 0
002aa000-002ab000 r-xp 002aa000 00:00 0          [vdso]
002d4000-002d7000 r-xp 00000000 03:09 1820249    /usr/lib/libkrb5support.so.0.0
002d7000-002d8000 rwxp 00002000 03:09 1820249    /usr/lib/libkrb5support.so.0.0
002da000-002fd000 r-xp 00000000 03:09 1820322    /usr/lib/libk5crypto.so.3.0
002fd000-002fe000 rwxp 00023000 03:09 1820322    /usr/lib/libk5crypto.so.3.0
00300000-00317000 r-xp 00000000 03:09 1820782    /usr/lib/libgssapi_krb5.so.2.2
00317000-00319000 rwxp 00016000 03:09 1820782    /usr/lib/libgssapi_krb5.so.2.2
0031b000-00415000 r-xp 00000000 03:09 324199     /lib/libcrypto.so.0.9.7f
00415000-00427000 rwxp 000fa000 03:09 324199     /lib/libcrypto.so.0.9.7f
00427000-0042a000 rwxp 00427000 00:00 0
0042c000-00462000 r-xp 00000000 03:09 324200     /lib/libssl.so.0.9.7f
00462000-00465000 rwxp 00036000 03:09 324200     /lib/libssl.so.0.9.7f
00467000-0046b000 r-xp 00000000 03:09 1821755    /usr/lib/libgthread-2.0.so.0.800.1
0046b000-0046c000 rwxp 00003000 03:09 1821755    /usr/lib/libgthread-2.0.so.0.800.1
0046e000-00476000 r-xp 00000000 03:09 324183     /lib/librt-2.3.90.so
00476000-00477000 r-xp 00007000 03:09 324183     /lib/librt-2.3.90.so
00477000-00478000 rwxp 00008000 03:09 324183     /lib/librt-2.3.90.so
00478000-00482000 rwxp 00478000 00:00 0
00484000-0048b000 r-xp 00000000 03:09 1821283    /usr/lib/libhal-storage.so.1.0.0
0048b000-0048c000 rwxp 00007000 03:09 1821283    /usr/lib/libhal-storage.so.1.0.0
004c0000-0050c000 r-xp 00000000 03:09 1821756    /usr/lib/libORBit-2.so.0.0.0
0050c000-00518000 rwxp 0004b000 03:09 1821756    /usr/lib/libORBit-2.so.0.0.0
00561000-00580000 r-xp 00000000 03:09 453925     /usr/lib/libdbus-glib-1.so.1.0.0
00580000-00581000 rwxp 0001f000 03:09 453925     /usr/lib/libdbus-glib-1.so.1.0.0
005e7000-005f9000 r-xp 00000000 03:09 1821769   
/usr/lib/libbonobo-activation.so.4.0.0
005f9000-005fc000 rwxp 00011000 03:09 1821769   
/usr/lib/libbonobo-activation.so.4.0.0
005fe000-00602000 r-xp 00000000 03:09 1821767   
/usr/lib/libORBitCosNaming-2.so.0.0.0
00602000-00603000 rwxp 00004000 03:09 1821767   
/usr/lib/libORBitCosNaming-2.so.0.0.0
00605000-0061a000 r-xp 00000000 03:09 1821809    /usr/lib/libhowl.so.0.0.0
0061a000-0061c000 rwxp 00014000 03:09 1821809    /usr/lib/libhowl.so.0.0.0
0061c000-0072e000 rwxp 0061c000 00:00 0
00730000-00762000 r-xp 00000000 03:09 1821758    /usr/lib/libgconf-2.so.4.1.0
00762000-00765000 rwxp 00031000 03:09 1821758    /usr/lib/libgconf-2.so.4.1.0
00767000-007bd000 r-xp 00000000 03:09 1821801    /usr/lib/libbonobo-2.so.0.0.0
007bd000-007c7000 rwxp 00056000 03:09 1821801    /usr/lib/libbonobo-2.so.0.0.0
00886000-0088c000 r-xp 00000000 03:09 1824192    /usr/lib/libfam.so.0.0.0
0088c000-0088d000 rwxp 00006000 03:09 1824192    /usr/lib/libfam.so.0.0.0
00890000-00898000 r-xp 00000000 03:09 1826459    /usr/lib/libhal.so.1.0.0
00898000-00899000 rwxp 00008000 03:09 1826459    /usr/lib/libhal.so.1.0.0
008ae000-00911000 r-xp 00000000 03:09 1821858    /usr/lib/libgnomevfs-2.so.0.1200.0
00911000-00916000 rwxp 00062000 03:09 1821858    /usr/lib/libgnomevfs-2.so.0.1200.0
009aa000-009bc000 r-xp 00000000 03:09 324191     /lib/libnsl-2.3.90.so
009bc000-009bd000 r-xp 00011000 03:09 324191     /lib/libnsl-2.3.90.so
009bd000-009be000 rwxp 00012000 03:09 324191     /lib/libnsl-2.3.90.so
009be000-009c0000 rwxp 009be000 00:00 0
00aab000-00bd0000 r-xp 00000000 03:09 324172     /lib/libc-2.3.90.so
00bd0000-00bd2000 r-xp 00125000 03:09 324172     /lib/libc-2.3.90.so
00bd2000-00bd4000 rwxp 00127000 03:09 324172     /lib/libc-2.3.90.so
00bd4000-00bd6000 rwxp 00bd4000 00:00 0
00bd8000-00bfb000 r-xp 00000000 03:09 324180     /lib/libm-2.3.90.so
00bfb000-00bfc000 r-xp 00022000 03:09 324180     /lib/libm-2.3.90.so
00bfc000-00bfd000 rwxp 00023000 03:09 324180     /lib/libm-2.3.90.so
00bff000-00c01000 r-xp 00000000 03:09 324185     /lib/libdl-2.3.90.so
00c01000-00c02000 r-xp 00001000 03:09 324185     /lib/libdl-2.3.90.so
00c02000-00c03000 rwxp 00002000 03:09 324185     /lib/libdl-2.3.90.so
00c05000-00c17000 r-xp 00000000 03:09 1819081    /usr/lib/libz.so.1.2.3
00c17000-00c18000 rwxp 00011000 03:09 1819081    /usr/lib/libz.so.1.2.3
00cf0000-00d7b000 r-xp 00000000 03:09 1819067   
/usr/lib/libglib-2.0.so.0.800.100d7b000-00d7c000 rwxp 0008b000 03:09 1819067   
/usr/lib/libglib-2.0.so.0.800.100d7e000-00db9000 r-xp 00000000 03:09 1819068   
/usr/lib/libgobject-2.0.so.0.800.1
00db9000-00dba000 rwxp 0003b000 03:09 1819068    /usr/lib/libgobject-2.0.so.0.800.1
00dcd000-00dd0000 r-xp 00000000 03:09 1819072    /usr/lib/libgmodule-2.0.so.0.800.1
00dd0000-00dd1000 rwxp 00002000 03:09 1819072    /usr/lib/libgmodule-2.0.so.0.800.1
00e97000-00e9e000 r-xp 00000000 03:09 2015239   
/usr/lib/gnome-vfs-2.0/modules/libfile.so
00e9e000-00e9f000 rwxp 00006000 03:09 2015239   
/usr/lib/gnome-vfs-2.0/modules/libfile.so
00f17000-00f20000 r-xp 00000000 03:09 324212     /lib/libnss_files-2.3.90.so
00f20000-00f21000 r-xp 00008000 03:09 324212     /lib/libnss_files-2.3.90.so
00f21000-00f22000 rwxp 00009000 03:09 324212     /lib/libnss_files-2.3.90.so
056d6000-057f4000 r-xp 00000000 03:09 1816749    /usr/lib/libxml2.so.2.6.22
057f4000-057fc000 rwxp 0011e000 03:09 1816749    /usr/lib/libxml2.so.2.6.22
057fc000-057fd000 rwxp 057fc000 00:00 0
057ff000-05808000 r-xp 00000000 03:09 324182     /lib/libgcc_s-4.0.1-20050919.so.1
05808000-05809000 rwxp 00009000 03:09 324182     /lib/libgcc_s-4.0.1-20050919.so.1
08041000-08061000 r-xp 00000000 03:09 1819770    /usr/libexec/gnome-vfs-daemon
08061000-08064000 rw-p 0001f000 03:09 1819770    /usr/libexec/gnome-vfs-daemon
09437000-09458000 rw-p 09437000 00:00 0          [heap]
b7d15000-b7f15000 r--p 00000000 03:09 1296648    /usr/lib/locale/locale-archive
b7f15000-b7f1d000 rw-p b7f15000 00:00 0
b7f2d000-b7f2e000 rw-p b7f2d000 00:00 0
bfc19000-bfc2e000 rw-p bfc19000 00:00 0          [stack]
Aborted
[rodd@localhost tmp]$

Comment 14 John (J5) Palmieri 2005-09-21 14:42:50 UTC

Did you reboot after the upgrade? It might have still been using the old libraries.

Comment 15 John (J5) Palmieri 2005-09-21 20:01:59 UTC

ok, this is a gnome-vfs problem not d-bus.  It is a potential buffer overflow
that _FORTIFY_SOURCE caught.

path [PATH_MAX] = "/dev/";
char *target = path + 5;
ret = readlink (volume->priv->device_path, target, PATH_MAX - 1);

This requires root to exploit so it is a non issue.  Patch is attached.

Comment 16 John (J5) Palmieri 2005-09-21 20:03:36 UTC

Created attachment 119096 [details]
Fixes the length of the buffer sent into readlink

Comment 17 John (J5) Palmieri 2005-09-21 20:06:42 UTC

This only effects RawHide and upstream gnome-vfs-2.12

Comment 18 sangu 2005-09-22 09:40:52 UTC

After patching attachment 119096 [details] , building gnome-vfs 2.12.0 in dbus-0.50-1.

But this problem still happens (both dbus 0.36.1-1 and 0.50-1.)


backtrace

#0  0x0026f402 in __kernel_vsyscall ()
#1  0x00912908 in raise () from /lib/libc.so.6
#2  0x00914078 in abort () from /lib/libc.so.6
#3  0x00947a7a in __libc_message () from /lib/libc.so.6
#4  0x009c8735 in __chk_fail () from /lib/libc.so.6
#5  0x009c8cad in __readlink_chk () from /lib/libc.so.6
#6  0x0805a354 in _gnome_vfs_hal_mounts_modify_volume (
    volume_monitor_daemon=0x8dc7da8, volume=0x8dd7958)
    at /usr/include/bits/unistd.h:98
#7  0x08056797 in update_mtab_volumes (volume_monitor_daemon=0x8dc7da8)
    at gnome-vfs-volume-monitor-daemon.c:1048
#8  0x080572f4 in gnome_vfs_volume_monitor_daemon_init (
    volume_monitor_daemon=0x8dc7da8) at gnome-vfs-volume-monitor-daemon.c:190
#9  0x0052d881 in IA__g_type_create_instance (type=148660672) at gtype.c:1596
#10 0x00514570 in g_object_constructor (type=148660672,
    n_construct_properties=0, construct_params=0x0) at gobject.c:1011
#11 0x005151c9 in IA__g_object_newv (object_type=148660672, n_parameters=0,
    parameters=0x0) at gobject.c:908
#12 0x00515d74 in IA__g_object_new_valist (object_type=148660672,
    first_property_name=0x0, var_args=Variable "var_args" is not available.
) at gobject.c:951
#13 0x00515f1c in IA__g_object_new (object_type=148660672,
    first_property_name=0x0) at gobject.c:789
#14 0x0081abdb in _gnome_vfs_get_volume_monitor_internal (create=1)
---Type <return> to continue, or q <return> to quit---
    at gnome-vfs-volume-monitor.c:251
#15 0x0081ac24 in gnome_vfs_get_volume_monitor ()
    at gnome-vfs-volume-monitor.c:278
#16 0x080507ae in main (argc=1, argv=0xbfaa87f4) at gnome-vfs-daemon.c:611

Comment 19 Charles Lopes 2005-09-22 09:56:45 UTC

There is a second occurence of the same bug in the same file. I have amended the
original patch to fixe the second occurence as well.

Comment 20 Charles Lopes 2005-09-22 09:59:20 UTC

Created attachment 119127 [details]
Amended patch

Comment 21 John (J5) Palmieri 2005-09-22 15:54:15 UTC

This has all been fixed in CVS in a slightly different way.  The patch should be
picked up from there.

Comment 22 Rodd Clarkson 2005-09-22 20:32:47 UTC

How long until we can expect to see this rolled into rawhide for yuming up?

Comment 23 John (J5) Palmieri 2005-09-27 23:08:53 UTC

Created attachment 119336 [details]
Backported patch from CVS

Comment 24 John (J5) Palmieri 2005-09-27 23:10:01 UTC

Building now.  Should be in the next compose.