Bug 202152

Summary: buffer overflow detected while starting gnome
Product: [Fedora] Fedora Reporter: Chris Lumens <clumens>
Component: fontconfigAssignee: Behdad Esfahbod <behdad>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: keithp, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: powerpc   
OS: Linux   
Whiteboard:
Fixed In Version: 2.3.95-10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-11 22:40:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
backtrace info
none
overflow patch that was built
none
patch take 2
none
last try none

Description Chris Lumens 2006-08-11 03:06:12 UTC 
After a yum update to 20060810's stuff, I am no longer ablel to start GNOME on my G5.  I am getting the
attached backtrace from every program that starts, so I assume this is not just gnome-panel's fault, but 
some underlying library that everything is using.  Please reassign as appropriate, as I don't know which 
desktop-related component is to blame (I'm sure you feel the same way about installer stuff).  The result 
is a huge cycle of bug-buddy and gnome_sigsegv processes.  This also happens if I attempt to start XFCE.

Perhaps more font goofiness, as I have had font goofiness on this machine in the past.
Comment 1 Chris Lumens 2006-08-11 03:06:17 UTC 
Created attachment 134001 [details]
backtrace info
Comment 2 Ray Strode [halfline] 2006-08-11 15:09:19 UTC 
So this FcCacheMachineSignature function looks a little fishy
Comment 3 Ray Strode [halfline] 2006-08-11 15:58:54 UTC 
i'm building a new package into rawhide that may fix this issue.

If it doesn't, i'd appreciate if you could do one or more of the following

1) install fontconfig-debuginfo and get a better backtrace from gdb
2) downgrade kernels and tell me if the problem vanishes
3) run a program that crashes through valgrind --tool=memcheck and see what it
spews out.
Comment 4 Ray Strode [halfline] 2006-08-11 16:04:45 UTC 
Created attachment 134032 [details]
overflow patch that was built
Comment 5 Ray Strode [halfline] 2006-08-11 16:11:28 UTC 
Chris,

Also, i taked a bit with Uli on IRC, and he suggested you attach the output of

LD_SHOW_AUXV=1 /bin/echo

so that we can see what sysconf (_SC_PAGE_SIZE) would return.
Comment 6 Behdad Esfahbod 2006-08-11 16:13:26 UTC 
Ray, your patch hides any problem.  I suggest you check that the signature is
correctly terminated by '\n' and otherwise print a warning.
Comment 7 Ray Strode [halfline] 2006-08-11 16:23:32 UTC 
well, with my patch the \n will always be there.

The patch definitely isn't right though.  It will put 0000 for the page size
actually.  we should probably clamp the pagesize to ffff.
Comment 8 Ray Strode [halfline] 2006-08-11 16:33:12 UTC 
Created attachment 134036 [details]
patch take 2
Comment 9 Ray Strode [halfline] 2006-08-11 17:29:06 UTC 
Created attachment 134041 [details]
last try

So I talked with Behdad a bit on irc.  The strings contents aren't that
important.  It's just used to generate a unique key from a machine type.  by
removing the space in between the last two parts of the string we can support
64k page sizes fine.
Comment 10 Chris Lumens 2006-08-11 22:40:37 UTC 
This is much better in the build I pulled from brew just now.  Thanks.
Comment 11 Ray Strode [halfline] 2006-08-28 17:53:31 UTC 
Hi Chris,

Just had this conversation with keithp:
[13:46:24] <halfline> keithp: can you roll in
https://bugs.freedesktop.org/show_bug.cgi?id=7936 to your changes ?
[13:46:53] <keithp> halfline: already fixed
[13:47:09] <keithp> architecture detection is done at build time now
[13:47:34] <keithp> halfline: if you can, please attempt a build of
fc-2_4-keithp and send me the failure output
[13:48:50] <keithp> halfline: that would be cool; I need to have a list of all
prospective architectures for the autodetection code to work right
[13:49:30] <halfline> okay, i'll ping him about it
[13:49:51] <keithp> halfline: fc-2_4-keithp :-)

So would you mind doing a

yum -y install git-core
git-clone git://anongit.freedesktop.org/git/fontconfig
cd fontconfig
git-checkout fc-2_4-keithp
./autogen.sh
make

and then giving the output of the fc-arch failure?
Comment 12 Chris Lumens 2006-08-28 17:57:32 UTC 
./fc-arch auto < ../fc-arch/fcarch.tmpl.h > fcarch.h
./fc-arch: unknown signature
"12345678_00000001_00000004_00000004_00000018_00000008_00000004_0000000c_00000004_00000008_00000010_00000004_00000004_00000014_00000004_00000004_00000002_00000020_00000004_00000038_00010000"
        Please update fcarch.tmpl.h and rebuild
Comment 13 Need Real Name 2006-08-28 19:01:02 UTC 
Could you suggest a short name for this architecture?
Comment 14 Chris Lumens 2006-08-28 19:06:36 UTC 
ppc64
Comment 15 Need Real Name 2006-08-28 19:10:52 UTC 
How does this differ from a ppc with 4k pages? Different CPU or just a different
configuration? It's not a 64-bit CPU, so ppc64 doesn't make a lot of sense, but
perhaps ppc-64k would. And should we call a 4k page version ppc-4k?
Comment 16 Ray Strode [halfline] 2006-08-28 19:35:47 UTC 
No, Chris is running on a 64-bit powerpc machine (with 64k page size).

Note there are (mostly) 64-bit ppc machines out there with 4k page size, just
not recent rawhide.
Comment 17 Need Real Name 2006-08-28 19:40:27 UTC 
that doesn't jive with the signature output above; the first 00000004 is sizeof
(char *) for the machine. It looks like a 32-bit PPC with 64k pages to me.
Comment 18 Ray Strode [halfline] 2006-08-29 14:02:46 UTC 
Oh right, it is a ppc64 machine, but in Fedora we only run a 64-bit kernel. Most
userspace apps are 32-bit by default.

Note we do have build environments without multilib packages that do run 64-bit
userspace.

So i guess you'll need entries for

ppc-64k, ppc64-64k, ppc-4k, ppc64-4k (the last one for other distros, not rawhide)