Bug 248296

Summary:

gpsdrive aborts on buffer overflow detected

Product:

[Fedora] Fedora

Reporter:

Charles Curley <charlescurley>

Component:

gpsdrive

Assignee:

Kevin Fenzi <kevin>

Status:

CLOSED WONTFIX

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

low

Docs Contact:

Priority:

low

Version:

Target Milestone:

---

Target Release:

---

Hardware:

i686

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2007-11-06 16:28:54 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
gdb trace	none

Description Charles Curley 2007-07-15 15:11:04 UTC

Description of problem:

gpsdrive aborts on buffer overflow detected.

Version-Release number of selected component (if applicable):

gpsdrive-2.09-3.fc7

How reproducible:

Consistent

Steps to Reproduce:

1. install gpsdrive with an existing ~/.gpsdrive directory

2. execute gpsdrive &

Actual results:

gpsdrive runs briefly, then bombs:

--------------------------------------------------
[ccurley@charlesc .gpsdrive]$ gpsdrive &
[1] 29577
[ccurley@charlesc .gpsdrive]$ 
SQL: connected to localhost as gast using geoinfo


Garmin protocol detection disabled!
*** buffer overflow detected ***: gpsdrive terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xbc4bb1]
/lib/libc.so.6(__read_chk+0x50)[0xbc5040]
gpsdrive[0x80958a9]
gpsdrive[0x8066c7b]
gpsdrive[0x8067861]
gpsdrive[0x8067b4e]
/lib/libglib-2.0.so.0[0x37cbf6]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x182)[0x37c622]
/lib/libglib-2.0.so.0[0x37f5ff]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9)[0x37f9a9]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x49f20e4]
gpsdrive[0x806e597]
/lib/libc.so.6(__libc_start_main+0xe0)[0xaf5f70]
gpsdrive[0x804f491]
======= Memory map: ========
00110000-00114000 r-xp 00000000 08:06 2635132    /usr/lib/libXfixes.so.3.1.0
00114000-00115000 rwxp 00003000 08:06 2635132    /usr/lib/libXfixes.so.3.1.0
00115000-0019b000 r-xp 00000000 08:06 2615728    /usr/lib/libfreetype.so.6.3.15
0019b000-0019f000 rwxp 00086000 08:06 2615728    /usr/lib/libfreetype.so.6.3.15
0019f000-001a9000 r-xp 00000000 08:06 1109800    /lib/libnss_files-2.6.so
001a9000-001aa000 r-xp 00009000 08:06 1109800    /lib/libnss_files-2.6.so
001aa000-001ab000 rwxp 0000a000 08:06 1109800    /lib/libnss_files-2.6.so
001ab000-001ad000 r-xp 00000000 08:06 1109831    /lib/libcom_err.so.2.1
001ad000-001ae000 rwxp 00001000 08:06 1109831    /lib/libcom_err.so.2.1
001b0000-00290000 r-xp 00000000 08:06 2627114    /usr/lib/libstdc++.so.6.0.8
00290000-00293000 r-xp 000e0000 08:06 2627114    /usr/lib/libstdc++.so.6.0.8
00293000-00295000 rwxp 000e3000 08:06 2627114    /usr/lib/libstdc++.so.6.0.8
00295000-0029b000 rwxp 00295000 00:00 0 
0029b000-002b0000 r-xp 00000000 08:06 1109795    /lib/libnsl-2.6.so
002b0000-002b1000 r-xp 00014000 08:06 1109795    /lib/libnsl-2.6.so
002b1000-002b2000 rwxp 00015000 08:06 1109795    /lib/libnsl-2.6.so
002b2000-002b4000 rwxp 002b2000 00:00 0 
002b4000-002b6000 r-xp 00000000 08:06 1109827    /lib/libkeyutils-1.2.so
002b6000-002b7000 rwxp 00001000 08:06 1109827    /lib/libkeyutils-1.2.so
002b9000-002de000 r-xp 00000000 08:06 2635120    /usr/lib/libpng12.so.0.16.0
002de000-002df000 rwxp 00024000 08:06 2635120    /usr/lib/libpng12.so.0.16.0
002e1000-00308000 r-xp 00000000 08:06 2635119    /usr/lib/libfontconfig.so.1.2.0
00308000-00310000 rwxp 00027000 08:06 2635119    /usr/lib/libfontconfig.so.1.2.0
00310000-0032f000 r-xp 00000000 08:06 1109871    /lib/libexpat.so.0.5.0
0032f000-00331000 rwxp 0001e000 08:06 1109871    /lib/libexpat.so.0.5.0
00331000-00332000 r-xp 00000000 08:06 2676663    /usr/lib/gconv/ISO8859-1.so
00332000-00334000 rwxp 00000000 08:06 2676663    /usr/lib/gconv/ISO8859-1.so
00334000-0033a000 r-xp 00000000 08:06 2841264   
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
0033a000-0033b000 rwxp 00005000 08:06 2841264   
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
0033b000-0033f000 r-xp 00000000 08:06 2841257   
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
0033f000-00340000 rwxp 00003000 08:06 2841257   
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
00340000-00345000 r-xp 00000000 08:06 2841253   
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so
00345000-00346000 rwxp 00005000 08:06 2841253   
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so
00351000-003ef000 r-xp 00000000 08:06 1109778    /lib/libglib-2.0.so.0.1200.11
003ef000-003f0000 rwxp 0009d000 08:06 1109778    /lib/libglib-2.0.so.0.1200.11
003f2000-003f4000 r-xp 00000000 08:06 2635134    /usr/lib/libXinerama.so.1.0.0
003f4000-003f5000 rwxp 00001000 08:06 2635134    /usr/lib/libXinerama.so.1.0.0
003f7000-00400000 r-xp 00000000 08:06 2635133    /usr/lib/libXcursor.so.1.0.2
00400000-00401000 rwxp 00008000 08:06 2635133    /usr/lib/libXcursor.so.1.0.2
00404000-00405000 r-xp 00404000 00:00 0          [vdso]
0040a000-00411000 r-xp 00000000 08:06 2635131    /usr/lib/libXi.so.6.0.0
00411000-00412000 rwxp 00006000 08:06 2635131    /usr/lib/libXi.so.6.0.0
00414000-0041b000 r-xp 00000000 08:06 1109885    /lib/librt-2.6.so
0041b000-0041c000 r-xp 00006000 08:06 1109885    /lib/librt-2.6.so
0041c000-0041d000 rwxp 00007000 08:06 11098
--------------------------------------------------

Two files are updated:

-rw-rw-r--  1 ccurley ccurley      74 2007-07-15 08:48 way-SQLRESULT.txt
-rw-r--r--  1 ccurley ccurley    3877 2007-07-15 08:48 top_NASA_IMAGE.ppm

A working version of the second is usually much larger:

-rw-r--r-- 1 ccurley ccurley 3932197 Jun 18 14:01 .gpsdrive/top_NASA_IMAGE.ppm


Expected results:

Normal gpsdrive operation.

Additional info:

renaming .gpsdrive to something else allows the program to run. The
old .gpsdrive was created with gpsdrive-2.09-22.1.i586, which I found
years ago on a Suse repository.

I copied portions of the old .gpsdrive into the new one, and got the
buffer overflow when I copied in the nasamaps directory.

Temporary workaround: don't use the nasamaps. Sigh.

Kevin, unless you have the source for that version, I doubt there's
much you can do about this.

Comment 1 Kevin Fenzi 2007-07-16 15:54:23 UTC

Thanks for the bug report! 

Well, I can easily find the source for that version (it appears to be the one
shipped in SuSE 9.2 or so), but not sure if I can duplicate the problem. 

Is there a place I could download a NASA image like you are using? 

Alternately, could you: 

yum --enablerepo=fedora-debuginfo install gpsdrive-debuginfo
yum install gdb
gdb /usr/bin/gpsdrive
Then, do 'run' at the gdb prompt. 
When it crashes, do 'bt' at the prompt and report the trace here?

Comment 2 Charles Curley 2007-07-16 17:03:26 UTC

Thanks for the quick response. However:

[root@phoenix bin]# yum --enablerepo=fedora-debuginfo install gpsdrive-debuginfo
Loading "fedorakmod" plugin
Loading "fastestmirror" plugin
Loading "installonlyn" plugin
Loading "downloadonly" plugin
Loading mirror speeds from cached hostfile
Setting up Install Process
Parsing package install arguments
fedora-debuginfo          100% |=========================| 1.9 kB    00:00     
primary.sqlite.bz2        100% |=========================| 849 kB    00:06     
Nothing to do
[root@phoenix bin]# yum --enablerepo=fedora-debuginfo list gpsdrive\*
Loading "fedorakmod" plugin
Loading "fastestmirror" plugin
Loading "installonlyn" plugin
Loading "downloadonly" plugin
Loading mirror speeds from cached hostfile
Installed Packages
gpsdrive.i386                            2.09-3.fc7             installed

Comment 3 Kevin Fenzi 2007-07-16 17:08:54 UTC

Oh, sorry. That should be 'updates-debuginfo' since gpsdrive was added as an
update, and wasn't shipped with F7. 

So, it should be: 

yum --enablerepo=updates-debuginfo install gpsdrive-debuginfo

Sorry for the confusion.

Comment 4 Charles Curley 2007-07-16 18:09:40 UTC

Created attachment 159347 [details]
gdb trace

See the attached file.

Also, you should be able to find the nasa maps at

wget ftp://veftp.gsfc.nasa.gov/bluemarble/land_shallow_topo_east.tif.gz
wget ftp://veftp.gsfc.nasa.gov/bluemarble/land_shallow_topo_west.tif.gz

See http://article.gmane.org/gmane.comp.linux.gps/1437 for more info on them.

Comment 5 Kevin Fenzi 2007-07-16 23:46:19 UTC

I took a look at the suse gpsdrive version you were using before, and it only
has 2 patches in it, neither of which look like they have anything to do with
the problem at hand. 

I suspect it's a gcc issue. gpsdrive normally expects to be built with gcc3.

Comment 6 Kevin Fenzi 2007-11-06 02:58:31 UTC

Sorry for the delay here... ;( 
I poked around a bit more, but wasn't able to find the exact thing that needs
fixing. ;( 

Should I dig some more, or can we just close this bug?

Comment 7 Charles Curley 2007-11-06 14:35:17 UTC

With any luck this will go away in the new version, due to be released real soon
now. I'd say close it as "won't fix".

Comment 8 Kevin Fenzi 2007-11-06 16:28:54 UTC

ok. Thanks. 

Once 2.10 is out (Hopefully it will be someday now that pre4 was released), if
you could retest and we can reopen this if need be?