Bug 305071

Summary: 2.0.0.6-9.fc8 crashes with buffer overflow immediately
Product: [Fedora] Fedora Reporter: Mamoru TASAKA <mtasaka>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: high    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-26 04:08:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 257221    

Description Mamoru TASAKA 2007-09-25 13:39:20 UTC 
Description of problem:
Just lauching firefox 2.0.0.6-9.fc8 crashes with buffer overflow
immediately

How reproducible:
100%

Steps to Reproduce:
1. Just type "firefox"
  
Actual results:
[tasaka1@localhost i386]$ ( LANG=C ; firefox 2>&1 | tee FIREFOX.log )
*** buffer overflow detected ***: /usr/lib/firefox-2.0.0.6/firefox-bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xe43c58]
/lib/libc.so.6[0xe42300]
/lib/libc.so.6[0xe42a28]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x804b803]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x80531b7]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x80503a9]
/usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x2c0)[0x804abf0]
/lib/libc.so.6(__libc_start_main+0xe0)[0xd71320]
/usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x1e1)[0x804ab11]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-001c2000 r-xp 00000000 fd:02 53737     
/usr/lib/firefox-2.0.0.6/libmozjs.so
001c2000-001c7000 rwxp 000b0000 fd:02 53737     
/usr/lib/firefox-2.0.0.6/libmozjs.so
001c7000-001ca000 r-xp 00000000 fd:02 53739     
/usr/lib/firefox-2.0.0.6/libxpcom.so
001ca000-001cb000 rwxp 00002000 fd:02 53739     
/usr/lib/firefox-2.0.0.6/libxpcom.so
001cb000-002a7000 r-xp 00000000 fd:02 53744     
/usr/lib/firefox-2.0.0.6/libxpcom_core.so
002a7000-002af000 rwxp 000db000 fd:02 53744     
/usr/lib/firefox-2.0.0.6/libxpcom_core.so
002af000-006af000 r-xp 00000000 fd:02 1158155    /usr/lib/libgtk-x11-2.0.so.0.1200.0
006af000-006b5000 rwxp 003ff000 fd:02 1158155    /usr/lib/libgtk-x11-2.0.so.0.1200.0
006b5000-006b6000 rwxp 006b5000 00:00 0 
006b6000-006d0000 r-xp 00000000 fd:02 1159309    /usr/lib/libatk-1.0.so.0.2009.1
006d0000-006d2000 rwxp 0001a000 fd:02 1159309    /usr/lib/libatk-1.0.so.0.2009.1
006d2000-006dd000 r-xp 00000000 fd:00 49283      /lib/libgcc_s-4.1.2-20070821.so.1
006dd000-006de000 rwxp 0000a000 fd:00 49283      /lib/libgcc_s-4.1.2-20070821.so.1
006de000-006ed000 r-xp 00000000 fd:02 1158112    /usr/lib/libXext.so.6.4.0
006ed000-006ee000 rwxp 0000e000 fd:02 1158112    /usr/lib/libXext.so.6.4.0
006f2000-0070d000 r-xp 00000000 fd:00 51368      /lib/ld-2.6.90.so
0070d000-0070e000 r-xp 0001a000 fd:00 51368      /lib/ld-2.6.90.so
0070e000-0070f000 rwxp 0001b000 fd:00 51368      /lib/ld-2.6.90.so
0070f000-007a6000 r-xp 00000000 fd:02 1158149    /usr/lib/libgdk-x11-2.0.so.0.1200.0
007a6000-007a9000 rwxp 00096000 fd:02 1158149    /usr/lib/libgdk-x11-2.0.so.0.1200.0
007a9000-007e7000 r-xp 00000000 fd:02 1159290    /usr/lib/libpango-1.0.so.0.1800.2
007e7000-007e9000 rwxp 0003e000 fd:02 1159290    /usr/lib/libpango-1.0.so.0.1800.2
007e9000-0086a000 r-xp 00000000 fd:02 1158035    /usr/lib/libcairo.so.2.11.5
0086a000-0086c000 rwxp 00081000 fd:02 1158035    /usr/lib/libcairo.so.2.11.5
0086c000-00893000 r-xp 00000000 fd:00 51785      /lib/libm-2.6.90.so
00893000-00894000 r-xp 00026000 fd:00 51785      /lib/libm-2.6.90.so
00894000-00895000 rwxp 00027000 fd:00 51785      /lib/libm-2.6.90.so
00896000-00899000 r-xp 00000000 fd:00 51786      /lib/libdl-2.6.90.so
00899000-0089a000 r-xp 00002000 fd:00 51786      /lib/libdl-2.6.90.so
0089a000-0089b000 rwxp 00003000 fd:00 51786      /lib/libdl-2.6.90.so
0089d000-008b2000 r-xp 00000000 fd:00 51782      /lib/libpthread-2.6.90.so
008b2000-008b3000 r-xp 00014000 fd:00 51782      /lib/libpthread-2.6.90.so
008b3000-008b4000 rwxp 00015000 fd:00 51782      /lib/libpthread-2.6.90.so
008b4000-008b6000 rwxp 008b4000 00:00 0 
008b6000-008dd000 r-xp 00000000 fd:02 1159292    /usr/lib/libfontconfig.so.1.2.0
008dd000-008e5000 rwxp 00027000 fd:02 1159292    /usr/lib/libfontconfig.so.1.2.0
008e5000-008ed000 r-xp 00000000 fd:02 1152136    /usr/lib/libXrender.so.1.3.0
008ed000-008ee000 rwxp 00007000 fd:02 1152136    /usr/lib/libXrender.so.1.3.0
008f1000-008f5000 r-xp 00000000 fd:02 1158145    /usr/lib/libXfixes.so.3.1.0
008f5000-008f6000 rwxp 00003000 fd:02 1158145    /usr/lib/libXfixes.so.3.1.0
008f8000-008fa000 r-xp 00000000 fd:02 1158113    /usr/lib/libXinerama.so.1.0.0
008fa000-008fb000 rwxp 00001000 fd:02 1158113    /usr/lib/libXinerama.so.1.0.0
008fb000-00903000 r-xp 00000000 fd:02 843870     /usr/lib/libXi.so.6.0.0
00903000-00904000 rwxp 00007000 fd:02 843870     /usr/lib/libXi.so.6.0.0

Additional info:
Reverting to -8.fc8 is okay
Comment 1 Matthias Clasen 2007-09-25 16:09:59 UTC 
This is PATH_MAX <-> MAXPATHLEN confusion in realpath calls.
Comment 2 Mamoru TASAKA 2007-09-26 04:08:32 UTC 
-10 does not crash, Thank you!