Bug 538770
| Summary: | libtar: tar_append_tree() broken | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Novotny <dnovotny> | ||||
| Component: | libtar | Assignee: | Huzaifa S. Sidhpurwala <huzaifas> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 12 | CC: | huzaifas, steve.traylen | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 1.2.11-15.fc12 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-12-17 23:51:18 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 370317 [details]
a simple program which crashes in libtar
(gdb) bt
#0 0x0023b424 in __kernel_vsyscall ()
#1 0x00449a81 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0x0044b34a in abort () at abort.c:92
#3 0x00486e5d in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#4 0x00512c5d in __fortify_fail (msg=<value optimized out>) at fortify_fail.c:32
#5 0x00510d7a in __chk_fail () at chk_fail.c:29
#6 0x00510366 in __strncpy_chk (s1=<value optimized out>, s2=<value optimized out>, n=<value optimized out>, s1len=<value optimized out>)
at strncpy_chk.c:34
#7 0x002c556a in strncpy (__len=8, __src=0x69d3 <Address 0x69d3 out of bounds>, __dest=<value optimized out>) at /usr/include/bits/string3.h:122
#8 th_finish (__len=8, __src=0x69d3 <Address 0x69d3 out of bounds>, __dest=<value optimized out>) at encode.c:33
#9 0x002c4cf8 in th_write (t=<value optimized out>) at block.c:363
#10 0x002c4380 in tar_append_file (t=<value optimized out>, realname=<value optimized out>, savename=<value optimized out>) at append.c:169
#11 0x002c7db4 in tar_append_tree (t=<value optimized out>, realdir=<value optimized out>, savedir=<value optimized out>) at wrapper.c:107
#12 0x08048bd5 in create_tar (archive_name=0xbffff86d "foo.tar", directory=0xbffff875 "rpm") at create_archive.c:68
#13 0x08048ed7 in create_archive (archive_name=0xbffff86d "foo.tar", directory=0xbffff875 "rpm") at create_archive.c:141
#14 0x08048f62 in main (argc=3, argv=0xbffff714) at create_archive.c:155
(gdb)
libtar-1.2.11-15.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libtar-1.2.11-15.fc12 Hi, Please try libtar-1.2.11-15.fc12, This fixes the issue. yes, this works, thanks Does this hit the epel builds as well. libtar-1.2.11-13.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/libtar-1.2.11-13.el5 libtar-1.2.11-15.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libtar'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11903 libtar-1.2.11-13.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libtar'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0895 libtar-1.2.11-13.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. libtar-1.2.11-15.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: we are developing ABRT component for Fedora and need to create archives. this simple code int create_tar(const char * archive_name, const char * directory) { TAR *tar; tar_open(&tar, (char *)archive_name, NULL, O_WRONLY | O_CREAT, 0644, TAR_GNU); tar_append_tree(tar, (char *)directory, "."); tar_close(tar); return 0; } crashes, but it worked before (in F11 and older rawhide) the crash is this: [danny@rawhide ca]$ ./create_archive xx.tar ~/ca *** buffer overflow detected ***: ./create_archive terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x4d)[0x21d70d] /lib/libc.so.6[0x21b79a] /lib/libc.so.6(__strncpy_chk+0x176)[0x21ad86] /usr/lib/libtar.so.1(th_finish+0x4a)[0x64f56a] /usr/lib/libtar.so.1(th_write+0x388)[0x64ecf8] /usr/lib/libtar.so.1(tar_append_file+0x1a0)[0x64e380] /usr/lib/libtar.so.1(tar_append_tree+0x54)[0x651db4] ./create_archive[0x8048bd5] ./create_archive[0x8048ed7] ./create_archive[0x8048f62] /lib/libc.so.6(__libc_start_main+0xe6)[0x13cb36] ./create_archive[0x80489a1] ======= Memory map: ======== 00102000-00122000 r-xp 00000000 fd:00 188536 /lib/ld-2.10.90.so 00122000-00123000 r--p 0001f000 fd:00 188536 /lib/ld-2.10.90.so 00123000-00124000 rw-p 00020000 fd:00 188536 /lib/ld-2.10.90.so 00126000-0029a000 r-xp 00000000 fd:00 188569 /lib/libc-2.10.90.so 0029a000-0029b000 ---p 00174000 fd:00 188569 /lib/libc-2.10.90.so 0029b000-0029d000 r--p 00174000 fd:00 188569 /lib/libc-2.10.90.so 0029d000-0029e000 rw-p 00176000 fd:00 188569 /lib/libc-2.10.90.so 0029e000-002a1000 rw-p 00000000 00:00 0 0040d000-0040e000 r-xp 00000000 00:00 0 [vdso] 004a1000-004b1000 r-xp 00000000 fd:00 188894 /lib/libbz2.so.1.0.4 004b1000-004b2000 rw-p 00010000 fd:00 188894 /lib/libbz2.so.1.0.4 0064c000-00654000 r-xp 00000000 fd:00 34056 /usr/lib/libtar.so.1.2.11 00654000-00655000 rw-p 00008000 fd:00 34056 /usr/lib/libtar.so.1.2.11 00655000-00657000 rw-p 00000000 00:00 0 00726000-00738000 r-xp 00000000 fd:00 188652 /lib/libz.so.1.2.3 00738000-00739000 rw-p 00011000 fd:00 188652 /lib/libz.so.1.2.3 0095f000-00969000 r-xp 00000000 fd:00 39468 /usr/lib/libzip.so.1.0.0 00969000-0096a000 rw-p 00009000 fd:00 39468 /usr/lib/libzip.so.1.0.0 00d72000-00d9c000 r-xp 00000000 fd:00 188576 /lib/libgcc_s-4.4.1-20090725.so.1 00d9c000-00d9d000 rw-p 00029000 fd:00 188576 /lib/libgcc_s-4.4.1-20090725.so.1 00edf000-00eea000 r-xp 00000000 fd:00 188685 /lib/libnss_files-2.10.90.so 00eea000-00eeb000 r--p 0000a000 fd:00 188685 /lib/libnss_files-2.10.90.so 00eeb000-00eec000 rw-p 0000b000 fd:00 188685 /lib/libnss_files-2.10.90.so 08048000-0804a000 r-xp 00000000 fd:00 314441 /home/danny/ca/create_archive 0804a000-0804b000 rw-p 00001000 fd:00 314441 /home/danny/ca/create_archive 09816000-09837000 rw-p 00000000 00:00 0 [heap] b7ee4000-b7ee6000 rw-p 00000000 00:00 0 b7f01000-b7f02000 rw-p 00000000 00:00 0 bf963000-bf978000 rw-p 00000000 00:00 0 [stack] Aborted (core dumped) Version-Release number of selected component (if applicable): libtar-1.2.11-14.fc12.i686 How reproducible: always Steps to Reproduce: 1. compile the program in the attachment ("make") 2. run it ("./create_archive foo.tar some_dir/") 3. watch the crash Actual results: crash, seen above Expected results: tar archive to be created Additional info: there's a little annoyance, that the char * parameters with path and filename are not const char *, so I have to do this ugly typecast. this isn't worth bugzilla entry by itself, but as I'm already creating one, I can mention that as well