Bug 601140

Summary: hal-disable-polling segfaults on a symlink
Product: Red Hat Enterprise Linux 6 Reporter: Gordan Bobic <gordan>
Component: halAssignee: Richard Hughes <rhughes>
Status: CLOSED DUPLICATE QA Contact: desktop-bugs <desktop-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: mclasen
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-21 18:11:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gordan Bobic 2010-06-07 10:15:14 UTC 
Description of problem:
When hal-disable-polling is invoked on a symlink, a buffer-overflow causes a segfault.

Version-Release number of selected component (if applicable):
hal-0.5.14-1.el6.x86_64

How reproducible:
Every time.

Steps to Reproduce:
hal-disable-polling --device /dev/cdrom
  
Actual results:
*** buffer overflow detected ***: hal-disable-polling terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x34620f7687]
/lib64/libc.so.6[0x34620f56a0]
/lib64/libc.so.6[0x34620f5cfb]
hal-disable-polling[0x40148b]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x346201eb1d]
hal-disable-polling[0x400e49]
======= Memory map: ========
00400000-00403000 r-xp 00000000 08:02 1555886                            /usr/bin/hal-disable-polling
00602000-00603000 rw-p 00002000 08:02 1555886                            /usr/bin/hal-disable-polling
013b0000-013d1000 rw-p 00000000 00:00 0                                  [heap]
3461800000-346181e000 r-xp 00000000 08:02 1571141                        /lib64/ld-2.11.1.so
3461a1d000-3461a1e000 r--p 0001d000 08:02 1571141                        /lib64/ld-2.11.1.so
3461a1e000-3461a1f000 rw-p 0001e000 08:02 1571141                        /lib64/ld-2.11.1.so
3461a1f000-3461a20000 rw-p 00000000 00:00 0 
3462000000-3462170000 r-xp 00000000 08:02 1571142                        /lib64/libc-2.11.1.so
3462170000-346236f000 ---p 00170000 08:02 1571142                        /lib64/libc-2.11.1.so
346236f000-3462373000 r--p 0016f000 08:02 1571142                        /lib64/libc-2.11.1.so
3462373000-3462374000 rw-p 00173000 08:02 1571142                        /lib64/libc-2.11.1.so
3462374000-3462379000 rw-p 00000000 00:00 0 
3462800000-3462817000 r-xp 00000000 08:02 1571150                        /lib64/libpthread-2.11.1.so
3462817000-3462a16000 ---p 00017000 08:02 1571150                        /lib64/libpthread-2.11.1.so
3462a16000-3462a17000 r--p 00016000 08:02 1571150                        /lib64/libpthread-2.11.1.so
3462a17000-3462a18000 rw-p 00017000 08:02 1571150                        /lib64/libpthread-2.11.1.so
3462a18000-3462a1c000 rw-p 00000000 00:00 0 
3463000000-3463007000 r-xp 00000000 08:02 1571160                        /lib64/librt-2.11.1.so
3463007000-3463206000 ---p 00007000 08:02 1571160                        /lib64/librt-2.11.1.so
3463206000-3463207000 r--p 00006000 08:02 1571160                        /lib64/librt-2.11.1.so
3463207000-3463208000 rw-p 00007000 08:02 1571160                        /lib64/librt-2.11.1.so
3463800000-34638e4000 r-xp 00000000 08:02 1571156                        /lib64/libglib-2.0.so.0.2200.3
34638e4000-3463ae4000 ---p 000e4000 08:02 1571156                        /lib64/libglib-2.0.so.0.2200.3
3463ae4000-3463ae5000 rw-p 000e4000 08:02 1571156                        /lib64/libglib-2.0.so.0.2200.3
3463ae5000-3463ae6000 rw-p 00000000 00:00 0 
3465800000-346583f000 r-xp 00000000 08:02 1571164                        /lib64/libdbus-1.so.3.4.0
346583f000-3465a3f000 ---p 0003f000 08:02 1571164                        /lib64/libdbus-1.so.3.4.0
3465a3f000-3465a40000 r--p 0003f000 08:02 1571164                        /lib64/libdbus-1.so.3.4.0
3465a40000-3465a41000 rw-p 00040000 08:02 1571164                        /lib64/libdbus-1.so.3.4.0
346bc00000-346bc10000 r-xp 00000000 08:02 1613175                        /usr/lib64/libhal.so.1.0.0
346bc10000-346be0f000 ---p 00010000 08:02 1613175                        /usr/lib64/libhal.so.1.0.0
346be0f000-346be10000 rw-p 0000f000 08:02 1613175                        /usr/lib64/libhal.so.1.0.0
7f9253e2f000-7f9253e45000 r-xp 00000000 08:02 1571162                    /lib64/libgcc_s-4.4.3-20100121.so.1
7f9253e45000-7f9254044000 ---p 00016000 08:02 1571162                    /lib64/libgcc_s-4.4.3-20100121.so.1
7f9254044000-7f9254045000 rw-p 00015000 08:02 1571162                    /lib64/libgcc_s-4.4.3-20100121.so.1
7f9254045000-7f925404a000 rw-p 00000000 00:00 0 
7f925405d000-7f925405e000 rw-p 00000000 00:00 0 
7fff68202000-7fff68217000 rw-p 00000000 00:00 0                          [stack]
7fff68249000-7fff6824a000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)


Additional info:
Calling the same command on the device node the link points to works:
# hal-disable-polling --device /dev/sr0
Polling for drive /dev/sr0 have been disabled. The fdi file written was
  /etc/hal/fdi/information/media-check-disable-storage_model_DVD_RAM_UJ_842.fdi
Comment 2 RHEL Program Management 2010-06-07 17:03:46 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Matthias Clasen 2010-06-21 18:11:40 UTC 

*** This bug has been marked as a duplicate of bug 592403 ***