Bug 839391

Summary: Buffer overflow when attempting to run
Product: [Fedora] Fedora Reporter: Bill C. Riemers <briemers>
Component: twinkleAssignee: Kevin Fenzi <kevin>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 17CC: 130228, georgios, kevin, manuel.wolfshant
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-14 18:09:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bill C. Riemers 2012-07-11 19:49:30 UTC
Description of problem:

Whenever I try to run winkle I get a buffer overflow.

Version-Release number of selected component (if applicable):

twinkle-1.4.2-17.fc17.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Try and run twinkle
2.
3.
  
Actual results:

$ twinkle
*** buffer overflow detected ***: twinkle terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x394e9097e7]
/lib64/libc.so.6[0x394e9079a0]
/lib64/libccgnu2-1.8.so.0[0x3951028e73]
/lib64/libccgnu2-1.8.so.0(_ZN3ost8IPV4HostC1EPKc+0xa8)[0x39510295f8]
/lib64/libcommoncpp.so.5[0x3952c200e1]
/lib64/ld-linux-x86-64.so.2[0x394e00ee26]
/lib64/ld-linux-x86-64.so.2[0x394e00eee0]
/lib64/ld-linux-x86-64.so.2[0x394e00156a]
======= Memory map: ========
00400000-00714000 r-xp 00000000 fd:02 154810                             /usr/bin/twinkle
00913000-00919000 rw-p 00313000 fd:02 154810                             /usr/bin/twinkle
00b18000-00b66000 rw-p 00318000 fd:02 154810                             /usr/bin/twinkle
023ea000-0240b000 rw-p 00000000 00:00 0                                  [heap]
35f7400000-35f7534000 r-xp 00000000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7534000-35f7734000 ---p 00134000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7734000-35f7735000 r--p 00134000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7735000-35f773a000 rw-p 00135000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7800000-35f7810000 r-xp 00000000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7810000-35f7a10000 ---p 00010000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7a10000-35f7a11000 r--p 00010000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7a11000-35f7a12000 rw-p 00011000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7c00000-35f7c09000 r-xp 00000000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f7c09000-35f7e08000 ---p 00009000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f7e08000-35f7e09000 r--p 00008000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f7e09000-35f7e0a000 rw-p 00009000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f8000000-35f8007000 r-xp 00000000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8007000-35f8206000 ---p 00007000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8206000-35f8207000 r--p 00006000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8207000-35f8208000 rw-p 00007000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8400000-35f8402000 r-xp 00000000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8402000-35f8601000 ---p 00002000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8601000-35f8602000 r--p 00001000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8602000-35f8603000 rw-p 00002000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8800000-35f880e000 r-xp 00000000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f880e000-35f8a0d000 ---p 0000e000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f8a0d000-35f8a0e000 r--p 0000d000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f8a0e000-35f8a0f000 rw-p 0000e000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f8c00000-35f8c05000 r-xp 00000000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f8c05000-35f8e04000 ---p 00005000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f8e04000-35f8e05000 r--p 00004000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f8e05000-35f8e06000 rw-p 00005000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f9000000-35f9009000 r-xp 00000000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f9009000-35f9209000 ---p 00009000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f9209000-35f920a000 r--p 00009000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f920a000-35f920b000 rw-p 0000a000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f9400000-35f9404000 r-xp 00000000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9404000-35f9603000 ---p 00004000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9603000-35f9604000 r--p 00003000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9604000-35f9605000 rw-p 00004000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9800000-35f9914000 r-xp 00000000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35f9914000-35f9b13000 ---p 00114000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35f9b13000-35f9b18000 r--p 00113000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35f9b18000-35f9b1b000 rw-p 00118000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35fa800000-35fa807000 r-xp 00000000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35fa807000-35faa06000 ---p 00007000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35faa06000-35faa07000 r--p 00006000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35faa07000-35faa08000 rw-p 00007000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35fac00000-35fac27000 r-xp 00000000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fac27000-35fae27000 ---p 00027000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fae27000-35fae29000 r--p 00027000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fae29000-35fae2a000 rw-p 00029000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fb000000-35fb023000 r-xp 00000000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb023000-35fb223000 ---p 00023000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb223000-35fb226000 r--p 00023000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb226000-35fb227000 rw-p 00026000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb400000-35fb4b3000 r-xp 00000000 fd:02 150424                         /usr/lib64/libkabc.so.1.2.0
35fb4b3000-35fb6b3000 ---p 000b3000 fd:02 150424                         /usr/lib64/libkabc.so.1.2.0Aborted

Expected results:

A twinkle window should open.

Additional info:

I have an existing twinkle configuration created in an earlier version of fedora.  I don't know if that information is relevant.  I ran an strace and it still appears to be loading libraries at the time it crashes.   The last library it opens is /lib64/libnss_dns.so.2.  The buffer overflow appears to happen right after it finishes talking to the dns server on 127.0.0.1.

Bill

Comment 1 Kevin Fenzi 2012-07-14 18:09:39 UTC
This looks like another case of bug 833733

*** This bug has been marked as a duplicate of bug 833733 ***

Comment 2 George B. Magklaras 2012-07-24 12:56:48 UTC
I do not think you should close this bug, as the fix on bug 833733 does not work in f17. I am wearing the latest ucommon (Version: 5.2.3 Release: 1.fc17) and I still get the same error as the one above.

$ twinkle
*** buffer overflow detected ***: twinkle terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x32d07097c7]
/lib64/libc.so.6[0x32d0707980]
/lib64/libccgnu2-1.8.so.0(+0x28e73)[0x7fb2cad7be73]
/lib64/libccgnu2-1.8.so.0(_ZN3ost8IPV4HostC1EPKc+0xa8)[0x7fb2cad7c5f8]
/lib64/libcommoncpp.so.5(+0x20091)[0x7fb2ca8ec091]
/lib64/ld-linux-x86-64.so.2[0x32d020ee26]
/lib64/ld-linux-x86-64.so.2[0x32d020eee0]
/lib64/ld-linux-x86-64.so.2[0x32d020156a]
======= Memory map: ========
00400000-00714000 r-xp 00000000 08:01 339321                             /usr/bin/twinkle
00913000-00917000 rw-p 00313000 08:01 339321                             /usr/bin/twinkle
00917000-00919000 rw-p 00000000 00:00 0 
020db000-020fc000 rw-p 00000000 00:00 0                                  [heap]
32d0200000-32d0220000 r-xp 00000000 08:01 262779                         /usr/lib64/ld-2.15.so
32d041f000-32d0420000 r--p 0001f000 08:01 262779                         /usr/lib64/ld-2.15.so
32d0420000-32d0421000 rw-p 00020000 08:01 262779                         /usr/lib64/ld-2.15.so
32d0421000-32d0422000 rw-p 00000000 00:00 0 
32d0600000-32d07ac000 r-xp 00000000 08:01 262812                         /usr/lib64/libc-2.15.so
32d07ac000-32d09ac000 ---p 001ac000 08:01 262812                         /usr/lib64/libc-2.15.so
32d09ac000-32d09b0000 r--p 001ac000 08:01 262812                         /usr/lib64/libc-2.15.so
32d09b0000-32d09b2000 rw-p 001b0000 08:01 262812                         /usr/lib64/libc-2.15.so
32d09b2000-32d09b7000 rw-p 00000000 00:00 0 
32d0a00000-32d0a16000 r-xp 00000000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0a16000-32d0c16000 ---p 00016000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0c16000-32d0c17000 r--p 00016000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0c17000-32d0c18000 rw-p 00017000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0c18000-32d0c1c000 rw-p 00000000 00:00 0 
32d0e00000-32d0efa000 r-xp 00000000 08:01 263080                         /usr/lib64/libm-2.15.so
32d0efa000-32d10f9000 ---p 000fa000 08:01 263080                         /usr/lib64/libm-2.15.so
32d10f9000-32d10fa000 r--p 000f9000 08:01 263080                         /usr/lib64/libm-2.15.so
32d10fa000-32d10fb000 rw-p 000fa000 08:01 263080                         /usr/lib64/libm-2.15.so
32d1200000-32d1203000 r-xp 00000000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1203000-32d1402000 ---p 00003000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1402000-32d1403000 r--p 00002000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1403000-32d1404000 rw-p 00003000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1600000-32d1607000 r-xp 00000000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1607000-32d1806000 ---p 00007000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1806000-32d1807000 r--p 00006000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1807000-32d1808000 rw-p 00007000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1a00000-32d1a17000 r-xp 00000000 08:01 263367                         /usr/lib64/libz.so.1.2.5
32d1a17000-32d1c16000 ---p 00017000 08:01 263367                         /usr/lib64/libz.so.1.2.5
32d1c16000-32d1c17000 rw-p 00016000 08:01 263367                         /usr/lib64/libz.so.1.2.5
32d1e00000-32d1e1a000 r-xp 00000000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d1e1a000-32d2019000 ---p 0001a000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d2019000-32d201a000 r--p 00019000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d201a000-32d201b000 rw-p 0001a000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d2600000-32d2616000 r-xp 00000000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2616000-32d2816000 ---p 00016000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2816000-32d2817000 r--p 00016000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2817000-32d2818000 rw-p 00017000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2818000-32d281a000 rw-p 00000000 00:00 0 
32d3600000-32d3615000 r-xp 00000000 08:01 266817                         /usr/lib64/libgcc_s-4.7.0-20120507.so.1
32d3615000-32d3814000 ---p 00015000 08:01 266817                         /usr/lib64/libgcc_s-4.7.0-20120507.so.1
32d3814000-32d3815000 rw-p 00014000 08:01 266817                         /usr/lib64/libgcc_s-4.7.0-20120507.so.1
32d3a00000-32d3a3c000 r-xp 00000000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3a3c000-32d3c3b000 ---p 0003c000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3c3b000-32d3c3d000 r--p 0003b000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3c3d000-32d3c43000 rw-p 0003d000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3c43000-32d3c45000 rw-p 00000000 00:00 0 
32d3e00000-32d3e1d000 r-xp 00000000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d3e1d000-32d401c000 ---p 0001d000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d401c000-32d401d000 r--p 0001c000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d401d000-32d401e000 rw-p 0001d000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d4200000-32d4202000 r-xp 00000000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4202000-32d4402000 ---p 00002000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4402000-32d4403000 r--p 00002000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4403000-32d4404000 rw-p 00003000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4600000-32d4601000 r-xp 00000000 08:01 288430                         /usr/lib64/libutempter.so.1.1.5
32d4601000-32d4801000 ---p 00001000 08:01 288430                         /usr/lib64/libutempter.so.1.1.5
32d4801000-32d4802000 rw-p 00001000 08:01 288430                         /usr/lib64/libutempter.so.1.1.5
32d4e00000-32d4e10000 r-xp 00000000 08:01 281068                         /usr/lib64/libXext.so.6.4.0Aborted (core dumped)

Comment 3 Veerloos 2013-02-28 08:45:59 UTC
While this is a bug that should be fixed upstream, I found a workaround that allows end users to use twinkle as long as there's not real fix: make sure your hostname can be resolved through dns. Having your hostname listed in /etc/hosts is not enough.

Only if the command "host $(hostname)" gives a valid answer, I can start twinkle. So I fixed this by putting my hostname in my routers DNS server.

Hope this helps you guys. Btw, I'm running FC18.