Bug 109642 - PATCH: pstack can segfault on certain binaries in strcpy
PATCH: pstack can segfault on certain binaries in strcpy
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pstack (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Depends On:
  Show dependency treegraph
Reported: 2003-11-10 10:51 EST by Neil Horman
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-12-19 09:41:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to avoid buffer overflows in strcpy (1.50 KB, patch)
2003-11-10 10:54 EST, Neil Horman
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2003:250 normal SHIPPED_LIVE Pstack bugfix errata 2003-12-19 00:00:00 EST
Red Hat Product Errata RHBA-2003:362 normal SHIPPED_LIVE Updated pstack packages include several bugfixes 2003-11-18 00:00:00 EST

  None (edit)
Description Neil Horman 2003-11-10 10:51:34 EST
Description of problem:
If pstack attempts to decode a stack in which a given function
signature is more than 256 characters, pstack will segfulat, due to a
buffer overrun error in symAddress

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.create a test program in which function signatures have 256 or more
2.run the program in a loop
3.run pstack on the program, and eventually pstack will segfault
Actual results:
pstack segfaults

Expected results:
pstack should display as much of each function signature as possible

Additional info:
Comment 1 Neil Horman 2003-11-10 10:54:58 EST
Created attachment 95877 [details]
patch to avoid buffer overflows in strcpy

This patch replaces the use of strcpy with strncpy and allows callers of
symAddress function to specify the length of the passed in buffer.  This avoids
the possibility of bufferoverflows which lead to the reported SIGSEGV
Comment 3 Roland McGrath 2003-11-11 17:05:44 EST
I have fixed the bug without imposing a length limitation on symbols.
Thanks for the report.
Comment 4 John Flanagan 2003-12-19 09:41:42 EST
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.