From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050308 Firefox/1.0.1 Fedora/1.0.1-5 Description of problem: Attaching strace to a running instance of X sometimes causes a buffer overflow to occur in strace. See attached typescript. Version-Release number of selected component (if applicable): strace-4.5.9-2 How reproducible: Sometimes Steps to Reproduce: 1. Ensure X is running 2. Ensure you are in a text virtual console (otherwise the machine might hang) 3. strace -e signal=all -p `pidof X` Actual Results: Buffer overflow error. See attachment. Expected Results: No buffer overflow error. Additional info:
Created attachment 112153 [details] Typescript created using /usr/bin/script I had to use /usr/bin/script to capture this, because the error gets written to /dev/tty, not stderr.
This should already be fixed in the rawhide package (4.5.10-1). Can you test that version?
It's still broken in 4.5.10-1.
This wasn't the bug I thought it was, but was a simple one. I've fixed it upstream.
Is this fixed in dist-fc4?
It looks like there is still a strace overflow in select() handling in the fc4 strace (strace-4.5.11-1): when stracing some test program I hit: select(4, [3], NULL, NULL, {120, 0}*** buffer overflow detected ***: strace terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x41d565] /lib/libc.so.6(__vsprintf_chk+0x0)[0x41ce30] /lib/libc.so.6(_IO_default_xsputn+0x97)[0x39fb58] /lib/libc.so.6(_IO_vfprintf+0xd92)[0x37aaf4] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x41ced1] /lib/libc.so.6(__sprintf_chk+0x30)[0x41ce24] strace[0x804f497] strace[0x804c879] strace[0x804ba80] /lib/libc.so.6(__libc_start_main+0xc6)[0x353de6] strace[0x80495d1]
strace-4.5.11-1 ( while stracing a monotone initial pull ) time(NULL) = 1119655481 ioctl(2, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0 write(2, "\rmonotone: [bytes in: 6.4M] [byt"..., 80) = 80 select(5, [4], [4], [4], {21600, 0}) = 1 (in [4], left {21600, 0}) select(5, [4], NULL, NULL, {21600, 0}) = 1 (in [4], left {21600, 0}) recv(4, "\224\275\fU \303Z\226]\177\0358w*b\271\3531\201\271\33"..., 4095, 0) =4095 time(NULL) = 1119655481 ioctl(2, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0 write(2, "\rmonotone: [bytes in: 6.4M] [byt"..., 80) = 80 select(5, [4], [4], [4], {21600, 0}) = 1 (in [4], left {21600, 0}) select(5, [4], NULL, NULL, {21600, 0}) = 1 (in [4], left {21600, 0}) recv(4, "\255\352:\342:f\344~\330\330\267\266\262D\265\307\230%"..., 4095, 0) =3742 time(NULL) = 1119655481 ioctl(2, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0 write(2, "\rmonotone: [bytes in: 6.4M] [byt"..., 80) = 80 select(5, [4], [4], [4], {21600, 0}*** buffer overflow detected ***: strace terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x8fc565] /lib/libc.so.6(__vsprintf_chk+0x0)[0x8fbe30] /lib/libc.so.6(_IO_default_xsputn+0x97)[0x87eb58] /lib/libc.so.6(_IO_vfprintf+0x1b05)[0x85a867] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x8fbed1] /lib/libc.so.6(__sprintf_chk+0x30)[0x8fbe24] strace[0x804f497] strace[0x804c879] strace[0x804ba80] /lib/libc.so.6(__libc_start_main+0xc6)[0x832de6] strace[0x80495d1] ======= Memory map: ======== 005a2000-005ab000 r-xp 00000000 fd:00 7373866 /lib/libgcc_s-4.0.0-20050520.so.1 005ab000-005ac000 rwxp 00009000 fd:00 7373866 /lib/libgcc_s-4.0.0-20050520.so.1 00800000-0081a000 r-xp 00000000 fd:00 7372821 /lib/ld-2.3.5.so 0081a000-0081b000 r-xp 00019000 fd:00 7372821 /lib/ld-2.3.5.so 0081b000-0081c000 rwxp 0001a000 fd:00 7372821 /lib/ld-2.3.5.so 0081e000-00942000 r-xp 00000000 fd:00 7372823 /lib/libc-2.3.5.so 00942000-00944000 r-xp 00124000 fd:00 7372823 /lib/libc-2.3.5.so 00944000-00946000 rwxp 00126000 fd:00 7372823 /lib/libc-2.3.5.so 00946000-00948000 rwxp 00946000 00:00 0 00af5000-00af6000 r-xp 00af5000 00:00 0 08047000-08071000 r-xp 00000000 fd:00 5941209 /usr/bin/strace 08071000-08072000 rw-p 0002a000 fd:00 5941209 /usr/bin/strace 08072000-08079000 rw-p 08072000 00:00 0 09913000-09934000 rw-p 09913000 00:00 0 [heap] b7f60000-b7f61000 rw-p b7f60000 00:00 0 b7f70000-b7f71000 rw-p b7f70000 00:00 0 bfe5b000-bfe71000 rw-p bfe5b000 00:00 0 [stack] Aborted
This is fixed upstream. New package shortly.
I also wanted to report strace dying with a buffer overflow in select(). # strace -p `pidof dhcpd` Process 26092 attached - interrupt to quit --- SIGSTOP (Stopped (signal)) @ 0 (0) --- --- SIGSTOP (Stopped (signal)) @ 0 (0) --- select(8, [4 6 7], [], [], {86373, 168000} *** buffer overflow detected ***: strace terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x3fd565] /lib/libc.so.6(__vsprintf_chk+0x0)[0x3fce30] /lib/libc.so.6(_IO_default_xsputn+0x97)[0x37fb58] /lib/libc.so.6(_IO_vfprintf+0x1b05)[0x35b867] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x3fced1] /lib/libc.so.6(__sprintf_chk+0x30)[0x3fce24] strace[0x804f497] strace[0x804c879] strace[0x804ba80] /lib/libc.so.6(__libc_start_main+0xc6)[0x333de6] strace[0x80495d1] ======= Memory map: ======== 002fd000-00317000 r-xp 00000000 fd:00 2783627 /lib/ld-2.3.5.so 00317000-00318000 r-xp 00019000 fd:00 2783627 /lib/ld-2.3.5.so 00318000-00319000 rwxp 0001a000 fd:00 2783627 /lib/ld-2.3.5.so 0031f000-00443000 r-xp 00000000 fd:00 2783628 /lib/libc-2.3.5.so 00443000-00445000 r-xp 00124000 fd:00 2783628 /lib/libc-2.3.5.so 00445000-00447000 rwxp 00126000 fd:00 2783628 /lib/libc-2.3.5.so 00447000-00449000 rwxp 00447000 00:00 0 00689000-00692000 r-xp 00000000 fd:00 2783632 /lib/libgcc_s-4.0.0-20050520.so.1 00692000-00693000 rwxp 00009000 fd:00 2783632 /lib/libgcc_s-4.0.0-20050520.so.1 08047000-08071000 r-xp 00000000 fd:00 3545407 /usr/bin/strace 08071000-08072000 rwxp 0002a000 fd:00 3545407 /usr/bin/strace 08072000-08079000 rwxp 08072000 00:00 0 09ac0000-09ae1000 rwxp 09ac0000 00:00 0 [heap] b7f9c000-b7f9e000 rwxp b7f9c000 00:00 0 b7fb9000-b7fba000 r-xp b7fb9000 00:00 0 bfda5000-bfdba000 rw-p bfda5000 00:00 0 [stack] Abort Where do we get the new package?
4.5.14 is in fc4 updates and in fc5