From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: When using: $ lgrind -s the program has a buffer overflow as follows: $ lgrind -s When specifying a language case is insignificant. You can use the name of the language, or, where available, one of the synonyms in parantheses. Thus the following are legal and mark Tcl/Tk, Pascal and Fortran input, respectively: lgrind -ltcl/tk ... lgrind -lpaSCAL ... lgrind -lf ... The list of languages currently available in your lgrindef file: *** buffer overflow detected ***: lgrind terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x976565] lgrind[0x804c1c2] lgrind[0x804c4a2] /lib/libc.so.6(__libc_start_main+0xc6)[0x8acde6] lgrind[0x8048d51] ======= Memory map: ======== 001ed000-001ee000 r-xp 001ed000 00:00 0 00876000-00890000 r-xp 00000000 16:06 1082429 /lib/ld-2.3.5.so 00890000-00891000 r-xp 00019000 16:06 1082429 /lib/ld-2.3.5.so 00891000-00892000 rwxp 0001a000 16:06 1082429 /lib/ld-2.3.5.so 00898000-009bc000 r-xp 00000000 16:06 1082857 /lib/libc-2.3.5.so 009bc000-009be000 r-xp 00124000 16:06 1082857 /lib/libc-2.3.5.so 009be000-009c0000 rwxp 00126000 16:06 1082857 /lib/libc-2.3.5.so 009c0000-009c2000 rwxp 009c0000 00:00 0 00aef000-00af8000 r-xp 00000000 16:06 1083080 /lib/libgcc_s-4.0.1-20050727.so.1 00af8000-00af9000 rwxp 00009000 16:06 1083080 /lib/libgcc_s-4.0.1-20050727.so.1 08047000-0804f000 r-xp 00000000 16:06 2143060 /usr/bin/lgrind 0804f000-08050000 rw-p 00008000 16:06 2143060 /usr/bin/lgrind 08050000-0805c000 rw-p 08050000 00:00 0 09800000-09825000 rw-p 09800000 00:00 0 [heap] b7f36000-b7f37000 rw-p b7f36000 00:00 0 b7f5b000-b7f5d000 rw-p b7f5b000 00:00 0 bf847000-bf85d000 rw-p bf847000 00:00 0 [stack] Aborted The program also has a segfault when using: $ lgrind -l Segmentation fault Version-Release number of selected component (if applicable): tetex-lgrind-3.67-7.fc4 How reproducible: Always Steps to Reproduce: 1. Open a console 2. Type 'lgrind -s' Actual Results: See description above Expected Results: The program should list any installed language definition files Additional info:
tetex-lgrind belongs to Fedora Extras, not to Core, changing component. It looks pretty broken though...
Thanks for the correction. I did not recall installing it separately, but must have during a misc tetex* install from Extras.
Okay, package tetex-lgrind is without maintainer. I fixed the -l segfault, though. Parsing of options is severely broken by design. Can you please install the tetex-lgrind-debuginfo package and get a good backtrace within gdb. You're missing debug symbols. http://fedoraproject.org/wiki/StackTraces
Here ya go: (gdb) run -s Starting program: /usr/bin/lgrind -s Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0xac7000 When specifying a language case is insignificant. You can use the name of the language, or, where available, one of the synonyms in parantheses. Thus the following are legal and mark Tcl/Tk, Pascal and Fortran input, respectively: lgrind -ltcl/tk ... lgrind -lpaSCAL ... lgrind -lf ... The list of languages currently available in your lgrindef file: *** buffer overflow detected ***: /usr/bin/lgrind terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x976565] /usr/bin/lgrind[0x804c1c2] /usr/bin/lgrind[0x804c4a2] /lib/libc.so.6(__libc_start_main+0xc6)[0x8acde6] /usr/bin/lgrind[0x8048d51] ======= Memory map: ======== 00876000-00890000 r-xp 00000000 16:06 1082429 /lib/ld-2.3.5.so 00890000-00891000 r-xp 00019000 16:06 1082429 /lib/ld-2.3.5.so 00891000-00892000 rwxp 0001a000 16:06 1082429 /lib/ld-2.3.5.so 00898000-009bc000 r-xp 00000000 16:06 1082857 /lib/libc-2.3.5.so 009bc000-009be000 r-xp 00124000 16:06 1082857 /lib/libc-2.3.5.so 009be000-009c0000 rwxp 00126000 16:06 1082857 /lib/libc-2.3.5.so 009c0000-009c2000 rwxp 009c0000 00:00 0 00ac7000-00ac8000 r-xp 00ac7000 00:00 0 00aef000-00af8000 r-xp 00000000 16:06 1083080 /lib/libgcc_s-4.0.1-20050727.so.1 00af8000-00af9000 rwxp 00009000 16:06 1083080 /lib/libgcc_s-4.0.1-20050727.so.1 08047000-0804f000 r-xp 00000000 16:06 2143060 /usr/bin/lgrind 0804f000-08050000 rw-p 00008000 16:06 2143060 /usr/bin/lgrind 08050000-0805c000 rw-p 08050000 00:00 0 08baa000-08bcf000 rw-p 08baa000 00:00 0 [heap] b7f8c000-b7f8d000 rw-p b7f8c000 00:00 0 b7fb1000-b7fb3000 rw-p b7fb1000 00:00 0 bfc9d000-bfcb3000 rw-p bfc9d000 00:00 0 [stack] Program received signal SIGABRT, Aborted. 0x00ac7402 in __kernel_vsyscall () (gdb) bt #0 0x00ac7402 in __kernel_vsyscall () #1 0x008c01f8 in raise () from /lib/libc.so.6 #2 0x008c1948 in abort () from /lib/libc.so.6 #3 0x008f552a in __libc_message () from /lib/libc.so.6 #4 0x00976565 in __chk_fail () from /lib/libc.so.6 #5 0x0804c1c2 in Internal_Help_Language_List () at /usr/include/bits/stdio2.h:106 #6 0x0804c4a2 in main (argc=1, argv=0xbfcb0418) at lgrind.c:298 #7 0x008acde6 in __libc_start_main () from /lib/libc.so.6 #8 0x08048d51 in _start () (gdb) HTH
Does this fix it already? (I assume you know how to rebuild a src.rpm) http://home.arcor.de/ms2002sep/tmp/tetex-lgrind-3.67-9.src.rpm I still cannot reproduce it, and the code is designed quite insecurely.
Yep, that's got it: $ lgrind -s When specifying a language case is insignificant. You can use the name of the language, or, where available, one of the synonyms in parantheses. Thus the following are legal and mark Tcl/Tk, Pascal and Fortran input, respectively: lgrind -ltcl/tk ... lgrind -lpaSCAL ... lgrind -lf ... The list of languages currently available in your lgrindef file: Ada MLisp (Emacs Mock Lisp) Asm SML/NJ (ML) Asm68 Scheme (scm) BASIC model Batch (bat) Modula2 (mod2, m2) C Pascal (pas, p, bp) C++ (CC) PERL (pl) csh PostScript (ps) FORTRAN (f77, f) PROLOG Gnuplot Python (py) Icon RATFOR IDL RLaB ISP Russell Java SAS Kimwitu++ (kimw) SDL LaTeX sh LDL SICStus Lex src Linda SQL make Tcl/Tk (tcl, tk) MASM VisualBasic (vbasic) MATLAB VMSasm Mercury yacc (y) Thanks Michael! Great work!
tetex-lgrind-3.67-9.fc4 will include the fix