Bug 167947 - *** buffer overflow detected ***: /usr/bin/pilot-xfer terminated
*** buffer overflow detected ***: /usr/bin/pilot-xfer terminated
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: pilot-link (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-09 15:11 EDT by kloczek
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-14 12:24:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Avoid buffer overflow detection by passing casted version of pi_sockaddr (492 bytes, patch)
2006-04-18 10:22 EDT, Andrew Gilmore
no flags Details | Diff
Grabbed from another source somewhere, changes pathlength to specs (560 bytes, patch)
2006-04-18 10:23 EDT, Andrew Gilmore
no flags Details | Diff

  None (edit)
Description kloczek 2005-09-09 15:11:53 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.11) Gecko/20050901 Epiphany/1.8.0

Description of problem:
During start pilot-xfer before press hot sync button on pilot pilot-xfer fails with:

(gdb) run
Starting program: /usr/bin/pilot-xfer -l -p /dev/ttyUSB0
*** buffer overflow detected ***: /usr/bin/pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xc48495]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0xc48ac0]
/usr/lib/libpisock.so.9[0x31a9f4f]
/usr/lib/libpisock.so.9(pi_bind+0x54)[0x31ad43c]
/usr/bin/pilot-xfer[0x804ee6b]
/usr/bin/pilot-xfer[0x804dc97]
/lib/libc.so.6(__libc_start_main+0xdf)[0xb7f4ff]
/usr/bin/pilot-xfer[0x804a151]
======= Memory map: ========
009c9000-009d2000 r-xp 00000000 fd:01 671807     /lib/libgcc_s-4.0.1-20050906.so.1
009d2000-009d3000 rwxp 00009000 fd:01 671807     /lib/libgcc_s-4.0.1-20050906.so.1
009d9000-009e0000 r-xp 00000000 fd:01 1393853    /usr/lib/libpopt.so.0.0.0
009e0000-009e1000 rwxp 00007000 fd:01 1393853    /usr/lib/libpopt.so.0.0.0
00b4d000-00b66000 r-xp 00000000 fd:01 671755     /lib/ld-2.3.90.so
00b66000-00b67000 r-xp 00018000 fd:01 671755     /lib/ld-2.3.90.so
00b67000-00b68000 rwxp 00019000 fd:01 671755     /lib/ld-2.3.90.so
00b6a000-00c8f000 r-xp 00000000 fd:01 671757     /lib/libc-2.3.90.so
00c8f000-00c91000 r-xp 00124000 fd:01 671757     /lib/libc-2.3.90.so
00c91000-00c93000 rwxp 00126000 fd:01 671757     /lib/libc-2.3.90.so
00c93000-00c95000 rwxp 00c93000 00:00 0
03187000-031b9000 r-xp 00000000 fd:01 1393051    /usr/lib/libpisock.so.9.0.0
031b9000-031bd000 rwxp 00031000 fd:01 1393051    /usr/lib/libpisock.so.9.0.0
08048000-08052000 r-xp 00000000 fd:01 1345295    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 fd:01 1345295    /usr/bin/pilot-xfer
09055000-09076000 rw-p 09055000 00:00 0          [heap]
b7fde000-b7fe0000 rw-p b7fde000 00:00 0
bffeb000-c0000000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

Program received signal SIGABRT, Aborted.
0x00b4d7f2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0  0x00b4d7f2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00b928f8 in raise () from /lib/libc.so.6
#2  0x00b94068 in abort () from /lib/libc.so.6
#3  0x00bc7a0a in __libc_message () from /lib/libc.so.6
#4  0x00c48495 in __chk_fail () from /lib/libc.so.6
#5  0x00c48ac0 in __realpath_chk () from /lib/libc.so.6
#6  0x031a9f4f in pi_serial_bind (ps=0x9055710, addr=0xbfffe43a, addrlen=258) at /usr/include/bits/stdlib.h:35
#7  0x031ad43c in pi_bind (pi_sd=6, port=0x90554a0 "/dev/ttyUSB0") at socket.c:1063
#8  0x0804ee6b in plu_connect () at userland.c:57
#9  0x0804dc97 in main (argc=4, argv=0xbfffee34) at pilot-xfer.c:2511
#10 0x00b7f4ff in __libc_start_main () from /lib/libc.so.6
#11 0x0804a151 in _start ()
(gdb)


Version-Release number of selected component (if applicable):
pilot-link-0.12.0-0.pre4.5

How reproducible:
Always

Steps to Reproduce:
run "pilot-xfer -l -p /dev/ttyUSB0" (I have handsprig visor) before pressing hot sync button.


Additional info:
Comment 1 Ngo Than 2005-09-09 17:32:54 EDT
could you please install the pilot-link-debuginfo-0.12.0-0.pre4.5 package and
try again to get a better backtrace. Thanks
Comment 2 Ngo Than 2005-09-12 05:15:42 EDT
Im not able to reproduce this problem with palm Vx and Tungsten T5! 
 
Comment 3 Ngo Than 2005-09-27 08:29:06 EDT
i presume it's already fixed in this version. Please reopen it if it still 
appears. Many thanks for your report 
 
Comment 4 kloczek 2005-09-28 10:25:57 EDT
(In reply to comment #1)
> could you please install the pilot-link-debuginfo-0.12.0-0.pre4.5 package and
> try again to get a better backtrace. Thanks

Look again on my report.
It *was* reported on installed pilot-link-debuginfo-0.12.0-0.pre4.5 (in back
trace are file names and line numbers).
Comment 5 kloczek 2005-09-28 10:38:13 EDT
(In reply to comment #3)
> i presume it's already fixed in this version. Please reopen it if it still 
> appears. Many thanks for your report 
>  

I'm produce this raport on 0.12.0-0.pre4.5 and this version still is avalable as
last.

[root@test1 ~]# rpm -q pilot-link pilot-link-debuginfo
pilot-link-0.12.0-0.pre4.5
pilot-link-debuginfo-0.12.0-0.pre4.5
[root@test1 ~]# gdb /usr/bin/pilot-xfer
GNU gdb Red Hat Linux (6.3.0.0-1.65rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) set args -l -p /dev/ttyUSB0
(gdb) r
Starting program: /usr/bin/pilot-xfer -l -p /dev/ttyUSB0
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0x309000
*** buffer overflow detected ***: /usr/bin/pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x778735]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0x778d60]
/usr/lib/libpisock.so.9[0x7df7f4f]
/usr/lib/libpisock.so.9(pi_bind+0x54)[0x7dfb43c]
/usr/bin/pilot-xfer[0x804ee6b]
/usr/bin/pilot-xfer[0x804dc97]
/lib/libc.so.6(__libc_start_main+0xdf)[0x6af4ff]
/usr/bin/pilot-xfer[0x804a151]
======= Memory map: ========
00309000-0030a000 r-xp 00309000 00:00 0          [vdso]
00603000-0060a000 r-xp 00000000 fd:01 1393094    /usr/lib/libpopt.so.0.0.0
0060a000-0060b000 rwxp 00007000 fd:01 1393094    /usr/lib/libpopt.so.0.0.0
0067d000-00696000 r-xp 00000000 fd:01 671853     /lib/ld-2.3.90.so
00696000-00697000 r-xp 00018000 fd:01 671853     /lib/ld-2.3.90.so
00697000-00698000 rwxp 00019000 fd:01 671853     /lib/ld-2.3.90.so
0069a000-007bf000 r-xp 00000000 fd:01 675970     /lib/libc-2.3.90.so
007bf000-007c1000 r-xp 00125000 fd:01 675970     /lib/libc-2.3.90.so
007c1000-007c3000 rwxp 00127000 fd:01 675970     /lib/libc-2.3.90.so
007c3000-007c5000 rwxp 007c3000 00:00 0
00bcd000-00bd6000 r-xp 00000000 fd:01 675655     /lib/libgcc_s-4.0.1-20050919.so.1
00bd6000-00bd7000 rwxp 00009000 fd:01 675655     /lib/libgcc_s-4.0.1-20050919.so.1
07dd5000-07e07000 r-xp 00000000 fd:01 1605879    /usr/lib/libpisock.so.9.0.0
07e07000-07e0b000 rwxp 00031000 fd:01 1605879    /usr/lib/libpisock.so.9.0.0
08048000-08052000 r-xp 00000000 fd:01 1344347    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 fd:01 1344347    /usr/bin/pilot-xfer
094cc000-094ed000 rw-p 094cc000 00:00 0          [heap]
b7f68000-b7f6a000 rw-p b7f68000 00:00 0
bfb73000-bfb89000 rw-p bfb73000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0x00309402 in __kernel_vsyscall ()
(gdb) bt
#0  0x00309402 in __kernel_vsyscall ()
#1  0x006c2908 in raise () from /lib/libc.so.6
#2  0x006c4078 in abort () from /lib/libc.so.6
#3  0x006f7a7a in __libc_message () from /lib/libc.so.6
#4  0x00778735 in __chk_fail () from /lib/libc.so.6
#5  0x00778d60 in __realpath_chk () from /lib/libc.so.6
#6  0x07df7f4f in pi_serial_bind (ps=0x94cc710, addr=0xbfb850da, addrlen=258) at
/usr/include/bits/stdlib.h:35
#7  0x07dfb43c in pi_bind (pi_sd=6, port=0x94cc4a0 "/dev/ttyUSB0") at socket.c:1063
#8  0x0804ee6b in plu_connect () at userland.c:57
#9  0x0804dc97 in main (argc=4, argv=0xbfb85ad4) at pilot-xfer.c:2511
#10 0x006af4ff in __libc_start_main () from /lib/libc.so.6
#11 0x0804a151 in _start ()
Comment 6 Tom "spot" Callaway 2005-10-17 11:03:30 EDT
I am able to reproduce this with my Treo 650 on pilot-link-0.12.0-0.pre4.5:

[spot@swoop ~]$ pilot-xfer -l -p /dev/ttyUSB1
*** buffer overflow detected ***: pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x1df965]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0x1dff98]
/usr/lib/libpisock.so.9[0xbb0f4f]
/usr/lib/libpisock.so.9(pi_bind+0x54)[0xbb443c]
pilot-xfer[0x804ee6b]
pilot-xfer[0x804dc97]
/lib/libc.so.6(__libc_start_main+0xdf)[0x11650f]
pilot-xfer[0x804a151]
======= Memory map: ========
00101000-00226000 r-xp 00000000 fd:00 6124055    /lib/libc-2.3.90.so
00226000-00228000 r-xp 00125000 fd:00 6124055    /lib/libc-2.3.90.so
00228000-0022a000 rwxp 00127000 fd:00 6124055    /lib/libc-2.3.90.so
0022a000-0022c000 rwxp 0022a000 00:00 0
00600000-00607000 r-xp 00000000 fd:00 7079564    /usr/lib/libpopt.so.0.0.0
00607000-00608000 rwxp 00007000 fd:00 7079564    /usr/lib/libpopt.so.0.0.0
0086c000-0086d000 r-xp 0086c000 00:00 0          [vdso]
00b8e000-00bc0000 r-xp 00000000 fd:00 7079990    /usr/lib/libpisock.so.9.0.0
00bc0000-00bc4000 rwxp 00031000 fd:00 7079990    /usr/lib/libpisock.so.9.0.0
00cbe000-00cd7000 r-xp 00000000 fd:00 6124054    /lib/ld-2.3.90.so
00cd7000-00cd8000 r-xp 00018000 fd:00 6124054    /lib/ld-2.3.90.so
00cd8000-00cd9000 rwxp 00019000 fd:00 6124054    /lib/ld-2.3.90.so
00df3000-00dfc000 r-xp 00000000 fd:00 6124059    /lib/libgcc_s-4.0.2-20051007.so.1
00dfc000-00dfd000 rwxp 00009000 fd:00 6124059    /lib/libgcc_s-4.0.2-20051007.so.1
08048000-08052000 r-xp 00000000 fd:00 7091320    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 fd:00 7091320    /usr/bin/pilot-xfer
08bdb000-08bfc000 rw-p 08bdb000 00:00 0          [heap]
b7f25000-b7f26000 rw-p b7f25000 00:00 0
b7f41000-b7f42000 rw-p b7f41000 00:00 0
bfe2d000-bfe42000 rw-p bfe2d000 00:00 0          [stack]
Aborted

When I run it through GDB:

[spot@swoop ~]$ gdb
GNU gdb Red Hat Linux (6.3.0.0-1.65rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
(gdb) exec /usr/bin/pilot-xfer
(gdb) set args -l -p /dev/ttyUSB1
(gdb) r
Starting program: /usr/bin/pilot-xfer -l -p /dev/ttyUSB1
Reading symbols from shared object read from target memory...(no debugging
symbols found)...done.
Using host libthread_db library "/lib/libthread_db.so.1".
Loaded system supplied DSO at 0x4bb000
(no debugging symbols found)
(no debugging symbols found)
*** buffer overflow detected ***: /usr/bin/pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x1df965]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0x1dff98]
/usr/lib/libpisock.so.9[0xbb0f4f]
/usr/lib/libpisock.so.9(pi_bind+0x54)[0xbb443c]
/usr/bin/pilot-xfer[0x804ee6b]
/usr/bin/pilot-xfer[0x804dc97]
/lib/libc.so.6(__libc_start_main+0xdf)[0x11650f]
/usr/bin/pilot-xfer[0x804a151]
======= Memory map: ========
00101000-00226000 r-xp 00000000 fd:00 6124055    /lib/libc-2.3.90.so
00226000-00228000 r-xp 00125000 fd:00 6124055    /lib/libc-2.3.90.so
00228000-0022a000 rwxp 00127000 fd:00 6124055    /lib/libc-2.3.90.so
0022a000-0022c000 rwxp 0022a000 00:00 0
004bb000-004bc000 r-xp 004bb000 00:00 0          [vdso]
00600000-00607000 r-xp 00000000 fd:00 7079564    /usr/lib/libpopt.so.0.0.0
00607000-00608000 rwxp 00007000 fd:00 7079564    /usr/lib/libpopt.so.0.0.0
00b8e000-00bc0000 r-xp 00000000 fd:00 7079990    /usr/lib/libpisock.so.9.0.0
00bc0000-00bc4000 rwxp 00031000 fd:00 7079990    /usr/lib/libpisock.so.9.0.0
00cbe000-00cd7000 r-xp 00000000 fd:00 6124054    /lib/ld-2.3.90.so
00cd7000-00cd8000 r-xp 00018000 fd:00 6124054    /lib/ld-2.3.90.so
00cd8000-00cd9000 rwxp 00019000 fd:00 6124054    /lib/ld-2.3.90.so
00df3000-00dfc000 r-xp 00000000 fd:00 6124059    /lib/libgcc_s-4.0.2-20051007.so.1
00dfc000-00dfd000 rwxp 00009000 fd:00 6124059    /lib/libgcc_s-4.0.2-20051007.so.1
08048000-08052000 r-xp 00000000 fd:00 7091320    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 fd:00 7091320    /usr/bin/pilot-xfer
08766000-08787000 rw-p 08766000 00:00 0          [heap]
b7fd2000-b7fd3000 rw-p b7fd2000 00:00 0
b7fee000-b7fef000 rw-p b7fee000 00:00 0
bf8d9000-bf8ef000 rw-p bf8d9000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0x004bb402 in __kernel_vsyscall ()
(gdb) bt
#0  0x004bb402 in __kernel_vsyscall ()
#1  0x00129908 in raise () from /lib/libc.so.6
#2  0x0012b078 in abort () from /lib/libc.so.6
#3  0x0015eb5a in __libc_message () from /lib/libc.so.6
#4  0x001df965 in __chk_fail () from /lib/libc.so.6
#5  0x001dff98 in __realpath_chk () from /lib/libc.so.6
#6  0x00bb0f4f in pi_serial_bind (ps=0x8766710, addr=0xbf8eb52a, addrlen=258)
    at /usr/include/bits/stdlib.h:35
#7  0x00bb443c in pi_bind (pi_sd=6, port=0x87664a0 "/dev/ttyUSB1") at socket.c:1063
#8  0x0804ee6b in ?? ()
#9  0x00000006 in ?? ()
#10 0x087664a0 in ?? ()
#11 0x00000006 in ?? ()
#12 0x006070fc in ?? () from /usr/lib/libpopt.so.0
#13 0x08766008 in ?? ()
#14 0x087662d5 in ?? ()
#15 0xbf8eb6f8 in ?? ()
#16 0x006032a5 in poptGetNextOpt () from /usr/lib/libpopt.so.0
#17 0x0804dc97 in ?? ()
#18 0x08766008 in ?? ()
#19 0x00000000 in ?? ()
(gdb)
Comment 7 Rodd Clarkson 2005-11-03 14:56:43 EST
I'm seeing the same (similar) problems on my Palm Zire 72.

I'll try and get a competent gdb some time soon.

It looks from the backtrace above that a couple of other debuginfo packages are
needed.  Any suggestions what?  (Maybe popt-debuginfo?)

Comment 8 Rodd Clarkson 2005-11-10 23:32:02 EST
I'm still seeing this.  Here's the debug I promised.

[rodd@localhost ~]$ rpm -q pilot-link-debuginfo
pilot-link-debuginfo-0.12.0-0.pre4.5


[rodd@localhost ~]$ gdb pilot-xfer
GNU gdb Red Hat Linux (6.3.0.0-1.81rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) set args -l -p /dev/ttyUSB1
(gdb) r
Starting program: /usr/bin/pilot-xfer -l -p /dev/ttyUSB1
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xb21000
*** buffer overflow detected ***: /usr/bin/pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x565c15]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0x566254]
/usr/lib/libpisock.so.9[0xbe7eaf]
/usr/lib/libpisock.so.9(pi_bind+0x54)[0xbeb38c]
/usr/bin/pilot-xfer[0x804ee7b]
/usr/bin/pilot-xfer[0x804dc9e]
/lib/libc.so.6(__libc_start_main+0xdf)[0x49c50f]
/usr/bin/pilot-xfer[0x804a151]
======= Memory map: ========
0046a000-00483000 r-xp 00000000 08:09 327700     /lib/ld-2.3.90.so
00483000-00484000 r-xp 00018000 08:09 327700     /lib/ld-2.3.90.so
00484000-00485000 rwxp 00019000 08:09 327700     /lib/ld-2.3.90.so
00487000-005ac000 r-xp 00000000 08:09 327708     /lib/libc-2.3.90.so
005ac000-005ae000 r-xp 00125000 08:09 327708     /lib/libc-2.3.90.so
005ae000-005b0000 rwxp 00127000 08:09 327708     /lib/libc-2.3.90.so
005b0000-005b2000 rwxp 005b0000 00:00 0
0079e000-007a5000 r-xp 00000000 08:09 1818579    /usr/lib/libpopt.so.0.0.0
007a5000-007a6000 rwxp 00007000 08:09 1818579    /usr/lib/libpopt.so.0.0.0
00b21000-00b22000 r-xp 00b21000 00:00 0          [vdso]
00bc5000-00bf7000 r-xp 00000000 08:09 1819806    /usr/lib/libpisock.so.9.0.0
00bf7000-00bfb000 rwxp 00031000 08:09 1819806    /usr/lib/libpisock.so.9.0.0
00df0000-00df9000 r-xp 00000000 08:09 330212     /lib/libgcc_s-4.0.2-20051007.so.1
00df9000-00dfa000 rwxp 00009000 08:09 330212     /lib/libgcc_s-4.0.2-20051007.so.1
08048000-08052000 r-xp 00000000 08:09 1822753    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 08:09 1822753    /usr/bin/pilot-xfer
083dc000-083fd000 rw-p 083dc000 00:00 0          [heap]
b7f67000-b7f68000 rw-p b7f67000 00:00 0
b7f78000-b7f79000 rw-p b7f78000 00:00 0
bfc63000-bfc79000 rw-p bfc63000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0x00b21402 in __kernel_vsyscall ()
(gdb) bt
#0  0x00b21402 in __kernel_vsyscall ()
#1  0x004af7e8 in raise () from /lib/libc.so.6
#2  0x004b0f58 in abort () from /lib/libc.so.6
#3  0x004e4a3a in __libc_message () from /lib/libc.so.6
#4  0x00565c15 in __chk_fail () from /lib/libc.so.6
#5  0x00566254 in __realpath_chk () from /lib/libc.so.6
#6  0x00be7eaf in pi_serial_bind (ps=0x83dc710, addr=0xbfc751aa, addrlen=258) at
/usr/include/bits/stdlib.h:35
#7  0x00beb38c in pi_bind (pi_sd=6, port=0x83dc4a0 "/dev/ttyUSB1") at socket.c:1063
#8  0x0804ee7b in plu_connect () at userland.c:57
#9  0x0804dc9e in main (argc=4, argv=0xbfc75ba4) at pilot-xfer.c:2511
#10 0x0049c50f in __libc_start_main () from /lib/libc.so.6
#11 0x0804a151 in _start ()
(gdb)
Comment 9 Rodd Clarkson 2005-11-10 23:34:59 EST
I think it might be worth noting that I can get this error message without even
having my Palm Zire 72 plugged in, so I'm not sure it's something Palm Zire 72
(or even Palm <anything>) related, but something to do with the code.

[rodd@localhost ~]$ ls /dev/ttyUSB*
ls: /dev/ttyUSB*: No such file or directory



[rodd@localhost ~]$ pilot-xfer -l -p /dev/ttyUSB1
*** buffer overflow detected ***: pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x565c15]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0x566254]
/usr/lib/libpisock.so.9[0xbe7eaf]
/usr/lib/libpisock.so.9(pi_bind+0x54)[0xbeb38c]
pilot-xfer[0x804ee7b]
pilot-xfer[0x804dc9e]
/lib/libc.so.6(__libc_start_main+0xdf)[0x49c50f]
pilot-xfer[0x804a151]
======= Memory map: ========
0046a000-00483000 r-xp 00000000 08:09 327700     /lib/ld-2.3.90.so
00483000-00484000 r-xp 00018000 08:09 327700     /lib/ld-2.3.90.so
00484000-00485000 rwxp 00019000 08:09 327700     /lib/ld-2.3.90.so
00487000-005ac000 r-xp 00000000 08:09 327708     /lib/libc-2.3.90.so
005ac000-005ae000 r-xp 00125000 08:09 327708     /lib/libc-2.3.90.so
005ae000-005b0000 rwxp 00127000 08:09 327708     /lib/libc-2.3.90.so
005b0000-005b2000 rwxp 005b0000 00:00 0
0079e000-007a5000 r-xp 00000000 08:09 1818579    /usr/lib/libpopt.so.0.0.0
007a5000-007a6000 rwxp 00007000 08:09 1818579    /usr/lib/libpopt.so.0.0.0
00bc5000-00bf7000 r-xp 00000000 08:09 1819806    /usr/lib/libpisock.so.9.0.0
00bf7000-00bfb000 rwxp 00031000 08:09 1819806    /usr/lib/libpisock.so.9.0.0
00df0000-00df9000 r-xp 00000000 08:09 330212     /lib/libgcc_s-4.0.2-20051007.so.1
00df9000-00dfa000 rwxp 00009000 08:09 330212     /lib/libgcc_s-4.0.2-20051007.so.1
00f9d000-00f9e000 r-xp 00f9d000 00:00 0          [vdso]
08048000-08052000 r-xp 00000000 08:09 1822753    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 08:09 1822753    /usr/bin/pilot-xfer
0971c000-0973d000 rw-p 0971c000 00:00 0          [heap]
b7f27000-b7f28000 rw-p b7f27000 00:00 0
b7f38000-b7f39000 rw-p b7f38000 00:00 0
bf923000-bf939000 rw-p bf923000 00:00 0          [stack]
Aborted
[rodd@localhost ~]$


Comment 10 Rodd Clarkson 2005-11-10 23:44:21 EST
If I run pilot-xfer on a FC4 laptop without the device plugged in I get:

[kathy@localhost ~]$ pilot-xfer -l -p /dev/ttyUSB1
  Unable to bind to port: /dev/ttyUSB1
  Please us --help for more information

[kathy@localhost ~]$

Comment 11 David Nielsen 2006-02-04 02:09:47 EST
I'm also seeing this on Rawhide as of 03-02-06 using a Serial linked Palm IIIe

bash-3.1$ pilot-xfer -p /dev/ttyS0 -l
*** buffer overflow detected ***: pilot-xfer terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x4eb685]
/lib/libc.so.6(__ptsname_r_chk+0x0)[0x4ebcc8]
/usr/lib/libpisock.so.9[0x2edbff2]
/usr/lib/libpisock.so.9(pi_bind+0x55)[0x2ede1fb]
pilot-xfer[0x804f2c8]
pilot-xfer[0x804ddd5]
/lib/libc.so.6(__libc_start_main+0xdc)[0x425784]
pilot-xfer[0x804a151]
======= Memory map: ========
00160000-00161000 r-xp 00160000 00:00 0          [vdso]
003f3000-0040c000 r-xp 00000000 fd:00 18481155   /lib/ld-2.3.90.so
0040c000-0040d000 r-xp 00018000 fd:00 18481155   /lib/ld-2.3.90.so
0040d000-0040e000 rwxp 00019000 fd:00 18481155   /lib/ld-2.3.90.so
00410000-00532000 r-xp 00000000 fd:00 18481177   /lib/libc-2.3.90.so
00532000-00535000 r-xp 00122000 fd:00 18481177   /lib/libc-2.3.90.so
00535000-00536000 rwxp 00125000 fd:00 18481177   /lib/libc-2.3.90.so
00536000-00539000 rwxp 00536000 00:00 0
00d35000-00d3c000 r-xp 00000000 fd:00 5475869    /usr/lib/libpopt.so.0.0.0
00d3c000-00d3d000 rwxp 00006000 fd:00 5475869    /usr/lib/libpopt.so.0.0.0
02eb9000-02eea000 r-xp 00000000 fd:00 5484325    /usr/lib/libpisock.so.9.0.0
02eea000-02eee000 rwxp 00030000 fd:00 5484325    /usr/lib/libpisock.so.9.0.0
030ed000-030f7000 r-xp 00000000 fd:00 18482245   /lib/libgcc_s-4.1.0-20060131.so.1
030f7000-030f8000 rwxp 00009000 fd:00 18482245   /lib/libgcc_s-4.1.0-20060131.so.1
08048000-08052000 r-xp 00000000 fd:00 5485116    /usr/bin/pilot-xfer
08052000-08054000 rw-p 00009000 fd:00 5485116    /usr/bin/pilot-xfer
099c7000-099e8000 rw-p 099c7000 00:00 0          [heap]
b7f81000-b7f83000 rw-p b7f81000 00:00 0
bfe79000-bfe8e000 rw-p bfe79000 00:00 0          [stack]
Afbrudt (SIGABRT)
Comment 12 Rodd Clarkson 2006-02-16 22:55:58 EST
I filed this upstream at bugzilla.gnome.org and they responded saying:

"This is a pilot-link bug, not a gnome-pilot bug.  Your pilot-link package is a
pre-release version, and has probably been patched by redhat.  I suggest you
close this (not-a-bug) and resubmit to bugzilla.redhat.com."

Full bug here: http://bugzilla.gnome.org/show_bug.cgi?id=320453
Comment 13 Andrew Gilmore 2006-03-22 13:08:00 EST
This is showing up in FC5 release. It is quite depressing to see the state of
Palm support in FC5 is as bad or worse than FC4. I didn't think that was possible.

This affects gpilotd as well:

(gdb) where
#0  0x00550410 in __kernel_vsyscall ()
#1  0x00a54159 in raise () from /lib/libc.so.6
#2  0x00a556e3 in abort () from /lib/libc.so.6
#3  0x00a88a1b in __libc_message () from /lib/libc.so.6
#4  0x00b07965 in __chk_fail () from /lib/libc.so.6
#5  0x00b07fa8 in __realpath_chk () from /lib/libc.so.6
#6  0x00768b19 in pi_serial_bind (ps=0x8a89038, addr=0xbfe25fca, addrlen=258) at
/usr/include/bits/stdlib.h:35
#7  0x0076af25 in pi_bind (pi_sd=21, port=0x8a6c7d8 "/dev/pilot") at socket.c:1063
#8  0x0804d75e in sync_device (device=0x8a6c0d0, context=0x8a6bc98) at gpilotd.c:166
#9  0x0804e748 in visor_devices_timeout (data=0x8a6bc98) at gpilotd.c:912
#10 0x050c57b6 in g_source_get_current_time () from /usr/lib/libglib-2.0.so.0
#11 0x050c509d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0x050c832f in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#13 0x050c8895 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#14 0x0804d274 in main (argc=Cannot access memory at address 0x6
) at gpilotd.c:1092

Also look at bug# 184059 and bug# 184399 which appear to be duplicates.
Comment 14 Ngo Than 2006-04-14 12:24:48 EDT
it's now fixed in pilot-link-0.11.8-12.3.fc5, which will be avialable in
fc5-update-testing soon. Thanks for your report.
Comment 15 Andrew Gilmore 2006-04-18 10:19:56 EDT
So you have downgraded to pilot-link-0.11.8? 

How does that jive with this comment from pilot-link.org,
http://www.pilot-link.org/node/166#comment-105?

"I emailed back and forth with a pilot-link developer for awhile.  I have the
Treo-650 … and he related that PalmOS 5.x had a new record format that required
an 0.12 version of pilot link."

Have you handled this? I use a Tre650, and at least I can get a sucessful sync
after about 5-15 tries with FC5 and the attached two patches. This sounds like I
will have NO chance. This is not good at all.


Comment 16 Andrew Gilmore 2006-04-18 10:22:37 EDT
Created attachment 127917 [details]
Avoid buffer overflow detection by passing casted version of pi_sockaddr
Comment 17 Andrew Gilmore 2006-04-18 10:23:59 EDT
Created attachment 127918 [details]
Grabbed from another source somewhere, changes pathlength to specs

Note You need to log in before you can comment on or make changes to this bug.