Bug 189666 - cscope stack smashing
cscope stack smashing
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: cscope (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Neil Horman
:
Depends On:
Blocks: CVE-2009-1577
  Show dependency treegraph
 
Reported: 2006-04-22 08:23 EDT by Ronald Wahl
Modified: 2009-05-05 10:18 EDT (History)
0 users

See Also:
Fixed In Version: cscope-15.5-13.7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-11 13:04:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
patch to limit how much data putstring copies to the target pointer (7.04 KB, patch)
2006-05-05 11:27 EDT, Neil Horman
no flags Details | Diff
updated patch to fix header breakage (7.44 KB, patch)
2006-06-23 15:55 EDT, Neil Horman
no flags Details | Diff

  None (edit)
Description Ronald Wahl 2006-04-22 08:23:50 EDT
Description of problem:

cscope's "Find all function definitions" results in "stack smashing" on a
valgrind source repository.

Version-Release number of selected component (if applicable):

15.5-13.3

How reproducible:

Always

Steps to Reproduce:
1. Get valgrind (3.1.1 in my case). Extract it. Change into its base directory.
2. Call "cscope -R"
3. Enter an arbitrary char at the "Find all function definitions" and press enter.
  
Actual results:

cscope reports a "** stack smashing detected ***"

Expected results:

cscope should return all (matching?) function definitions

Additional info:

1. Increasing PATLEN in constants.h to exactly 308 will make the stack smashing
message go away but the output of cscope has a strange formating. Increasing the
buffer futher will result in correct formating.

2. The overflow fix in cscope-15.5-13.3 seems not related to this.

3. A not very useful coredump:

#0  0x00417402 in __kernel_vsyscall ()
(gdb) bt
#0  0x00417402 in __kernel_vsyscall ()
#1  0x00ccd159 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x00cce6e3 in *__GI_abort () at abort.c:88
#3  0x00d01a1b in __libc_message (do_abort=1, 
    fmt=0xdbf478 "*** stack smashing detected ***: %s terminated\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x00d81e45 in __stack_chk_fail () at stack_chk_fail.c:31
#5  0x080567d5 in findallfcns (dummy=Could not find the frame base for
"findallfcns".
) at find.c:451
#6  0x31303938 in ?? ()
#7  0x35343332 in ?? ()
#8  0x39383736 in ?? ()
#9  0x33323130 in ?? ()
#10 0x37363534 in ?? ()
#11 0x31303938 in ?? ()
#12 0x35343332 in ?? ()
#13 0x39383736 in ?? ()
#14 0x33323130 in ?? ()
#15 0x37363534 in ?? ()
#16 0x00003938 in ?? ()
#17 0x00000001 in ?? ()
#18 0x10000000 in ?? ()
#19 0x08048f2e in ?? ()
#20 0x00000002 in ?? ()
#21 0x00000000 in ?? ()
Comment 1 Neil Horman 2006-05-05 11:27:19 EDT
Created attachment 128661 [details]
patch to limit how much data putstring copies to the target pointer

This should fix the problem.  Please test and report results.  Thanks!
Comment 2 Ronald Wahl 2006-05-05 18:07:08 EDT
If you fix the putstring prototype in src/global.h too then it works, otherwise
it will not compile. The stack smashing went away. Thanks!
Comment 3 Neil Horman 2006-06-23 15:55:44 EDT
Created attachment 131459 [details]
updated patch to fix header breakage
Comment 4 Fedora Update System 2006-06-23 17:19:56 EDT
cscope-15.5-13.7 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 5 Ronald Wahl 2007-03-03 17:00:20 EST
I think this issue can be set to fixed. I cannot reproduce it anymore.

Note You need to log in before you can comment on or make changes to this bug.