This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 230991 - obexftpd(1) segfault
obexftpd(1) segfault
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: obexftp (Show other bugs)
rawhide
i686 Linux
medium Severity urgent
: ---
: ---
Assigned To: Dominik 'Rathann' Mierzejewski
Fedora Extras Quality Assurance
: Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-05 07:48 EST by Jan Kratochvil
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 0.22-0.2.pre4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-27 15:42:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Text output (314 bytes, text/plain)
2007-03-05 07:48 EST, Jan Kratochvil
no flags Details
core file (316.00 KB, application/octet-stream)
2007-03-05 07:50 EST, Jan Kratochvil
no flags Details
rpm -qa (35.48 KB, text/plain)
2007-03-05 07:51 EST, Jan Kratochvil
no flags Details
Fixed text output (3.02 KB, text/plain)
2007-03-05 07:53 EST, Jan Kratochvil
no flags Details
File reader memory corruption fix (405 bytes, patch)
2007-03-26 05:12 EDT, Jan Kratochvil
no flags Details | Diff

  None (edit)
Description Jan Kratochvil 2007-03-05 07:48:09 EST
Description of problem:
First I tried obexftpd(1) it just always crashes.

Version-Release number of selected component (if applicable):
obexftp-0.20-3.fc7.i386

How reproducible:
Always.

Steps to Reproduce:
1. obexftpd -b
2. On Vodafone Japan 802SE (branded SonyEricsson V800) click "browse"

Actual results:
*** buffer overflow detected ***: obexftpd terminated
[attached]

Expected results:
Something I have never seen, without the segfault.

Additional info:
More debugging upon request.
Comment 1 Jan Kratochvil 2007-03-05 07:48:10 EST
Created attachment 149257 [details]
Text output
Comment 2 Jan Kratochvil 2007-03-05 07:50:32 EST
Created attachment 149258 [details]
core file
Comment 3 Jan Kratochvil 2007-03-05 07:51:48 EST
Created attachment 149259 [details]
rpm -qa
Comment 4 Jan Kratochvil 2007-03-05 07:53:57 EST
Created attachment 149260 [details]
Fixed text output

Attachment in Comment 2 looks borken, copy-pasted + reattached.
Comment 5 Dominik 'Rathann' Mierzejewski 2007-03-25 10:38:37 EDT
I cannot reproduce this, because none of the phones I have at hand have such
feature. I've updated obexftp to 0.22-pre4. Should be in tomorrow's rawhide.
Please test.
Comment 6 Jan Kratochvil 2007-03-26 04:35:04 EDT
Interesting you took the maintainership in this case.
It could already display the directory list but it crashes trying to transfer a
file:
name=prophecy.png, size=1711360
*** buffer overflow detected ***: obexftpd terminated
======= Backtrace: =========
/lib/i686/nosegneg/libc.so.6(__chk_fail+0x41)[0x6f40c1]
/lib/i686/nosegneg/libc.so.6(__read_chk+0x50)[0x6f4550]
obexftpd[0x804a78f]
obexftpd[0x804b248]
/usr/lib/libopenobex.so.1[0xd5655a]
/usr/lib/libopenobex.so.1[0xd587d2]
/usr/lib/libopenobex.so.1[0xd567a7]
/usr/lib/libopenobex.so.1[0xd5828c]
/usr/lib/libopenobex.so.1(OBEX_HandleInput+0x2d)[0xd55f3d]
obexftpd[0x8049684]
obexftpd[0x8049939]
/lib/i686/nosegneg/libc.so.6(__libc_start_main+0xe0)[0x623ec0]
obexftpd[0x80494d1]
======= Memory map: ========
00110000-0011b000 r-xp 00000000 03:05 4187261    /lib/libgcc_s-4.1.2-20070317.so.1
0011b000-0011c000 rwxp 0000a000 03:05 4187261    /lib/libgcc_s-4.1.2-20070317.so.1
00185000-00188000 r-xp 00000000 03:05 21755731   /usr/lib/libbfb.so.0.0.4
00188000-00189000 rwxp 00002000 03:05 21755731   /usr/lib/libbfb.so.0.0.4
002fc000-00302000 r-xp 00000000 03:05 21755733   /usr/lib/libobexftp.so.0.1.0
00302000-00303000 rwxp 00005000 03:05 21755733   /usr/lib/libobexftp.so.0.1.0
005ef000-0060a000 r-xp 00000000 03:05 4187298    /lib/ld-2.5.90.so
0060a000-0060b000 r-xp 0001a000 03:05 4187298    /lib/ld-2.5.90.so
0060b000-0060c000 rwxp 0001b000 03:05 4187298    /lib/ld-2.5.90.so
0060e000-0075e000 r-xp 00000000 03:05 4187299    /lib/i686/nosegneg/libc-2.5.90.so
0075e000-00760000 r-xp 00150000 03:05 4187299    /lib/i686/nosegneg/libc-2.5.90.so
00760000-00761000 rwxp 00152000 03:05 4187299    /lib/i686/nosegneg/libc-2.5.90.so
00761000-00764000 rwxp 00761000 00:00 0 
00d54000-00d5d000 r-xp 00000000 03:05 21754937   /usr/lib/libopenobex.so.1.3.0
00d5d000-00d5e000 rwxp 00008000 03:05 21754937   /usr/lib/libopenobex.so.1.3.0
00efd000-00efe000 r-xp 00efd000 00:00 0          [vdso]
00ff5000-00ff7000 r-xp 00000000 03:05 21755732   /usr/lib/libmulticobex.so.1.0.0
00ff7000-00ff8000 rwxp 00001000 03:05 21755732   /usr/lib/libmulticobex.so.1.0.0
052ae000-052c1000 r-xp 00000000 03:05 21754938   /usr/lib/libbluetooth.so.2.5.0
052c1000-052c2000 rwxp 00013000 03:05 21754938   /usr/lib/libbluetooth.so.2.5.0
059e3000-059e9000 r-xp 00000000 03:05 21754869   /usr/lib/libusb-0.1.so.4.4.4
059e9000-059eb000 rwxp 00006000 03:05 21754869   /usr/lib/libusb-0.1.so.4.4.4
08048000-0804d000 r-xp 00000000 03:05 21443724   /usr/bin/obexftpd
0804d000-0804e000 rw-p 00004000 03:05 21443724   /usr/bin/obexftpd
089ff000-08a20000 rw-p 089ff000 00:00 0 
b7f39000-b7f3c000 rw-p b7f39000 00:00 0 
b7f4f000-b7f50000 rw-p b7f4f000 00:00 0 
bfa0a000-bfa20000 rw-p bfa0a000 00:00 0          [stack]
Aborted
Comment 7 Jan Kratochvil 2007-03-26 05:12:34 EDT
Created attachment 150884 [details]
File reader memory corruption fix

This way it started working for me, thanks for the packaging.
Would you take care of the upstream or should I push it there?
Comment 8 Jan Kratochvil 2007-03-26 05:14:59 EDT
Out of this bug's topic - I can't access any parent directory.
Even after adding <parent-folder /> there so it looks as a bug in my Vodafone
Japan 802SE (branded SonyEricsson V800).  Explicit <folder name=".." /> would
probably help but that would be an ugly workaround.
Comment 9 Dominik 'Rathann' Mierzejewski 2007-03-26 07:58:35 EDT
(In reply to comment #6)
> Interesting you took the maintainership in this case.

I needed obexftp, so I packaged it. I haven't had any need for obexftpd yet.
If you want to co-maintain this, you're most welcome.

(In reply to comment #7)
> Created an attachment (id=150884) [edit]
> File reader memory corruption fix
> 
> This way it started working for me, thanks for the packaging.
> Would you take care of the upstream or should I push it there?

Thank you, I'll forward it upstream.
Comment 10 Dominik 'Rathann' Mierzejewski 2007-03-27 15:42:16 EDT
Patched package built, patch forwarded upstream. Thanks a lot!

Note You need to log in before you can comment on or make changes to this bug.