Description of problem: First I tried obexftpd(1) it just always crashes. Version-Release number of selected component (if applicable): obexftp-0.20-3.fc7.i386 How reproducible: Always. Steps to Reproduce: 1. obexftpd -b 2. On Vodafone Japan 802SE (branded SonyEricsson V800) click "browse" Actual results: *** buffer overflow detected ***: obexftpd terminated [attached] Expected results: Something I have never seen, without the segfault. Additional info: More debugging upon request.
Created attachment 149257 [details] Text output
Created attachment 149258 [details] core file
Created attachment 149259 [details] rpm -qa
Created attachment 149260 [details] Fixed text output Attachment in Comment 2 looks borken, copy-pasted + reattached.
I cannot reproduce this, because none of the phones I have at hand have such feature. I've updated obexftp to 0.22-pre4. Should be in tomorrow's rawhide. Please test.
Interesting you took the maintainership in this case. It could already display the directory list but it crashes trying to transfer a file: name=prophecy.png, size=1711360 *** buffer overflow detected ***: obexftpd terminated ======= Backtrace: ========= /lib/i686/nosegneg/libc.so.6(__chk_fail+0x41)[0x6f40c1] /lib/i686/nosegneg/libc.so.6(__read_chk+0x50)[0x6f4550] obexftpd[0x804a78f] obexftpd[0x804b248] /usr/lib/libopenobex.so.1[0xd5655a] /usr/lib/libopenobex.so.1[0xd587d2] /usr/lib/libopenobex.so.1[0xd567a7] /usr/lib/libopenobex.so.1[0xd5828c] /usr/lib/libopenobex.so.1(OBEX_HandleInput+0x2d)[0xd55f3d] obexftpd[0x8049684] obexftpd[0x8049939] /lib/i686/nosegneg/libc.so.6(__libc_start_main+0xe0)[0x623ec0] obexftpd[0x80494d1] ======= Memory map: ======== 00110000-0011b000 r-xp 00000000 03:05 4187261 /lib/libgcc_s-4.1.2-20070317.so.1 0011b000-0011c000 rwxp 0000a000 03:05 4187261 /lib/libgcc_s-4.1.2-20070317.so.1 00185000-00188000 r-xp 00000000 03:05 21755731 /usr/lib/libbfb.so.0.0.4 00188000-00189000 rwxp 00002000 03:05 21755731 /usr/lib/libbfb.so.0.0.4 002fc000-00302000 r-xp 00000000 03:05 21755733 /usr/lib/libobexftp.so.0.1.0 00302000-00303000 rwxp 00005000 03:05 21755733 /usr/lib/libobexftp.so.0.1.0 005ef000-0060a000 r-xp 00000000 03:05 4187298 /lib/ld-2.5.90.so 0060a000-0060b000 r-xp 0001a000 03:05 4187298 /lib/ld-2.5.90.so 0060b000-0060c000 rwxp 0001b000 03:05 4187298 /lib/ld-2.5.90.so 0060e000-0075e000 r-xp 00000000 03:05 4187299 /lib/i686/nosegneg/libc-2.5.90.so 0075e000-00760000 r-xp 00150000 03:05 4187299 /lib/i686/nosegneg/libc-2.5.90.so 00760000-00761000 rwxp 00152000 03:05 4187299 /lib/i686/nosegneg/libc-2.5.90.so 00761000-00764000 rwxp 00761000 00:00 0 00d54000-00d5d000 r-xp 00000000 03:05 21754937 /usr/lib/libopenobex.so.1.3.0 00d5d000-00d5e000 rwxp 00008000 03:05 21754937 /usr/lib/libopenobex.so.1.3.0 00efd000-00efe000 r-xp 00efd000 00:00 0 [vdso] 00ff5000-00ff7000 r-xp 00000000 03:05 21755732 /usr/lib/libmulticobex.so.1.0.0 00ff7000-00ff8000 rwxp 00001000 03:05 21755732 /usr/lib/libmulticobex.so.1.0.0 052ae000-052c1000 r-xp 00000000 03:05 21754938 /usr/lib/libbluetooth.so.2.5.0 052c1000-052c2000 rwxp 00013000 03:05 21754938 /usr/lib/libbluetooth.so.2.5.0 059e3000-059e9000 r-xp 00000000 03:05 21754869 /usr/lib/libusb-0.1.so.4.4.4 059e9000-059eb000 rwxp 00006000 03:05 21754869 /usr/lib/libusb-0.1.so.4.4.4 08048000-0804d000 r-xp 00000000 03:05 21443724 /usr/bin/obexftpd 0804d000-0804e000 rw-p 00004000 03:05 21443724 /usr/bin/obexftpd 089ff000-08a20000 rw-p 089ff000 00:00 0 b7f39000-b7f3c000 rw-p b7f39000 00:00 0 b7f4f000-b7f50000 rw-p b7f4f000 00:00 0 bfa0a000-bfa20000 rw-p bfa0a000 00:00 0 [stack] Aborted
Created attachment 150884 [details] File reader memory corruption fix This way it started working for me, thanks for the packaging. Would you take care of the upstream or should I push it there?
Out of this bug's topic - I can't access any parent directory. Even after adding <parent-folder /> there so it looks as a bug in my Vodafone Japan 802SE (branded SonyEricsson V800). Explicit <folder name=".." /> would probably help but that would be an ugly workaround.
(In reply to comment #6) > Interesting you took the maintainership in this case. I needed obexftp, so I packaged it. I haven't had any need for obexftpd yet. If you want to co-maintain this, you're most welcome. (In reply to comment #7) > Created an attachment (id=150884) [edit] > File reader memory corruption fix > > This way it started working for me, thanks for the packaging. > Would you take care of the upstream or should I push it there? Thank you, I'll forward it upstream.
Patched package built, patch forwarded upstream. Thanks a lot!