Description of problem: Just lauching firefox 2.0.0.6-9.fc8 crashes with buffer overflow immediately How reproducible: 100% Steps to Reproduce: 1. Just type "firefox" Actual results: [tasaka1@localhost i386]$ ( LANG=C ; firefox 2>&1 | tee FIREFOX.log ) *** buffer overflow detected ***: /usr/lib/firefox-2.0.0.6/firefox-bin terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x48)[0xe43c58] /lib/libc.so.6[0xe42300] /lib/libc.so.6[0xe42a28] /usr/lib/firefox-2.0.0.6/firefox-bin[0x804b803] /usr/lib/firefox-2.0.0.6/firefox-bin[0x80531b7] /usr/lib/firefox-2.0.0.6/firefox-bin[0x80503a9] /usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x2c0)[0x804abf0] /lib/libc.so.6(__libc_start_main+0xe0)[0xd71320] /usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x1e1)[0x804ab11] ======= Memory map: ======== 00110000-00111000 r-xp 00110000 00:00 0 [vdso] 00111000-001c2000 r-xp 00000000 fd:02 53737 /usr/lib/firefox-2.0.0.6/libmozjs.so 001c2000-001c7000 rwxp 000b0000 fd:02 53737 /usr/lib/firefox-2.0.0.6/libmozjs.so 001c7000-001ca000 r-xp 00000000 fd:02 53739 /usr/lib/firefox-2.0.0.6/libxpcom.so 001ca000-001cb000 rwxp 00002000 fd:02 53739 /usr/lib/firefox-2.0.0.6/libxpcom.so 001cb000-002a7000 r-xp 00000000 fd:02 53744 /usr/lib/firefox-2.0.0.6/libxpcom_core.so 002a7000-002af000 rwxp 000db000 fd:02 53744 /usr/lib/firefox-2.0.0.6/libxpcom_core.so 002af000-006af000 r-xp 00000000 fd:02 1158155 /usr/lib/libgtk-x11-2.0.so.0.1200.0 006af000-006b5000 rwxp 003ff000 fd:02 1158155 /usr/lib/libgtk-x11-2.0.so.0.1200.0 006b5000-006b6000 rwxp 006b5000 00:00 0 006b6000-006d0000 r-xp 00000000 fd:02 1159309 /usr/lib/libatk-1.0.so.0.2009.1 006d0000-006d2000 rwxp 0001a000 fd:02 1159309 /usr/lib/libatk-1.0.so.0.2009.1 006d2000-006dd000 r-xp 00000000 fd:00 49283 /lib/libgcc_s-4.1.2-20070821.so.1 006dd000-006de000 rwxp 0000a000 fd:00 49283 /lib/libgcc_s-4.1.2-20070821.so.1 006de000-006ed000 r-xp 00000000 fd:02 1158112 /usr/lib/libXext.so.6.4.0 006ed000-006ee000 rwxp 0000e000 fd:02 1158112 /usr/lib/libXext.so.6.4.0 006f2000-0070d000 r-xp 00000000 fd:00 51368 /lib/ld-2.6.90.so 0070d000-0070e000 r-xp 0001a000 fd:00 51368 /lib/ld-2.6.90.so 0070e000-0070f000 rwxp 0001b000 fd:00 51368 /lib/ld-2.6.90.so 0070f000-007a6000 r-xp 00000000 fd:02 1158149 /usr/lib/libgdk-x11-2.0.so.0.1200.0 007a6000-007a9000 rwxp 00096000 fd:02 1158149 /usr/lib/libgdk-x11-2.0.so.0.1200.0 007a9000-007e7000 r-xp 00000000 fd:02 1159290 /usr/lib/libpango-1.0.so.0.1800.2 007e7000-007e9000 rwxp 0003e000 fd:02 1159290 /usr/lib/libpango-1.0.so.0.1800.2 007e9000-0086a000 r-xp 00000000 fd:02 1158035 /usr/lib/libcairo.so.2.11.5 0086a000-0086c000 rwxp 00081000 fd:02 1158035 /usr/lib/libcairo.so.2.11.5 0086c000-00893000 r-xp 00000000 fd:00 51785 /lib/libm-2.6.90.so 00893000-00894000 r-xp 00026000 fd:00 51785 /lib/libm-2.6.90.so 00894000-00895000 rwxp 00027000 fd:00 51785 /lib/libm-2.6.90.so 00896000-00899000 r-xp 00000000 fd:00 51786 /lib/libdl-2.6.90.so 00899000-0089a000 r-xp 00002000 fd:00 51786 /lib/libdl-2.6.90.so 0089a000-0089b000 rwxp 00003000 fd:00 51786 /lib/libdl-2.6.90.so 0089d000-008b2000 r-xp 00000000 fd:00 51782 /lib/libpthread-2.6.90.so 008b2000-008b3000 r-xp 00014000 fd:00 51782 /lib/libpthread-2.6.90.so 008b3000-008b4000 rwxp 00015000 fd:00 51782 /lib/libpthread-2.6.90.so 008b4000-008b6000 rwxp 008b4000 00:00 0 008b6000-008dd000 r-xp 00000000 fd:02 1159292 /usr/lib/libfontconfig.so.1.2.0 008dd000-008e5000 rwxp 00027000 fd:02 1159292 /usr/lib/libfontconfig.so.1.2.0 008e5000-008ed000 r-xp 00000000 fd:02 1152136 /usr/lib/libXrender.so.1.3.0 008ed000-008ee000 rwxp 00007000 fd:02 1152136 /usr/lib/libXrender.so.1.3.0 008f1000-008f5000 r-xp 00000000 fd:02 1158145 /usr/lib/libXfixes.so.3.1.0 008f5000-008f6000 rwxp 00003000 fd:02 1158145 /usr/lib/libXfixes.so.3.1.0 008f8000-008fa000 r-xp 00000000 fd:02 1158113 /usr/lib/libXinerama.so.1.0.0 008fa000-008fb000 rwxp 00001000 fd:02 1158113 /usr/lib/libXinerama.so.1.0.0 008fb000-00903000 r-xp 00000000 fd:02 843870 /usr/lib/libXi.so.6.0.0 00903000-00904000 rwxp 00007000 fd:02 843870 /usr/lib/libXi.so.6.0.0 Additional info: Reverting to -8.fc8 is okay
This is PATH_MAX <-> MAXPATHLEN confusion in realpath calls.
-10 does not crash, Thank you!