Bug 305071 - 2.0.0.6-9.fc8 crashes with buffer overflow immediately
2.0.0.6-9.fc8 crashes with buffer overflow immediately
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
rawhide
i386 Linux
high Severity urgent
: ---
: ---
Assigned To: Christopher Aillon
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F8Test3
  Show dependency treegraph
 
Reported: 2007-09-25 09:39 EDT by Mamoru TASAKA
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-26 00:08:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Mamoru TASAKA 2007-09-25 09:39:20 EDT
Description of problem:
Just lauching firefox 2.0.0.6-9.fc8 crashes with buffer overflow
immediately

How reproducible:
100%

Steps to Reproduce:
1. Just type "firefox"
  
Actual results:
[tasaka1@localhost i386]$ ( LANG=C ; firefox 2>&1 | tee FIREFOX.log )
*** buffer overflow detected ***: /usr/lib/firefox-2.0.0.6/firefox-bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xe43c58]
/lib/libc.so.6[0xe42300]
/lib/libc.so.6[0xe42a28]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x804b803]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x80531b7]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x80503a9]
/usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x2c0)[0x804abf0]
/lib/libc.so.6(__libc_start_main+0xe0)[0xd71320]
/usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x1e1)[0x804ab11]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-001c2000 r-xp 00000000 fd:02 53737     
/usr/lib/firefox-2.0.0.6/libmozjs.so
001c2000-001c7000 rwxp 000b0000 fd:02 53737     
/usr/lib/firefox-2.0.0.6/libmozjs.so
001c7000-001ca000 r-xp 00000000 fd:02 53739     
/usr/lib/firefox-2.0.0.6/libxpcom.so
001ca000-001cb000 rwxp 00002000 fd:02 53739     
/usr/lib/firefox-2.0.0.6/libxpcom.so
001cb000-002a7000 r-xp 00000000 fd:02 53744     
/usr/lib/firefox-2.0.0.6/libxpcom_core.so
002a7000-002af000 rwxp 000db000 fd:02 53744     
/usr/lib/firefox-2.0.0.6/libxpcom_core.so
002af000-006af000 r-xp 00000000 fd:02 1158155    /usr/lib/libgtk-x11-2.0.so.0.1200.0
006af000-006b5000 rwxp 003ff000 fd:02 1158155    /usr/lib/libgtk-x11-2.0.so.0.1200.0
006b5000-006b6000 rwxp 006b5000 00:00 0 
006b6000-006d0000 r-xp 00000000 fd:02 1159309    /usr/lib/libatk-1.0.so.0.2009.1
006d0000-006d2000 rwxp 0001a000 fd:02 1159309    /usr/lib/libatk-1.0.so.0.2009.1
006d2000-006dd000 r-xp 00000000 fd:00 49283      /lib/libgcc_s-4.1.2-20070821.so.1
006dd000-006de000 rwxp 0000a000 fd:00 49283      /lib/libgcc_s-4.1.2-20070821.so.1
006de000-006ed000 r-xp 00000000 fd:02 1158112    /usr/lib/libXext.so.6.4.0
006ed000-006ee000 rwxp 0000e000 fd:02 1158112    /usr/lib/libXext.so.6.4.0
006f2000-0070d000 r-xp 00000000 fd:00 51368      /lib/ld-2.6.90.so
0070d000-0070e000 r-xp 0001a000 fd:00 51368      /lib/ld-2.6.90.so
0070e000-0070f000 rwxp 0001b000 fd:00 51368      /lib/ld-2.6.90.so
0070f000-007a6000 r-xp 00000000 fd:02 1158149    /usr/lib/libgdk-x11-2.0.so.0.1200.0
007a6000-007a9000 rwxp 00096000 fd:02 1158149    /usr/lib/libgdk-x11-2.0.so.0.1200.0
007a9000-007e7000 r-xp 00000000 fd:02 1159290    /usr/lib/libpango-1.0.so.0.1800.2
007e7000-007e9000 rwxp 0003e000 fd:02 1159290    /usr/lib/libpango-1.0.so.0.1800.2
007e9000-0086a000 r-xp 00000000 fd:02 1158035    /usr/lib/libcairo.so.2.11.5
0086a000-0086c000 rwxp 00081000 fd:02 1158035    /usr/lib/libcairo.so.2.11.5
0086c000-00893000 r-xp 00000000 fd:00 51785      /lib/libm-2.6.90.so
00893000-00894000 r-xp 00026000 fd:00 51785      /lib/libm-2.6.90.so
00894000-00895000 rwxp 00027000 fd:00 51785      /lib/libm-2.6.90.so
00896000-00899000 r-xp 00000000 fd:00 51786      /lib/libdl-2.6.90.so
00899000-0089a000 r-xp 00002000 fd:00 51786      /lib/libdl-2.6.90.so
0089a000-0089b000 rwxp 00003000 fd:00 51786      /lib/libdl-2.6.90.so
0089d000-008b2000 r-xp 00000000 fd:00 51782      /lib/libpthread-2.6.90.so
008b2000-008b3000 r-xp 00014000 fd:00 51782      /lib/libpthread-2.6.90.so
008b3000-008b4000 rwxp 00015000 fd:00 51782      /lib/libpthread-2.6.90.so
008b4000-008b6000 rwxp 008b4000 00:00 0 
008b6000-008dd000 r-xp 00000000 fd:02 1159292    /usr/lib/libfontconfig.so.1.2.0
008dd000-008e5000 rwxp 00027000 fd:02 1159292    /usr/lib/libfontconfig.so.1.2.0
008e5000-008ed000 r-xp 00000000 fd:02 1152136    /usr/lib/libXrender.so.1.3.0
008ed000-008ee000 rwxp 00007000 fd:02 1152136    /usr/lib/libXrender.so.1.3.0
008f1000-008f5000 r-xp 00000000 fd:02 1158145    /usr/lib/libXfixes.so.3.1.0
008f5000-008f6000 rwxp 00003000 fd:02 1158145    /usr/lib/libXfixes.so.3.1.0
008f8000-008fa000 r-xp 00000000 fd:02 1158113    /usr/lib/libXinerama.so.1.0.0
008fa000-008fb000 rwxp 00001000 fd:02 1158113    /usr/lib/libXinerama.so.1.0.0
008fb000-00903000 r-xp 00000000 fd:02 843870     /usr/lib/libXi.so.6.0.0
00903000-00904000 rwxp 00007000 fd:02 843870     /usr/lib/libXi.so.6.0.0

Additional info:
Reverting to -8.fc8 is okay
Comment 1 Matthias Clasen 2007-09-25 12:09:59 EDT
This is PATH_MAX <-> MAXPATHLEN confusion in realpath calls.

Comment 2 Mamoru TASAKA 2007-09-26 00:08:32 EDT
-10 does not crash, Thank you!

Note You need to log in before you can comment on or make changes to this bug.