305071 – 2.0.0.6-9.fc8 crashes with buffer overflow immediately

Bug 305071 - 2.0.0.6-9.fc8 crashes with buffer overflow immediately

Summary: 2.0.0.6-9.fc8 crashes with buffer overflow immediately

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	urgent
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F8Test3
TreeView+	depends on / blocked

Reported:	2007-09-25 13:39 UTC by Mamoru TASAKA
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-09-26 04:08:32 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mamoru TASAKA 2007-09-25 13:39:20 UTC

Description of problem:
Just lauching firefox 2.0.0.6-9.fc8 crashes with buffer overflow
immediately

How reproducible:
100%

Steps to Reproduce:
1. Just type "firefox"
  
Actual results:
[tasaka1@localhost i386]$ ( LANG=C ; firefox 2>&1 | tee FIREFOX.log )
*** buffer overflow detected ***: /usr/lib/firefox-2.0.0.6/firefox-bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xe43c58]
/lib/libc.so.6[0xe42300]
/lib/libc.so.6[0xe42a28]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x804b803]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x80531b7]
/usr/lib/firefox-2.0.0.6/firefox-bin[0x80503a9]
/usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x2c0)[0x804abf0]
/lib/libc.so.6(__libc_start_main+0xe0)[0xd71320]
/usr/lib/firefox-2.0.0.6/firefox-bin(__gxx_personality_v0+0x1e1)[0x804ab11]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-001c2000 r-xp 00000000 fd:02 53737     
/usr/lib/firefox-2.0.0.6/libmozjs.so
001c2000-001c7000 rwxp 000b0000 fd:02 53737     
/usr/lib/firefox-2.0.0.6/libmozjs.so
001c7000-001ca000 r-xp 00000000 fd:02 53739     
/usr/lib/firefox-2.0.0.6/libxpcom.so
001ca000-001cb000 rwxp 00002000 fd:02 53739     
/usr/lib/firefox-2.0.0.6/libxpcom.so
001cb000-002a7000 r-xp 00000000 fd:02 53744     
/usr/lib/firefox-2.0.0.6/libxpcom_core.so
002a7000-002af000 rwxp 000db000 fd:02 53744     
/usr/lib/firefox-2.0.0.6/libxpcom_core.so
002af000-006af000 r-xp 00000000 fd:02 1158155    /usr/lib/libgtk-x11-2.0.so.0.1200.0
006af000-006b5000 rwxp 003ff000 fd:02 1158155    /usr/lib/libgtk-x11-2.0.so.0.1200.0
006b5000-006b6000 rwxp 006b5000 00:00 0 
006b6000-006d0000 r-xp 00000000 fd:02 1159309    /usr/lib/libatk-1.0.so.0.2009.1
006d0000-006d2000 rwxp 0001a000 fd:02 1159309    /usr/lib/libatk-1.0.so.0.2009.1
006d2000-006dd000 r-xp 00000000 fd:00 49283      /lib/libgcc_s-4.1.2-20070821.so.1
006dd000-006de000 rwxp 0000a000 fd:00 49283      /lib/libgcc_s-4.1.2-20070821.so.1
006de000-006ed000 r-xp 00000000 fd:02 1158112    /usr/lib/libXext.so.6.4.0
006ed000-006ee000 rwxp 0000e000 fd:02 1158112    /usr/lib/libXext.so.6.4.0
006f2000-0070d000 r-xp 00000000 fd:00 51368      /lib/ld-2.6.90.so
0070d000-0070e000 r-xp 0001a000 fd:00 51368      /lib/ld-2.6.90.so
0070e000-0070f000 rwxp 0001b000 fd:00 51368      /lib/ld-2.6.90.so
0070f000-007a6000 r-xp 00000000 fd:02 1158149    /usr/lib/libgdk-x11-2.0.so.0.1200.0
007a6000-007a9000 rwxp 00096000 fd:02 1158149    /usr/lib/libgdk-x11-2.0.so.0.1200.0
007a9000-007e7000 r-xp 00000000 fd:02 1159290    /usr/lib/libpango-1.0.so.0.1800.2
007e7000-007e9000 rwxp 0003e000 fd:02 1159290    /usr/lib/libpango-1.0.so.0.1800.2
007e9000-0086a000 r-xp 00000000 fd:02 1158035    /usr/lib/libcairo.so.2.11.5
0086a000-0086c000 rwxp 00081000 fd:02 1158035    /usr/lib/libcairo.so.2.11.5
0086c000-00893000 r-xp 00000000 fd:00 51785      /lib/libm-2.6.90.so
00893000-00894000 r-xp 00026000 fd:00 51785      /lib/libm-2.6.90.so
00894000-00895000 rwxp 00027000 fd:00 51785      /lib/libm-2.6.90.so
00896000-00899000 r-xp 00000000 fd:00 51786      /lib/libdl-2.6.90.so
00899000-0089a000 r-xp 00002000 fd:00 51786      /lib/libdl-2.6.90.so
0089a000-0089b000 rwxp 00003000 fd:00 51786      /lib/libdl-2.6.90.so
0089d000-008b2000 r-xp 00000000 fd:00 51782      /lib/libpthread-2.6.90.so
008b2000-008b3000 r-xp 00014000 fd:00 51782      /lib/libpthread-2.6.90.so
008b3000-008b4000 rwxp 00015000 fd:00 51782      /lib/libpthread-2.6.90.so
008b4000-008b6000 rwxp 008b4000 00:00 0 
008b6000-008dd000 r-xp 00000000 fd:02 1159292    /usr/lib/libfontconfig.so.1.2.0
008dd000-008e5000 rwxp 00027000 fd:02 1159292    /usr/lib/libfontconfig.so.1.2.0
008e5000-008ed000 r-xp 00000000 fd:02 1152136    /usr/lib/libXrender.so.1.3.0
008ed000-008ee000 rwxp 00007000 fd:02 1152136    /usr/lib/libXrender.so.1.3.0
008f1000-008f5000 r-xp 00000000 fd:02 1158145    /usr/lib/libXfixes.so.3.1.0
008f5000-008f6000 rwxp 00003000 fd:02 1158145    /usr/lib/libXfixes.so.3.1.0
008f8000-008fa000 r-xp 00000000 fd:02 1158113    /usr/lib/libXinerama.so.1.0.0
008fa000-008fb000 rwxp 00001000 fd:02 1158113    /usr/lib/libXinerama.so.1.0.0
008fb000-00903000 r-xp 00000000 fd:02 843870     /usr/lib/libXi.so.6.0.0
00903000-00904000 rwxp 00007000 fd:02 843870     /usr/lib/libXi.so.6.0.0

Additional info:
Reverting to -8.fc8 is okay

Comment 1 Matthias Clasen 2007-09-25 16:09:59 UTC

This is PATH_MAX <-> MAXPATHLEN confusion in realpath calls.

Comment 2 Mamoru TASAKA 2007-09-26 04:08:32 UTC

-10 does not crash, Thank you!

Note You need to log in before you can comment on or make changes to this bug.