Description of problem: $ lftp http://koji.fedoraproject.org/packages/cairo/1.5.4/1.fc9/i386/ cd ok, cwd=/packages/cairo/1.5.4/1.fc9/i386 lftp koji.fedoraproject.org:/packages/cairo/1.5.4/1.fc9/i386> mget *.rpm *** buffer overflow detected ***: lftp terminatedving data] ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x48)[0x328b58] /lib/libc.so.6[0x327200] /lib/libc.so.6[0x326918] /lib/libc.so.6(_IO_default_xsputn+0xcd)[0x2a4e8d] /lib/libc.so.6(_IO_vfprintf+0x8ef)[0x27bfcf] /lib/libc.so.6(__vsprintf_chk+0xad)[0x3269cd] /lib/libc.so.6(__sprintf_chk+0x30)[0x326900] /usr/lib/liblftp-tasks.so.0(_ZN8FileCopy17GetPercentDoneStrEv+0x59)[0x193be9] /usr/lib/liblftp-jobs.so.0(_ZN7CopyJob6StatusEPK10StatusLineb+0xab)[0x15a14b] /usr/lib/liblftp-jobs.so.0(_ZN7CopyJob13ShowRunStatusEP10StatusLine+0x37)[0x15a1e7] /usr/lib/liblftp-jobs.so.0(_ZN3Job13ShowRunStatusEP10StatusLine+0x7d)[0x13e50d] /usr/lib/liblftp-jobs.so.0(_ZN7mgetJob13ShowRunStatusEP10StatusLine+0x54)[0x14b934] /usr/lib/liblftp-jobs.so.0(_ZN3Job13ShowRunStatusEP10StatusLine+0x7d)[0x13e50d] /usr/lib/liblftp-jobs.so.0(_ZN7CmdExec13ShowRunStatusEP10StatusLine+0xb1)[0x141861] /usr/lib/liblftp-jobs.so.0(_ZN7CmdExec2DoEv+0x702)[0x143242] /usr/lib/liblftp-tasks.so.0(_ZN6SMTask8ScheduleEv+0xbc)[0x183f8c] /usr/lib/liblftp-jobs.so.0(_ZN3Job8WaitDoneEv+0x2d)[0x13e46d] lftp[0x804c3c7] /lib/libc.so.6(__libc_start_main+0xe0)[0x255390] lftp[0x804b7d1] ======= Memory map: ======== 00110000-0012b000 r-xp 00000000 08:09 7155302 /lib/ld-2.7.so 0012b000-0012c000 r-xp 0001a000 08:09 7155302 /lib/ld-2.7.so 0012c000-0012d000 rwxp 0001b000 08:09 7155302 /lib/ld-2.7.so 0012d000-0012e000 r-xp 0012d000 00:00 0 [vdso] 0012e000-00169000 r-xp 00000000 08:09 7645400 /usr/lib/liblftp-jobs.so.0.0.0 00169000-0016c000 rwxp 0003a000 08:09 7645400 /usr/lib/liblftp-jobs.so.0.0.0 0016c000-001c4000 r-xp 00000000 08:09 7645999 /usr/lib/liblftp-tasks.so.0.0.0 001c4000-001c8000 rwxp 00057000 08:09 7645999 /usr/lib/liblftp-tasks.so.0.0.0 001c8000-001cc000 rwxp 001c8000 00:00 0 001cc000-001fc000 r-xp 00000000 08:09 7648471 /usr/lib/libreadline.so.5.2 001fc000-00200000 rwxp 00030000 08:09 7648471 /usr/lib/libreadline.so.5.2 00200000-00201000 rwxp 00200000 00:00 0 00201000-00203000 r-xp 00000000 08:09 7158649 /lib/libutil-2.7.so 00203000-00204000 r-xp 00001000 08:09 7158649 /lib/libutil-2.7.so 00204000-00205000 rwxp 00002000 08:09 7158649 /lib/libutil-2.7.so 00205000-00225000 r-xp 00000000 08:09 7155216 /lib/libncurses.so.5.6 00225000-00226000 rwxp 00020000 08:09 7155216 /lib/libncurses.so.5.6 00226000-00236000 r-xp 00000000 08:09 7160118 /lib/libresolv-2.7.so 00236000-00237000 r-xp 00010000 08:09 7160118 /lib/libresolv-2.7.so 00237000-00238000 rwxp 00011000 08:09 7160118 /lib/libresolv-2.7.so 00238000-0023a000 rwxp 00238000 00:00 0 0023a000-0023d000 r-xp 00000000 08:09 7158615 /lib/libdl-2.7.so 0023d000-0023e000 r-xp 00002000 08:09 7158615 /lib/libdl-2.7.so 0023e000-0023f000 rwxp 00003000 08:09 7158615 /lib/libdl-2.7.so 0023f000-00392000 r-xp 00000000 08:09 7155361 /lib/libc-2.7.so 00392000-00394000 r-xp 00153000 08:09 7155361 /lib/libc-2.7.so 00394000-00395000 rwxp 00155000 08:09 7155361 /lib/libc-2.7.so 00395000-00398000 rwxp 00395000 00:00 0 00398000-00476000 r-xp 00000000 08:09 7645279 /usr/lib/libstdc++.so.6.0.8 00476000-00479000 r-xp 000dd000 08:09 7645279 /usr/lib/libstdc++.so.6.0.8 00479000-0047b000 rwxp 000e0000 08:09 7645279 /usr/lib/libstdc++.so.6.0.8 0047b000-00481000 rwxp 0047b000 00:00 0 00481000-004a8000 r-xp 00000000 08:09 7158620 /lib/libm-2.7.so 004a8000-004a9000 r-xp 00026000 08:09 7158620 /lib/libm-2.7.so 004a9000-004aa000 rwxp 00027000 08:09 7158620 /lib/libm-2.7.so 004aa000-004b5000 r-xp 00000000 08:09 7155204 /lib/libgcc_s-4.1.2-20071124.so.1 004b5000-004b6000 rwxp 0000a000 08:09 7155204 /lib/libgcc_s-4.1.2-20071124.so.1 004b6000-004cb000 r-xp 00000000 08:09 7155321 /lib/libtinfo.so.5.6 004cb000-004ce000 rwxp 00014000 08:09 7155321 /lib/libtinfo.so.5.6 004ce000-004e1000 r-xp 00000000 08:09 3368871 /usr/lib/lftp/3.5.14/proto-http.so 004e1000-004e2000 rwxp 00013000 08:09 3368871 /usr/lib/lftp/3.5.14/proto-http.so 004e2000-004fd000 r-xp 00000000 08:09 3368678 /usr/lib/lftp/3.5.14/liblftp-network.so 004fd000-004ff000 rwxp 0001a000 08:09 3368678 /usr/lib/lftp/3.5.14/liblftp-network.so 004ff000-00503000 rwxp 004ff000 00:00 0 00503000-00548000 r-xp 00000000 08:09 7155326 /lib/libssl.so.0.9.8g 00548000-0054c000 rwxp 00045000 08:09 7155326 /lib/libssl.so.0.9.8g 0054c000-00684000 r-xp 00000000 08:09 7155250 /lib/libcrypto.so.0.9.8g 00684000-00697000 rwxp 00137000 08:09 7155250 /lib/libcrypto.so.0.9.8g 00697000-0069b000 rwxp 00697000 00:00 0 0069b000-006c7000 r-xp 00000000 08:09 7645694 /usr/lib/libgssapi_krb5.so.2.2 006c7000-006c8000 rwxp 0002c000 08:09 7645694 /usr/lib/libgssapi_krb5.so.2.2 006c8000-00763000 r-xp 00000000 08:09 7650511 /usr/lib/libkrb5.so.3.3 00763000-00766000 rwxp 0009a000 08:09 7650511 /usr/lib/libkrb5.so.3.3 00766000-00768000 r-xp 00000000 08:09 7155309 /lib/libcom_err.so.2.1 00768000-00769000 rwxp 00001000 08:09 7155309 /lib/libcom_err.so.2.1 00769000-0078e000 r-xp 00000000 08:09 7654026 /usr/lib/libk5crypto.so.3.1 0078e000-0078f000 rwxp 00025000 08:09 7654026 /usr/lib/libk5crypto.so.3.1 0078f000-007a1000 r-xp 00000000 08:09 7157346 /lib/libz.so.1.2.3 007a1000-007a2000 rwxp 00011000 08:09 7157346 /lib/libz.so.1.2.3 007a2000-007aa000 r-xp 00000000 08:09 7658869 /usr/lib/libkrb5support.so.0.1 007aa000-007ab000 rwxp 00007000 08:09 7658869 /usr/lib/libkrb5support.so.0.1 007ab000-007ad000 r-xp 00000000 08:09 7155174 /lib/libkeyutils-1.2.so 007ad000-007ae000 rwxp 00001000 08:09 7155174 /lib/libkeyutils-1.2.so 007ae000-007c7000 r-xp 00000000 08:09 7155182 /lib/libselinux.so.1 007c7000-007c9000 rwxp 00018000 08:09 7155182 /lib/libselinux.so.1 08048000-08051000 r-xp 00000000 08:09 7646311 /usr/bin/lftp 08051000-08052000 rw-p 00008000 08:09 7646311 /usr/bin/lftp 08a38000-08a9e000 rw-p 08a38000 00:00 0 b7c14000-b7c15000 rw-p b7c14000 00:00 0 b7c15000-b7c1c000 r--s 00000000 08:09 7721136 /usr/lib/gconv/gconv-modules.cache b7c1c000-b7c1d000 r--p 00cac000 08:09 7652580 /usr/lib/locale/locale-archive b7c1d000-b7cff000 r--p 0019f000 08:09 7652580 /usr/lib/locale/locale-archive b7cff000-b7eff000 r--p 00000000 08:09 7652580 /usr/lib/locale/locale-archive b7eff000-b7f03000 rw-p b7eff000 00:00 0 bfe03000-bfe18000 rw-p bffea000 00:00 0 [stack] Aborted (gdb) bt #0 0x0012d402 in __kernel_vsyscall () #1 0x00268690 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0x00269f91 in abort () at abort.c:88 #3 0x002a09eb in __libc_message (do_abort=2, fmt=0x368833 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #4 0x00328b58 in __fortify_fail (msg=0x368802 "buffer overflow detected") at fortify_fail.c:32 #5 0x00327200 in __chk_fail () at chk_fail.c:29 #6 0x00326918 in _IO_str_chk_overflow (fp=0xbfdd896c, c=32) at vsprintf_chk.c:35 #7 0x002a4e8d in _IO_default_xsputn (f=0xbfdd896c, data=0x1b51dc, n=2) at genops.c:486 #8 0x0027bfcf in _IO_vfprintf_internal (s=0xbfdd896c, format=0x1b51d7 "(%d%%) ", ap=<value optimized out>) at vfprintf.c:1590 #9 0x003269cd in ___vsprintf_chk (s=0x1c7414 "(15%)", flags=1, slen=6, format=0x1b51d7 "(%d%%) ", args=0xbfdd8a50 "\017") at vsprintf_chk.c:87 #10 0x00326900 in ___sprintf_chk (s=0x1c7414 "(15%)", flags=1, slen=6, format=0x1b51d7 "(%d%%) ") at sprintf_chk.c:33 #11 0x00193be9 in FileCopy::GetPercentDoneStr (this=0x8eff4d0) at /usr/include/bits/stdio2.h:35 #12 0x0015a14b in CopyJob::Status (this=0x8f02be8, s=0x8eed580, base=false) at CopyJob.cc:92 ---Type <return> to continue, or q <return> to quit--- #13 0x0015a1e7 in CopyJob::ShowRunStatus (this=0x0, s=0x8eed580) at CopyJob.cc:102 #14 0x0013e50d in Job::ShowRunStatus (this=0x8ef3c28, sl=0x8eed580) at Job.cc:524 #15 0x0014b934 in mgetJob::ShowRunStatus (this=0x6, s=0x8eed580) at mgetJob.cc:40 #16 0x0013e50d in Job::ShowRunStatus (this=0x8ee1ff8, sl=0x8eed580) at Job.cc:524 #17 0x00141861 in CmdExec::ShowRunStatus (this=0x8ee1ff8, s=0x8eed580) at CmdExec.cc:723 #18 0x00143242 in CmdExec::Do (this=0x8ee1ff8) at CmdExec.cc:594 #19 0x00183f8c in SMTask::Schedule () at SMTask.cc:241 #20 0x0013e46d in Job::WaitDone (this=0x8ee1ff8) at Job.cc:557 #21 0x0804c3c7 in main (argc=2, argv=0xbfdd8d74) at lftp.cc:489 #22 0x00255390 in __libc_start_main (main=0x804c0b0 <main>, argc=2, ubp_av=0xbfdd8d74, init=0x804f4b0 <__libc_csu_init>, fini=0x804f4a0 <__libc_csu_fini>, rtld_fini=0x11e940 <_dl_fini>, stack_end=0xbfdd8d6c) at libc-start.c:220 #23 0x0804b7d1 in _start () Version-Release number of selected component (if applicable): 3.5.14-2.1.fc9 How reproducible: alway Steps to Reproduce: 1. lftp http://koji.fedoraproject.org/packages/cairo/1.5.4/1.fc9/i386/ 2. mget *.rpm 3. Actual results: Expected results: Additional info:
I am seeing the same problem.
By the way, the lasted upstream version is 3.6.1.
Created attachment 283981 [details] Fix the buffer size and use snprintf instead sprintf It doesn't core dump to me, but I think I know where the problem is. Please try this patch and let me know if it works. Thanks.
(In reply to comment #3) > Created an attachment (id=283981) [edit] > Fix the buffer size and use snprintf instead sprintf Seems to work for me.
Patch sent to upstream.
*** Bug 420401 has been marked as a duplicate of this bug. ***
(In reply to comment #2) > By the way, the lasted upstream version is 3.6.1. Yes, I know. I promise to update as soon as I have some time. Hopefully, I'll have it done before the end of the year. Please be patient.
This issue is fixed in lftp-3.5.14-3.fc9 Fixed packages were also proposed for updates: lftp-3.5.14-3.fc8 lftp-3.5.10-4.fc7
lftp-3.5.14-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
lftp-3.5.10-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Fixed on RHEL5 - lftp-3.7.11-4.el5_5.3, broken again on RHEL6 lftp-4.0.9-1.el6.x86_64: *** buffer overflow detected ***: lftp terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x3592701d47] /lib64/libc.so.6[0x35926ffc30] /lib64/libc.so.6[0x35926ff089] /lib64/libc.so.6(_IO_default_xsputn+0xc9)[0x35926740e9] /lib64/libc.so.6(_IO_vfprintf+0xc60)[0x3592644ec0] /lib64/libc.so.6(__vsprintf_chk+0x9d)[0x35926ff12d] /lib64/libc.so.6(__sprintf_chk+0x7f)[0x35926ff06f] /usr/lib64/liblftp-tasks.so.0(_ZN8FileInfo12MakeLongNameEv+0x168)[0x7fcc45873938] /usr/lib64/lftp/4.0.9/proto-sftp.so(_ZN4SFtp12HandleExpectEPNS_6ExpectE+0x88e)[0x7fcc3f79a36e] /usr/lib64/lftp/4.0.9/proto-sftp.so(_ZN4SFtp13HandleRepliesEv+0x183)[0x7fcc3f79a723] /usr/lib64/lftp/4.0.9/proto-sftp.so(_ZN4SFtp2DoEv+0x124)[0x7fcc3f79c4e4] /usr/lib64/liblftp-tasks.so.0(_ZN6SMTask8ScheduleEv+0x74)[0x7fcc45862fc4] /usr/lib64/liblftp-jobs.so.0(_ZN3Job8WaitDoneEv+0xd)[0x7fcc45af24cd] lftp[0x405af5] /lib64/libc.so.6(__libc_start_main+0xfd)[0x359261ecdd] lftp[0x405139]