Bug 487702 - correct code aborts with buffer overflow on ppc
correct code aborts with buffer overflow on ppc
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: gcc (Show other bugs)
rawhide
ppc Linux
low Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-27 10:05 EST by Dan Horák
Modified: 2009-03-04 15:46 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-02 11:01:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test.c (144 bytes, text/x-csrc)
2009-02-27 10:05 EST, Dan Horák
no flags Details
test.h (324 bytes, text/x-chdr)
2009-02-27 10:06 EST, Dan Horák
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
GNU Compiler Collection 39343 None None None Never

  None (edit)
Description Dan Horák 2009-02-27 10:05:18 EST
The code in attachments fails on buffer overflow when compiled and run on ppc (64bit kernel, 32bit userspace), but runs clean on x86_64


Version-Release number of selected component (if applicable):
gcc-4.4.0-0.21.ppc


Steps to Reproduce:
1. gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -D_GNU_SOURCE -D_REENTRANT test.c

2. ./a.put

  
Actual results:
*** buffer overflow detected ***: ./a.out terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x6c)[0xff5c26c]
/lib/libc.so.6[0xff59718]
/lib/libc.so.6(__strncpy_chk+0x1b4)[0xff586f4]
./a.out[0x10000500]
/lib/libc.so.6[0xfe5ac64]
/lib/libc.so.6[0xfe5ae20]
======= Memory map: ========
00100000-00103000 r-xp 00100000 00:00 0                                  [vdso]
0fe3c000-0ffd5000 r-xp 00000000 fd:00 3212337                            /lib/libc-2.9.90.so
0ffd5000-0ffe8000 ---p 00199000 fd:00 3212337                            /lib/libc-2.9.90.so
0ffe8000-0ffec000 r--p 0019c000 fd:00 3212337                            /lib/libc-2.9.90.so
0ffec000-0ffed000 rw-p 001a0000 fd:00 3212337                            /lib/libc-2.9.90.so
0ffed000-0fff0000 rw-p 0ffed000 00:00 0 
10000000-10001000 r-xp 00000000 fd:00 294938                             /root/dhorak/test/a.out
10010000-10011000 rw-p 00000000 fd:00 294938                             /root/dhorak/test/a.out
f7fbc000-f7fbe000 rw-p f7fbc000 00:00 0 
f7fbe000-f7fe2000 r-xp 00000000 fd:00 3212322                            /lib/ld-2.9.90.so
f7ffd000-f7ffe000 r--p 0002f000 fd:00 3212322                            /lib/ld-2.9.90.so
f7ffe000-f7fff000 rw-p 00030000 fd:00 3212322                            /lib/ld-2.9.90.so
ffd43000-ffd58000 rw-p ffffffeb000 00:00 0                               [stack]
Neúspěšně ukončen (SIGABRT)

This is a test case for buffer overflow aborts that can be seen at
ppc = https://koji.fedoraproject.org/koji/getfile?taskID=1177236&name=build.log
ppc64 = https://koji.fedoraproject.org/koji/getfile?taskID=1190281&name=build.log
(scratch builds)
Comment 1 Dan Horák 2009-02-27 10:05:43 EST
Created attachment 333491 [details]
test.c
Comment 2 Dan Horák 2009-02-27 10:06:25 EST
Created attachment 333492 [details]
test.h
Comment 3 Dan Horák 2009-02-27 10:08:46 EST
removing any (?, but I have tried to remove a lot of them, one at time) of the struct members makes the code run without an abort
Comment 4 Jakub Jelinek 2009-03-02 11:01:02 EST
Tracking this upstream.
Comment 5 Jakub Jelinek 2009-03-04 15:14:00 EST
Should be fixed in gcc-4.4.0-0.22.
Comment 6 Dan Horák 2009-03-04 15:46:52 EST
(In reply to comment #5)
> Should be fixed in gcc-4.4.0-0.22.

confirmed

Note You need to log in before you can comment on or make changes to this bug.