Bug 532334 - crash because of memory corruption
Summary: crash because of memory corruption
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: strace
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Roland McGrath
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-01 17:59 UTC by Stas Sergeev
Modified: 2010-01-07 15:24 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-07 15:24:00 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
the fix (373 bytes, patch)
2009-11-01 17:59 UTC, Stas Sergeev 		no flags Details | Diff
View All

Description Stas Sergeev 2009-11-01 17:59:39 UTC 
Created attachment 367019 [details]
the fix

Description of problem:
strace crashes for me because of
the memory corruption.

Version-Release number of selected component (if applicable):
strace-4.5.18-2.fc11.x86_64

How reproducible:
Always

Steps to Reproduce:
1. strace -f -o log mkinitrd initrd-`uname -r`.img `uname -r`
  
Actual results:
Segmentation fault after some time

Expected results:
Correct tracing of mkinitrd

Additional info:
The attached patch fixes the problem.
string_quote() expects the size of 'outstr'
to be at least size*4+3 (actually, as the
code there is very sloppy, even this may
not always hold). And size=max_strlen+1,
but the buffer allocated is max_strlen*4+6,
which is less than (max_strlen+1)*4+3 by
one byte. All this code is very bad and
unsafe, Who writes the code like this? :)
Comment 1 Andreas Schwab 2010-01-07 15:24:00 UTC 
Fxied in 4.5.19.
Note You need to log in before you can comment on or make changes to this bug.