Bug 532334 - crash because of memory corruption
crash because of memory corruption
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: strace (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Roland McGrath
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-01 12:59 EST by Stas Sergeev
Modified: 2010-01-07 10:24 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-01-07 10:24:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
the fix (373 bytes, patch)
2009-11-01 12:59 EST, Stas Sergeev
no flags Details | Diff

  None (edit)
Description Stas Sergeev 2009-11-01 12:59:39 EST
Created attachment 367019 [details]
the fix

Description of problem:
strace crashes for me because of
the memory corruption.

Version-Release number of selected component (if applicable):
strace-4.5.18-2.fc11.x86_64

How reproducible:
Always

Steps to Reproduce:
1. strace -f -o log mkinitrd initrd-`uname -r`.img `uname -r`
  
Actual results:
Segmentation fault after some time

Expected results:
Correct tracing of mkinitrd

Additional info:
The attached patch fixes the problem.
string_quote() expects the size of 'outstr'
to be at least size*4+3 (actually, as the
code there is very sloppy, even this may
not always hold). And size=max_strlen+1,
but the buffer allocated is max_strlen*4+6,
which is less than (max_strlen+1)*4+3 by
one byte. All this code is very bad and
unsafe, Who writes the code like this? :)
Comment 1 Andreas Schwab 2010-01-07 10:24:00 EST
Fxied in 4.5.19.

Note You need to log in before you can comment on or make changes to this bug.