+++ This bug was initially created as a clone of Bug #559863 +++ Description of problem: When using wcstools in FC12, version 3.7.0-8.fc12.x86_64, within a c++ program to read a FITS file image with a long header, the program exits anormaly giving the following error: *** buffer overflow detected ***: postager terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x38c2af75e7] /lib64/libc.so.6[0x38c2af5600] /usr/lib64/libwc.so.0(wcstype+0x1bc)[0x38c162cf1c] /usr/lib64/libwc.so.0(wcsinitc+0xe7b)[0x38c16261ab] /usr/lib64/libwc.so.0(wcsinit+0x13)[0x38c1627e73] ~/lib/libcmine.so.0(_Z5getxySsddRdS_+0xba)[0x7f774f2a3459] ~/lib/libcmine.so.0(_Z5getxySsffRfS_+0x84)[0x7f774f2a7541] postager(main+0x1c2d)[0x40a0cd] /lib64/libc.so.6(__libc_start_main+0xfd)[0x38c2a1eb1d] postager[0x404b49] ======= Memory map: ======== 00400000-00422000 r-xp 00000000 fd:02 76808352 ~/src/postager 00622000-00623000 rw-p 00022000 fd:02 76808352 ~/src/postager 00623000-00624000 rw-p 00000000 00:00 0 016c5000-016e6000 rw-p 00000000 00:00 0 [heap] 38c1200000-38c121e000 r-xp 00000000 fd:00 873791 /lib64/ld-2.11.1.so 38c141d000-38c141e000 r--p 0001d000 fd:00 873791 /lib64/ld-2.11.1.so 38c141e000-38c141f000 rw-p 0001e000 fd:00 873791 /lib64/ld-2.11.1.so 38c141f000-38c1420000 rw-p 00000000 00:00 0 38c1600000-38c16b1000 r-xp 00000000 fd:00 383867 /usr/lib64/libwcs.so.0.0.0 38c16b1000-38c18b0000 ---p 000b1000 fd:00 383867 /usr/lib64/libwcs.so.0.0.0 38c18b0000-38c18b4000 rw-p 000b0000 fd:00 383867 /usr/lib64/libwcs.so.0.0.0 38c18b4000-38c18b8000 rw-p 00000000 00:00 0 38c1a00000-38c1a03000 r-xp 00000000 fd:00 874881 /lib64/libcom_err.so.2.1 38c1a03000-38c1c02000 ---p 00003000 fd:00 874881 /lib64/libcom_err.so.2.1 38c1c02000-38c1c03000 rw-p 00002000 fd:00 874881 /lib64/libcom_err.so.2.1 38c1e00000-38c1f6f000 r-xp 00000000 fd:00 384515 /usr/lib64/libcrypto.so.1.0.0 38c1f6f000-38c216e000 ---p 0016f000 fd:00 384515 /usr/lib64/libcrypto.so.1.0.0 38c216e000-38c2190000 rw-p 0016e000 fd:00 384515 /usr/lib64/libcrypto.so.1.0.0 38c2190000-38c2194000 rw-p 00000000 00:00 0 38c2200000-38c2209000 r-xp 00000000 fd:00 874879 /lib64/libkrb5support.so.0.1 38c2209000-38c2408000 ---p 00009000 fd:00 874879 /lib64/libkrb5support.so.0.1 38c2408000-38c2409000 rw-p 00008000 fd:00 874879 /lib64/libkrb5support.so.0.1 38c2600000-38c262d000 r-xp 00000000 fd:00 874883 /lib64/libgssapi_krb5.so.2.2 38c262d000-38c282d000 ---p 0002d000 fd:00 874883 /lib64/libgssapi_krb5.so.2.2 38c282d000-38c282f000 rw-p 0002d000 fd:00 874883 /lib64/libgssapi_krb5.so.2.2 38c2a00000-38c2b6f000 r-xp 00000000 fd:00 873794 /lib64/libc-2.11.1.so 38c2b6f000-38c2d6f000 ---p 0016f000 fd:00 873794 /lib64/libc-2.11.1.so 38c2d6f000-38c2d73000 r--p 0016f000 fd:00 873794 /lib64/libc-2.11.1.so 38c2d73000-38c2d74000 rw-p 00173000 fd:00 873794 /lib64/libc-2.11.1.so 38c2d74000-38c2d79000 rw-p 00000000 00:00 0 38c2e00000-38c2e83000 r-xp 00000000 fd:00 874871 /lib64/libm-2.11.1.so 38c2e83000-38c3082000 ---p 00083000 fd:00 874871 /lib64/libm-2.11.1.so 38c3082000-38c3083000 r--p 00082000 fd:00 874871 /lib64/libm-2.11.1.so 38c3083000-38c3084000 rw-p 00083000 fd:00 874871 /lib64/libm-2.11.1.so 38c3200000-38c3202000 r-xp 00000000 fd:00 874268 /lib64/libdl-2.11.1.so 38c3202000-38c3402000 ---p 00002000 fd:00 874268 /lib64/libdl-2.11.1.so 38c3402000-38c3403000 r--p 00002000 fd:00 874268 /lib64/libdl-2.11.1.so 38c3403000-38c3404000 rw-p 00003000 fd:00 874268 /lib64/libdl-2.11.1.so 38c3600000-38c3617000 r-xp 00000000 fd:00 874836 /lib64/libpthread-2.11.1.so 38c3617000-38c3816000 ---p 00017000 fd:00 874836 /lib64/libpthread-2.11.1.so 38c3816000-38c3817000 r--p 00016000 fd:00 874836 /lib64/libpthread-2.11.1.so 38c3817000-38c3818000 rw-p 00017000 fd:00 874836 /lib64/libpthread-2.11.1.so 38c3818000-38c381c000 rw-p 00000000 00:00 0 38c3a00000-38c3a15000 r-xp 00000000 fd:00 874869 /lib64/libz.so.1.2.3 38c3a15000-38c3c14000 ---p 00015000 fd:00 874869 /lib64/libz.so.1.2.3 38c3c14000-38c3c15000 rw-p 00014000 fd:00 874869 /lib64/libz.so.1.2.3 38c4200000-38c421c000 r-xp 00000000 fd:00 874866 /lib64/libselinux.so.1 38c421c000-38c441b000 ---p 0001c000 fd:00 874866 /lib64/libselinux.so.1 38c441b000-38c441c000 r--p 0001b000 fd:00 874866 /lib64/libselinux.so.1 38c441c000-38c441d000 rw-p 0001c000 fd:00 874866 /lib64/libselinux.so.1 38c441d000-38c441e000 rw-p 00000000 00:00 0 38c4a00000-38c4a15000 r-xp 00000000 fd:00 874865 /lib64/libresolv-2.11.1.so 38c4a15000-38c4c15000 ---p 00015000 fd:00 874865 /lib64/libresolv-2.11.1.so 38c4c15000-38c4c16000 r--p 00015000 fd:00 874865 /lib64/libresolv-2.11.1.so 38c4c16000-38c4c17000 rw-p 00016000 fd:00 874865 /lib64/libresolv-2.11.1.so 38c4c17000-38c4c19000 rw-p 00000000 00:00 0 38c5200000-38c521b000 r-xp 00000000 fd:00 383880 /usr/lib64/libxcb.so.1.1.0 38c521b000-38c541a000 ---p 0001b000 fd:00 383880 /usr/lib64/libxcb.so.1.1.0 38c541a000-38c541b000 rw-p 0001a000 fd:00 383880 /usr/lib64/libxcb.so.1.1.0 38c5600000-38c5602000 r-xp 00000000 fd:00 383876 /usr/lib64/libXau.so.6.0.0 38c5602000-38c5802000 ---p 00002000 fd:00 383876 /usr/lib64/libXau.so.6.0.0 38c5802000-38c5803000 rw-p 00002000 fd:00 383876 /usr/lib64/libXau.so.6.0.0 38c5a00000-38c5b39000 r-xp 00000000 fd:00 383910 /usr/lib64/libX11.so.6.3.0 38c5b39000-38c5d39000 ---p 00139000 fd:00 383910 /usr/lib64/libX11.so.6.3.0 38c5d39000-38c5d3f000 rw-p 00139000 fd:00 383910 /usr/lib64/libX11.so.6.3.0 38c6a00000-38c6a37000 r-xp 00000000 fd:00 844088 /usr/lib64/libgslcblas.so.0.0.0 38c6a37000-38c6c36000 ---p 00037000 fd:00 844088 /usr/lib64/libgslcblas.so.0.0.0 38c6c36000-38c6c37000 rw-p 00036000 fd:00 844088 /usr/lib64/libgslcblas.so.0.0.0Abort Version-Release number of selected component (if applicable): 3.7.0-8.fc12.x86_64 How reproducible: Always Steps to Reproduce: 1.Read an image with a long header and RA---TAN-SIP, DEC--TAN-SIP WCS system. 2.Try to use wcsinit. 3. Actual results: Program Aborted before wcsinit finishes. Expected results: wcsinit should run and allow to use other wcstools functions. Additional info: The problem occurs when calling wcsinit. Problem goes away if header of FITS file is edited and CTYPE1 and CTYPE2 keyword values are changed from RA---TAN-SIP and DEC--TAN-SIP to RA---TAN and DEC--TAN. Problem is not existent when working with the same original FITS image in FC11, wcstools version 3.7.0-7.fc11.x86_64. Problem is not existent when using own compilation of wcstools version 3.8.1. --- Additional comment from sergio.pasra on 2010-01-29 08:08:54 EST --- Pablo, thanks for the bug report. Could you put somewhere a sample FITS that makes the application crash? --- Additional comment from pgperez.ucm.es on 2010-01-29 10:59:41 EST --- Here it is: http://guaix.fis.ucm.es/~pgperez/temp/thdfn_all_ch1_m.fits And the code I was running: struct WorldCoor *rwcs; string rname="thdfn_all_ch1_m.fits"; char *header; int lhead,nbhead; rfile=new char [rname.length()+1]; strcpy(rfile,rname.c_str()); header=fitsrhead(rfile,&lhead,&nbhead); rwcs=wcsinit(header); //Abort is produced in the previous line!!!! wcs2pix(rwcs,esa1,esa2,&wx,&wy,&off); ... --- Additional comment from sergio.pasra on 2010-02-01 07:24:21 EST --- I'm testing wcstools 3.8.1 The size of field c1type in struct WorldCoor is 9, but the value copied into it is 'RA---TAN-SIP', whose length is 12. There are other fields with numeric values, such as radecsys[32] or ctype[9][9]. I don't feel I can fix the bug without the danger of creating new problems I will report the bug upstream, If the maintainer creates a fix, I can patch the fedora package --- Additional comment from updates on 2010-02-03 13:44:26 EST --- wcstools-3.8.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/wcstools-3.8.1-1.fc12 --- Additional comment from updates on 2010-02-03 13:45:42 EST --- wcstools-3.8.1-1.fc11.1 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/wcstools-3.8.1-1.fc11.1 --- Additional comment from pgperez.ucm.es on 2010-02-04 04:03:25 EST --- wcstools-3.8.1-1.fc12 seems to have solved the issue. And it has also solved a related problem in ds9, which aborted when loading the same type of image. Thanks.