5687 – Buffer overrun inside gnome libraries

Bug 5687 - Buffer overrun inside gnome libraries

Summary: Buffer overrun inside gnome libraries

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	gnome-libs
Sub Component:
Version:	6.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Elliot Lee
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-10-07 16:54 UTC by rjb
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-11-17 21:54:21 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description rjb 1999-10-07 16:54:33 UTC

There is a buffer overrun inside the gnome libraries which
appears to be related to the hashing of metadata.db
I have a long backtrace and an even longer strace of an
instance of gmc getting a SEGV.  They are too long
for here but are available at:

http://www.dcs.gla.ac.uk/~rjb/gnome/

The function g_concat_dir_and_file is being called
with overlapping string arguments.

I would be inclined to hypothesise that this may be the
cause of lots of the "works for me" bug reports listed
against gnome.

This is with 6.0 plus all current updates applied:
gnome-core-devel-1.0.7-2
gnome-games-devel-1.0.2-11
gnome-libs-1.0.10-2
gnome-audio-1.0.0-6
gnome-audio-extra-1.0.0-6
gnome-games-1.0.2-11
gnome-linuxconf-0.22-1
gnome-media-1.0.1-3
gnome-objc-1.0.2-4
gnome-objc-devel-1.0.2-4
gnome-pim-1.0.7-2
gnome-pim-devel-1.0.7-2
gnome-users-guide-1.0.5-4rh
gnome-utils-1.0.1-6
pygnome-1.0.1-2
switchdesk-gnome-1.7.0-1
gnome-core-1.0.7-2
gnome-libs-devel-1.0.10-2

I have a core dump too if anyone wants it.

Comment 1 Bill Nottingham 1999-10-07 18:05:59 UTC

How can we reproduce this?

Comment 2 rjb 1999-10-07 18:12:59 UTC

I can't reproduce it to order yet -- the best I get is to let one
hundred undergraduates at it and wait...
I am currently trying to get one acount which has seemed quite
prone to repeat it to do so.

Comment 3 Elliot Lee 1999-10-20 16:56:59 UTC

You are using NFS home directories, correct?

I have heard someone else report a problem like this a long time ago,
but I don't know how to reproduce it. Can you give an 'ls -ld
/users/students3/level3/barnwelc/elc' and see what it looks like?

Also note that many file manager bugs have been fixed since the 6.0
updates - if you're feeling slightly adventurous,
http://www.gnome.org/start/ would get you newer versions of the GNOME
packages.

Comment 4 rjb 1999-10-20 17:29:59 UTC

I provided notting@redhat.com with a tar file which can be unpacked
in order to reproduce the error. Perhaps you can contact him for it
or email me if he's lost it.  Regarding barnwelc/elc/ note that the
strcat is appending a pointer to the elc of barnwelc to barnwelc --
thats why it crashes!

Comment 5 Elliot Lee 1999-11-02 18:09:59 UTC

notting doesn't have the tarball any more, and Federico and I looked
at the mc code that does the loop without seeing any possibility of
the reported problem happening. I'm not sure what to do with this bug
report.

Comment 6 rjb 1999-11-02 18:13:59 UTC

tarball provided to sopwith.

Comment 7 Elliot Lee 1999-11-17 21:54:59 UTC

Further e-mail conversation indicated this problem was due to using an extremely
old version of Gnome.

Note You need to log in before you can comment on or make changes to this bug.