Bug 666761 - buffer overflow in fhs_lock
Summary: buffer overflow in fhs_lock
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rxtx
Version: 14
Hardware: x86_64
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Levente Farkas
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:1dc5a6d4a258b6553fdb5327a73...
: 678185 688010 688561 689281 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-03 02:18 UTC by Ed Marshall
Modified: 2011-04-03 04:23 UTC (History)
13 users (show)

Fixed In Version: rxtx-2.2-0.4.20100211.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-04-02 20:22:08 UTC


Attachments (Terms of Use)
File: backtrace (50.79 KB, text/plain)
2011-01-03 02:18 UTC, Ed Marshall
no flags Details
Expand message and filename buffers to avoid overflow. (333 bytes, patch)
2011-03-17 19:57 UTC, Ed Marshall
no flags Details | Diff

Description Ed Marshall 2011-01-03 02:18:46 UTC
abrt version: 1.1.14
architecture: x86_64
Attached file: backtrace
cmdline: /usr/lib/jvm/java/bin/java -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -classpath /usr/share/java/ecj.jar:/usr/share/java/jna.jar:/usr/share/java/RXTXcomm.jar::/usr/share/arduino/core.jar:/usr/share/arduino/pde.jar processing.app.Base
component: java-1.6.0-openjdk
crash_function: __libc_message
executable: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java
kernel: 2.6.35.10-74.fc14.x86_64
package: java-1.6.0-openjdk-devel-1:1.6.0.0-49.1.9.3.fc14
rating: 3
reason: Process /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java was killed by signal 6 (SIGABRT)
release: Fedora release 14 (Laughlin)
How to reproduce: No reproduction recipe, as it only happened one time; I was working in the Arduino client, and opened a new sketch in a second window. Looks like this might be RXTX-related?
time: 1294018322
uid: 500

Comment 1 Ed Marshall 2011-01-03 02:18:49 UTC
Created attachment 471416 [details]
File: backtrace

Comment 2 Manuel Schilt 2011-01-16 22:35:31 UTC
Package: java-1.6.0-openjdk-devel-1:1.6.0.0-49.1.9.3.fc14
Architecture: x86_64
OS Release: Fedora release 14 (Laughlin)


How to reproduce
-----
1.started arduino gui with plugged in uc
2.opened /dev/ttyUSB0 as serial port used to connect to uc
3.waited a sec and tried to click something on the gui.
--> Crash occurred



Comment
-----
Serial monitor was running. so maybe the serial monitor of arduino gui does something bad..

Comment 3 Omair Majid 2011-01-17 14:54:10 UTC
Looks like http://code.google.com/p/arduino/issues/detail?id=336. Perhaps it might be better to post logs/comments in the upstream bug tracker.

Comment 4 Omair Majid 2011-01-17 16:18:08 UTC
Seems like a bug in rxtx. Reassigning to rxtx. Filed upstream as http://bugzilla.qbang.org/show_bug.cgi?id=160.

Comment 5 Omair Majid 2011-02-17 15:13:19 UTC
*** Bug 678185 has been marked as a duplicate of this bug. ***

Comment 6 Ed Marshall 2011-03-16 02:27:32 UTC
*** Bug 688010 has been marked as a duplicate of this bug. ***

Comment 7 Omair Majid 2011-03-17 14:32:54 UTC
*** Bug 688561 has been marked as a duplicate of this bug. ***

Comment 8 Ed Marshall 2011-03-17 16:30:07 UTC
Interestingly, Kevin Harrington recently announced on the mailing list that he had forked RXTX as nrjavaserial:

http://code.google.com/p/nrjavaserial/

Looking through SerialImp.c, it appears that the bug in question has been "fixed" in their tree (ie. the buffer was grown to 200 bytes, rather than reimplementing the logic in a less error-prone manner), along with quite a few other changes (specifically around single-jar native-lib distribution, which I wouldn't think would be all that useful to Fedora).

Figuring out what the current strain of development is on RXTX seems to be more than my little mind can handle, so I'm not sure if they just inherited that fix from the RXTX cvs repo (suggesting it would be in a future release), or if they've gone back and corrected it themselves.

Perhaps it would be worth including a patch until upstream issues a fixed release, in the interests of avoiding crashes for end-users?

Comment 9 Levente Farkas 2011-03-17 19:36:05 UTC
could you attach a proposed patch?

Comment 10 Ed Marshall 2011-03-17 19:57:48 UTC
Created attachment 486091 [details]
Expand message and filename buffers to avoid overflow.

Sure, see attached.

Note, this isn't how I'd ordinarily do it; it's just a 15-second mirror of what was done in the nrjavaserial fork that seems to be "good enough" to get rid of the symptom and prevent a crash.

(I'd probably start by replacing the 75 references in that file to sprintf() with snprintf(), along with changing the strcpy(), strcat(), etc calls to something a little more provably safe. But, that train of thought starts getting significantly more invasive, and probably ought to be initiated by someone upstream.)

Comment 11 Fedora Update System 2011-03-17 21:27:47 UTC
rxtx-2.2-0.4.20100211.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/rxtx-2.2-0.4.20100211.el6

Comment 12 Fedora Update System 2011-03-17 21:32:36 UTC
rxtx-2.2-0.4.20100211.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/rxtx-2.2-0.4.20100211.fc15

Comment 13 Fedora Update System 2011-03-17 21:39:12 UTC
rxtx-2.2-0.4.20100211.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/rxtx-2.2-0.4.20100211.fc14

Comment 14 Fedora Update System 2011-03-17 22:00:57 UTC
rxtx-2.2-0.4.20100211.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/rxtx-2.2-0.4.20100211.fc13

Comment 15 Fedora Update System 2011-03-17 22:40:02 UTC
rxtx-2.2-0.4.20100211.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/rxtx-2.2-0.4.20100211.el5

Comment 16 Omair Majid 2011-03-21 14:35:17 UTC
*** Bug 689281 has been marked as a duplicate of this bug. ***

Comment 17 Bernard Johnson 2011-03-22 00:22:31 UTC
Package: java-1.6.0-openjdk-1:1.6.0.0-52.1.9.7.fc14
Architecture: x86_64
OS Release: Fedora release 14 (Laughlin)


How to reproduce
-----
1. Using arduino IDE
2.
3.

Comment 18 Sezer Yalcin 2011-03-22 00:30:25 UTC
I am hoping that proposed patch will not only fix crash but also fix issues with Arduino IDE, which looks like related to underlying java libs causing this crash. 

Arduino is not working properly, it does not recognize attached USB device, even if it does recognize by chance (occasionally), it loses connection during or right after data communication.

Comment 19 Bernard Johnson 2011-03-22 01:14:19 UTC
Package: java-1.6.0-openjdk-1:1.6.0.0-52.1.9.7.fc14
Architecture: x86_64
OS Release: Fedora release 14 (Laughlin)


How to reproduce
-----
1. using arduino IDE
2.
3.

Comment 20 Ed Marshall 2011-03-22 01:21:34 UTC
Failure to recognize the Arduino sounds like a different issue.

Is this with one of the new boards (the Uno or the new Mega), by any chance? If so, you may need to load new firmware for the ATmega8U2 chip. http://arduino.cc/blog/2011/02/15/fix-to-uno-and-mega-2560-linux-serial-problems/

Please consider dropping by the Arduino forums at http://arduino.cc/forum/ and describing your problem in more detail; it's very likely that this isn't a Fedora-specific problem.

Comment 21 Bernard Johnson 2011-03-22 01:27:42 UTC
(In reply to comment #20)
> Failure to recognize the Arduino sounds like a different issue.
> 
> Is this with one of the new boards (the Uno or the new Mega), by any chance?

Crashed in #17 and #19 are on an Uno.  It did recognize the board and I was able to upload a sketch.  Further attempts to work with the serial console (upload or view) caused it to crash.

Comment 22 Ed Marshall 2011-03-22 01:40:00 UTC
Bernard, apologies; my note was in reference to comment #18.

Comment 23 Sezer Yalcin 2011-03-22 01:41:19 UTC
(In reply to comment #20)
Yes, this is Arduino Uno and didn't know the listed issue on their website. Looks they screwed up badly, asking me to solder a resistor to fix firmware. I will look into further.

Comment 24 Fedora Update System 2011-04-02 20:22:01 UTC
rxtx-2.2-0.4.20100211.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2011-04-02 20:22:41 UTC
rxtx-2.2-0.4.20100211.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2011-04-02 22:52:43 UTC
rxtx-2.2-0.4.20100211.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2011-04-02 22:54:01 UTC
rxtx-2.2-0.4.20100211.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2011-04-03 04:23:10 UTC
rxtx-2.2-0.4.20100211.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.