Description of problem: pstree crashes immediately with a buffer overflow Version-Release number of selected component (if applicable): psmisc-22.15-1.fc17.x86_64 How reproducible: Always Steps to Reproduce: 1. pstree Actual results: *** buffer overflow detected ***: pstree terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7f9b0a1fbba7] /lib64/libc.so.6(+0x105d60)[0x7f9b0a1f9d60] pstree[0x402f7b] pstree[0x40318b] pstree[0x401f67] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f9b0a115745] pstree[0x4021a5] ======= Memory map: ======== 00400000-00405000 r-xp 00000000 fd:02 26615025 /usr/bin/pstree 00604000-00605000 r--p 00004000 fd:02 26615025 /usr/bin/pstree 00605000-00606000 rw-p 00005000 fd:02 26615025 /usr/bin/pstree 00ad3000-00af4000 rw-p 00000000 00:00 0 [heap] 7f9b038b1000-7f9b038c6000 r-xp 00000000 fd:02 26611358 /lib64/libgcc_s-4.7.0-20120126.so.1 7f9b038c6000-7f9b03ac5000 ---p 00015000 fd:02 26611358 /lib64/libgcc_s-4.7.0-20120126.so.1 7f9b03ac5000-7f9b03ac6000 rw-p 00014000 fd:02 26611358 /lib64/libgcc_s-4.7.0-20120126.so.1 7f9b03ac6000-7f9b09ef0000 r--p 00000000 fd:02 3675213 /usr/lib/locale/locale-archive 7f9b09ef0000-7f9b09ef3000 r-xp 00000000 fd:02 26611185 /lib64/libdl-2.15.so 7f9b09ef3000-7f9b0a0f2000 ---p 00003000 fd:02 26611185 /lib64/libdl-2.15.so 7f9b0a0f2000-7f9b0a0f3000 r--p 00002000 fd:02 26611185 /lib64/libdl-2.15.so 7f9b0a0f3000-7f9b0a0f4000 rw-p 00003000 fd:02 26611185 /lib64/libdl-2.15.so 7f9b0a0f4000-7f9b0a29e000 r-xp 00000000 fd:02 26611315 /lib64/libc-2.15.so 7f9b0a29e000-7f9b0a49e000 ---p 001aa000 fd:02 26611315 /lib64/libc-2.15.so 7f9b0a49e000-7f9b0a4a2000 r--p 001aa000 fd:02 26611315 /lib64/libc-2.15.so 7f9b0a4a2000-7f9b0a4a4000 rw-p 001ae000 fd:02 26611315 /lib64/libc-2.15.so 7f9b0a4a4000-7f9b0a4a9000 rw-p 00000000 00:00 0 7f9b0a4a9000-7f9b0a4c6000 r-xp 00000000 fd:02 26611285 /lib64/libselinux.so.1 7f9b0a4c6000-7f9b0a6c6000 ---p 0001d000 fd:02 26611285 /lib64/libselinux.so.1 7f9b0a6c6000-7f9b0a6c7000 r--p 0001d000 fd:02 26611285 /lib64/libselinux.so.1 7f9b0a6c7000-7f9b0a6c8000 rw-p 0001e000 fd:02 26611285 /lib64/libselinux.so.1 7f9b0a6c8000-7f9b0a6c9000 rw-p 00000000 00:00 0 7f9b0a6c9000-7f9b0a6ec000 r-xp 00000000 fd:02 26611243 /lib64/libtinfo.so.5.9 7f9b0a6ec000-7f9b0a8eb000 ---p 00023000 fd:02 26611243 /lib64/libtinfo.so.5.9 7f9b0a8eb000-7f9b0a8ef000 r--p 00022000 fd:02 26611243 /lib64/libtinfo.so.5.9 7f9b0a8ef000-7f9b0a8f0000 rw-p 00026000 fd:02 26611243 /lib64/libtinfo.so.5.9 7f9b0a8f0000-7f9b0a910000 r-xp 00000000 fd:02 26610987 /lib64/ld-2.15.so 7f9b0aaf0000-7f9b0aaf4000 rw-p 00000000 00:00 0 7f9b0ab0c000-7f9b0ab0f000 rw-p 00000000 00:00 0 7f9b0ab0f000-7f9b0ab10000 r--p 0001f000 fd:02 26610987 /lib64/ld-2.15.so 7f9b0ab10000-7f9b0ab11000 rw-p 00020000 fd:02 26610987 /lib64/ld-2.15.so 7f9b0ab11000-7f9b0ab12000 rw-p 00000000 00:00 0 7fffbd948000-7fffbd969000 rw-p 00000000 00:00 0 [stack] 7fffbd9ff000-7fffbda00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) Expected results: process tree
backtrace from gdb: Program received signal SIGABRT, Aborted. 0x00007ffff76168d5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) bt #0 0x00007ffff76168d5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff7618088 in __GI_abort () at abort.c:91 #2 0x00007ffff7654fab in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff7756a60 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 #3 0x00007ffff76e8ba7 in __GI___fortify_fail ( msg=msg@entry=0x7ffff7756a06 "buffer overflow detected") at fortify_fail.c:32 #4 0x00007ffff76e6d60 in __GI___chk_fail () at chk_fail.c:29 #5 0x0000000000402f7b in strcpy (__src=0x6107b0 "{nepomukservices}", __dest=0x6107d0 "{nepomukservices}") at /usr/include/bits/string3.h:105 #6 new_proc (comm=0x6107b0 "{nepomukservices}", pid=554, uid=1000, scontext=0x0) at pstree.c:267 #7 0x000000000040318b in add_proc ( comm=comm@entry=0x6107b0 "{nepomukservices}", pid=554, ppid=ppid@entry=270, uid=1000, args=args@entry=0x0, size=size@entry=0, isthread=1 '\001', isthread@entry=64 '@', scontext=0x0) at pstree.c:350 #8 0x0000000000401f67 in read_proc () at pstree.c:695 #9 main (argc=<optimized out>, argv=<optimized out>) at pstree.c:990
Not only x86_64 specific.
Created attachment 565723 [details] proposal patch Apparently strcpy does not check the size of comm.
*** Bug 797271 has been marked as a duplicate of this bug. ***
The attached patch seems to have already applied in the newly released 22.16.
When might we see this in rawhide?
Any chance of a fix for this in Rawhide and/or Fedora 17 updates-testing?
Any chance that this bug gets fixed in F-17? Currently psmisc on F-17 is completely unusable.
Hello guys. Sorry for the delay. I updated rawhide to 22.16 on Monday. This version fixes the issue. You can give it some positive karma if it works for you in f17 and/or f16 to speed the introduction up. Regards, Jaromir.
psmisc-22.16-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/psmisc-22.16-1.fc16
psmisc-22.16-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/psmisc-22.16-1.fc17
Working again now in rawhide. Thanks.
Package psmisc-22.16-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing psmisc-22.16-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-3851/psmisc-22.16-1.fc17 then log in and leave karma (feedback).
It crashes when run. backtrace_rating: 4 Package: psmisc-22.15-1.fc17 OS Release: Fedora release 17 (Beefy Miracle)
Created attachment 571239 [details] File: backtrace
Try the update (comment 13).
psmisc-22.16-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
psmisc-22.16-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 812459 has been marked as a duplicate of this bug. ***