Bug 839391 - Buffer overflow when attempting to run
Buffer overflow when attempting to run
Status: CLOSED DUPLICATE of bug 833733
Product: Fedora
Classification: Fedora
Component: twinkle (Show other bugs)
17
x86_64 Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-11 15:49 EDT by Bill C. Riemers
Modified: 2013-02-28 03:45 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-14 14:09:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bill C. Riemers 2012-07-11 15:49:30 EDT
Description of problem:

Whenever I try to run winkle I get a buffer overflow.

Version-Release number of selected component (if applicable):

twinkle-1.4.2-17.fc17.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Try and run twinkle
2.
3.
  
Actual results:

$ twinkle
*** buffer overflow detected ***: twinkle terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x394e9097e7]
/lib64/libc.so.6[0x394e9079a0]
/lib64/libccgnu2-1.8.so.0[0x3951028e73]
/lib64/libccgnu2-1.8.so.0(_ZN3ost8IPV4HostC1EPKc+0xa8)[0x39510295f8]
/lib64/libcommoncpp.so.5[0x3952c200e1]
/lib64/ld-linux-x86-64.so.2[0x394e00ee26]
/lib64/ld-linux-x86-64.so.2[0x394e00eee0]
/lib64/ld-linux-x86-64.so.2[0x394e00156a]
======= Memory map: ========
00400000-00714000 r-xp 00000000 fd:02 154810                             /usr/bin/twinkle
00913000-00919000 rw-p 00313000 fd:02 154810                             /usr/bin/twinkle
00b18000-00b66000 rw-p 00318000 fd:02 154810                             /usr/bin/twinkle
023ea000-0240b000 rw-p 00000000 00:00 0                                  [heap]
35f7400000-35f7534000 r-xp 00000000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7534000-35f7734000 ---p 00134000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7734000-35f7735000 r--p 00134000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7735000-35f773a000 rw-p 00135000 fd:02 147262                         /usr/lib64/libX11.so.6.3.0
35f7800000-35f7810000 r-xp 00000000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7810000-35f7a10000 ---p 00010000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7a10000-35f7a11000 r--p 00010000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7a11000-35f7a12000 rw-p 00011000 fd:02 144301                         /usr/lib64/libXext.so.6.4.0
35f7c00000-35f7c09000 r-xp 00000000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f7c09000-35f7e08000 ---p 00009000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f7e08000-35f7e09000 r--p 00008000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f7e09000-35f7e0a000 rw-p 00009000 fd:02 151159                         /usr/lib64/libXrender.so.1.3.0
35f8000000-35f8007000 r-xp 00000000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8007000-35f8206000 ---p 00007000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8206000-35f8207000 r--p 00006000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8207000-35f8208000 rw-p 00007000 fd:02 151208                         /usr/lib64/libXrandr.so.2.2.0
35f8400000-35f8402000 r-xp 00000000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8402000-35f8601000 ---p 00002000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8601000-35f8602000 r--p 00001000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8602000-35f8603000 rw-p 00002000 fd:02 151247                         /usr/lib64/libXinerama.so.1.0.0
35f8800000-35f880e000 r-xp 00000000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f880e000-35f8a0d000 ---p 0000e000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f8a0d000-35f8a0e000 r--p 0000d000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f8a0e000-35f8a0f000 rw-p 0000e000 fd:02 132305                         /usr/lib64/libXi.so.6.1.0
35f8c00000-35f8c05000 r-xp 00000000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f8c05000-35f8e04000 ---p 00005000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f8e04000-35f8e05000 r--p 00004000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f8e05000-35f8e06000 rw-p 00005000 fd:02 151213                         /usr/lib64/libXfixes.so.3.1.0
35f9000000-35f9009000 r-xp 00000000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f9009000-35f9209000 ---p 00009000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f9209000-35f920a000 r--p 00009000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f920a000-35f920b000 rw-p 0000a000 fd:02 151218                         /usr/lib64/libXcursor.so.1.0.2
35f9400000-35f9404000 r-xp 00000000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9404000-35f9603000 ---p 00004000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9603000-35f9604000 r--p 00003000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9604000-35f9605000 rw-p 00004000 fd:02 134637                         /usr/lib64/libuuid.so.1.3.0
35f9800000-35f9914000 r-xp 00000000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35f9914000-35f9b13000 ---p 00114000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35f9b13000-35f9b18000 r--p 00113000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35f9b18000-35f9b1b000 rw-p 00118000 fd:02 146489                         /usr/lib64/libboost_regex.so.1.48.0
35fa800000-35fa807000 r-xp 00000000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35fa807000-35faa06000 ---p 00007000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35faa06000-35faa07000 r--p 00006000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35faa07000-35faa08000 rw-p 00007000 fd:02 147263                         /usr/lib64/libSM.so.6.0.1
35fac00000-35fac27000 r-xp 00000000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fac27000-35fae27000 ---p 00027000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fae27000-35fae29000 r--p 00027000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fae29000-35fae2a000 rw-p 00029000 fd:02 147606                         /usr/lib64/libvcard.so.0.0.0
35fb000000-35fb023000 r-xp 00000000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb023000-35fb223000 ---p 00023000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb223000-35fb226000 r--p 00023000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb226000-35fb227000 rw-p 00026000 fd:02 153049                         /usr/lib64/libkresources.so.1.2.0
35fb400000-35fb4b3000 r-xp 00000000 fd:02 150424                         /usr/lib64/libkabc.so.1.2.0
35fb4b3000-35fb6b3000 ---p 000b3000 fd:02 150424                         /usr/lib64/libkabc.so.1.2.0Aborted

Expected results:

A twinkle window should open.

Additional info:

I have an existing twinkle configuration created in an earlier version of fedora.  I don't know if that information is relevant.  I ran an strace and it still appears to be loading libraries at the time it crashes.   The last library it opens is /lib64/libnss_dns.so.2.  The buffer overflow appears to happen right after it finishes talking to the dns server on 127.0.0.1.

Bill
Comment 1 Kevin Fenzi 2012-07-14 14:09:39 EDT
This looks like another case of bug 833733

*** This bug has been marked as a duplicate of bug 833733 ***
Comment 2 George B. Magklaras 2012-07-24 08:56:48 EDT
I do not think you should close this bug, as the fix on bug 833733 does not work in f17. I am wearing the latest ucommon (Version: 5.2.3 Release: 1.fc17) and I still get the same error as the one above.

$ twinkle
*** buffer overflow detected ***: twinkle terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x32d07097c7]
/lib64/libc.so.6[0x32d0707980]
/lib64/libccgnu2-1.8.so.0(+0x28e73)[0x7fb2cad7be73]
/lib64/libccgnu2-1.8.so.0(_ZN3ost8IPV4HostC1EPKc+0xa8)[0x7fb2cad7c5f8]
/lib64/libcommoncpp.so.5(+0x20091)[0x7fb2ca8ec091]
/lib64/ld-linux-x86-64.so.2[0x32d020ee26]
/lib64/ld-linux-x86-64.so.2[0x32d020eee0]
/lib64/ld-linux-x86-64.so.2[0x32d020156a]
======= Memory map: ========
00400000-00714000 r-xp 00000000 08:01 339321                             /usr/bin/twinkle
00913000-00917000 rw-p 00313000 08:01 339321                             /usr/bin/twinkle
00917000-00919000 rw-p 00000000 00:00 0 
020db000-020fc000 rw-p 00000000 00:00 0                                  [heap]
32d0200000-32d0220000 r-xp 00000000 08:01 262779                         /usr/lib64/ld-2.15.so
32d041f000-32d0420000 r--p 0001f000 08:01 262779                         /usr/lib64/ld-2.15.so
32d0420000-32d0421000 rw-p 00020000 08:01 262779                         /usr/lib64/ld-2.15.so
32d0421000-32d0422000 rw-p 00000000 00:00 0 
32d0600000-32d07ac000 r-xp 00000000 08:01 262812                         /usr/lib64/libc-2.15.so
32d07ac000-32d09ac000 ---p 001ac000 08:01 262812                         /usr/lib64/libc-2.15.so
32d09ac000-32d09b0000 r--p 001ac000 08:01 262812                         /usr/lib64/libc-2.15.so
32d09b0000-32d09b2000 rw-p 001b0000 08:01 262812                         /usr/lib64/libc-2.15.so
32d09b2000-32d09b7000 rw-p 00000000 00:00 0 
32d0a00000-32d0a16000 r-xp 00000000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0a16000-32d0c16000 ---p 00016000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0c16000-32d0c17000 r--p 00016000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0c17000-32d0c18000 rw-p 00017000 08:01 270140                         /usr/lib64/libpthread-2.15.so
32d0c18000-32d0c1c000 rw-p 00000000 00:00 0 
32d0e00000-32d0efa000 r-xp 00000000 08:01 263080                         /usr/lib64/libm-2.15.so
32d0efa000-32d10f9000 ---p 000fa000 08:01 263080                         /usr/lib64/libm-2.15.so
32d10f9000-32d10fa000 r--p 000f9000 08:01 263080                         /usr/lib64/libm-2.15.so
32d10fa000-32d10fb000 rw-p 000fa000 08:01 263080                         /usr/lib64/libm-2.15.so
32d1200000-32d1203000 r-xp 00000000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1203000-32d1402000 ---p 00003000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1402000-32d1403000 r--p 00002000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1403000-32d1404000 rw-p 00003000 08:01 270325                         /usr/lib64/libdl-2.15.so
32d1600000-32d1607000 r-xp 00000000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1607000-32d1806000 ---p 00007000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1806000-32d1807000 r--p 00006000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1807000-32d1808000 rw-p 00007000 08:01 280932                         /usr/lib64/librt-2.15.so
32d1a00000-32d1a17000 r-xp 00000000 08:01 263367                         /usr/lib64/libz.so.1.2.5
32d1a17000-32d1c16000 ---p 00017000 08:01 263367                         /usr/lib64/libz.so.1.2.5
32d1c16000-32d1c17000 rw-p 00016000 08:01 263367                         /usr/lib64/libz.so.1.2.5
32d1e00000-32d1e1a000 r-xp 00000000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d1e1a000-32d2019000 ---p 0001a000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d2019000-32d201a000 r--p 00019000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d201a000-32d201b000 rw-p 0001a000 08:01 297509                         /usr/lib64/libmagic.so.1.0.0
32d2600000-32d2616000 r-xp 00000000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2616000-32d2816000 ---p 00016000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2816000-32d2817000 r--p 00016000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2817000-32d2818000 rw-p 00017000 08:01 270534                         /usr/lib64/libresolv-2.15.so
32d2818000-32d281a000 rw-p 00000000 00:00 0 
32d3600000-32d3615000 r-xp 00000000 08:01 266817                         /usr/lib64/libgcc_s-4.7.0-20120507.so.1
32d3615000-32d3814000 ---p 00015000 08:01 266817                         /usr/lib64/libgcc_s-4.7.0-20120507.so.1
32d3814000-32d3815000 rw-p 00014000 08:01 266817                         /usr/lib64/libgcc_s-4.7.0-20120507.so.1
32d3a00000-32d3a3c000 r-xp 00000000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3a3c000-32d3c3b000 ---p 0003c000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3c3b000-32d3c3d000 r--p 0003b000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3c3d000-32d3c43000 rw-p 0003d000 08:01 277383                         /usr/lib64/libreadline.so.6.2
32d3c43000-32d3c45000 rw-p 00000000 00:00 0 
32d3e00000-32d3e1d000 r-xp 00000000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d3e1d000-32d401c000 ---p 0001d000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d401c000-32d401d000 r--p 0001c000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d401d000-32d401e000 rw-p 0001d000 08:01 281001                         /usr/lib64/libxcb.so.1.1.0
32d4200000-32d4202000 r-xp 00000000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4202000-32d4402000 ---p 00002000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4402000-32d4403000 r--p 00002000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4403000-32d4404000 rw-p 00003000 08:01 280997                         /usr/lib64/libXau.so.6.0.0
32d4600000-32d4601000 r-xp 00000000 08:01 288430                         /usr/lib64/libutempter.so.1.1.5
32d4601000-32d4801000 ---p 00001000 08:01 288430                         /usr/lib64/libutempter.so.1.1.5
32d4801000-32d4802000 rw-p 00001000 08:01 288430                         /usr/lib64/libutempter.so.1.1.5
32d4e00000-32d4e10000 r-xp 00000000 08:01 281068                         /usr/lib64/libXext.so.6.4.0Aborted (core dumped)
Comment 3 Veerloos 2013-02-28 03:45:59 EST
While this is a bug that should be fixed upstream, I found a workaround that allows end users to use twinkle as long as there's not real fix: make sure your hostname can be resolved through dns. Having your hostname listed in /etc/hosts is not enough.

Only if the command "host $(hostname)" gives a valid answer, I can start twinkle. So I fixed this by putting my hostname in my routers DNS server.

Hope this helps you guys. Btw, I'm running FC18.

Note You need to log in before you can comment on or make changes to this bug.