[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.

From: Gareth Armstrong
Subject: Re: [bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3 on Rhel 5
Date: Tue, 10 Jun 2008 12:41:17 +0200
User-agent: Thunderbird (X11/20080501)

Hello Richard,

this mail never seems to have made it to back to the list.  My apologies for the delay.

All the best,


Gareth Armstrong wrote:
Hello Richard,

sorry for not getting back sooner.  Here is a stack trace of autogsdoc
(gnustep-base 1.14.3 with libffi 3.0.5) with gdb on a Fedora 8 x86_64
platform.  I will get back to you with the same for Rhel5 i386 and
x86_64 soon.  Hope this helps.  Many thanks for your time.

All the best,


address@hidden ~/WORK/OCEK/gnustep
$ gdb autogsdoc
GNU gdb Red Hat Linux (6.6-45.fc8rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
Using host libthread_db library "/lib64/libthread_db.so.1".
(gdb) run
Starting program: /usr/bin/autogsdoc
[Thread debugging using libthread_db enabled]
[New Thread 46912503108672 (LWP 26312)]
*** buffer overflow detected ***: /usr/bin/autogsdoc terminated
======= Backtrace: =========
======= Memory map: ========
00400000-0042f000 r-xp 00000000 fd:00 2260078
0062e000-0063f000 rw-p 0002e000 fd:00 2260078
0063f000-006ff000 rw-p 0063f000 00:00 0
3048000000-3048018000 r-xp 00000000 fd:00 2274322
3048018000-3048217000 ---p 00018000 fd:00 2274322
3048217000-304821a000 rw-p 00017000 fd:00 2274322
304821a000-304821c000 rw-p 304821a000 00:00 0
3584200000-3584336000 r-xp 00000000 fd:00 2291318
3584336000-3584535000 ---p 00136000 fd:00 2291318
3584535000-358453e000 rw-p 00135000 fd:00 2291318
358453e000-3584540000 rw-p 358453e000 00:00 0
3937600000-393761b000 r-xp 00000000 fd:00 458596
393781a000-393781b000 r--p 0001a000 fd:00 458596
393781b000-393781c000 rw-p 0001b000 fd:00 458596
3938800000-393894d000 r-xp 00000000 fd:00 459998
393894d000-3938b4d000 ---p 0014d000 fd:00 459998
3938b4d000-3938b51000 r--p 0014d000 fd:00 459998
3938b51000-3938b52000 rw-p 00151000 fd:00 459998
3938b52000-3938b57000 rw-p 3938b52000 00:00 0
3938c00000-3938c82000 r-xp 00000000 fd:00 459999
3938c82000-3938e81000 ---p 00082000 fd:00 459999
3938e81000-3938e82000 r--p 00081000 fd:00 459999
3938e82000-3938e83000 rw-p 00082000 fd:00 459999
3939000000-3939002000 r-xp 00000000 fd:00 460000
3939002000-3939202000 ---p 00002000 fd:00 460000
3939202000-3939203000 r--p 00002000 fd:00 460000
3939203000-3939204000 rw-p 00003000 fd:00 460000
3939400000-3939416000 r-xp 00000000 fd:00 459576
3939416000-3939615000 ---p 00016000 fd:00 459576
3939615000-3939616000 r--p 00015000 fd:00 459576
3939616000-3939617000 rw-p 00016000 fd:00 459576
3939617000-393961b000 rw-p 3939617000 00:00 0
3939800000-3939814000 r-xp 00000000 fd:00 460004
3939814000-3939a13000 ---p 00014000 fd:00 460004
3939a13000-3939a14000 rw-p 00013000 fd:00 460004
393e800000-393e80d000 r-xp 00000000 fd:00 460007
393e80d000-393ea0d000 ---p 0000d000 fd:00 460007
393ea0d000-393ea0e000 rw-p 0000d000 fd:00 460007
3acf600000-3acf636000 r-xp 00000000 fd:00 2277944
3acf636000-3acf835000 ---p 00036000 fd:00 2277944
3acf835000-3acf837000 rw-p 00035000 fd:00 2277944
3da0c00000-3da0c3f000 r-xp 00000000 fd:00 2286649
3da0c3f000-3da0e3e000 ---p 0003f000 fd:00 2286649
3da0e3e000-3da0e3f000 rw-p 0003e000 fd:00 2286649
3db6c00000-3db6c07000 r-xp 00000000 fd:00 2290109
3db6c07000-3db6e06000 ---p 00007000 fd:00 2290109
3db6e06000-3db6e07000 rw-p 00006000 fd:00 2290109
2aaaaaaab000-2aaaaaaad000 rw-p 2aaaaaaab000 00:00 0
2aaaaaaad000-2aaaaae59000 r-xp 00000000 fd:00 2278865
2aaaaae59000-2aaaab058000 ---p 003ac000 fd:00 2278865
2aaaab058000-2aaaab11e000 rw-p 003ab000 fd:00 2278865
2aaaab11e000-2aaaab120000 rw-p 2aaaab11e000 00:00 0
2aaaab151000-2aaaab156000 rw-p 2aaaab151000 00:00 0
2aaaab156000-2aaaafbb0000 r--p 00000000 fd:00 2262156
2aaaafbb0000-2aaaafbb7000 r--s 00000000 fd:00 2357256
Program received signal SIGABRT, Aborted.
[Switching to Thread 46912503108672 (LWP 26312)]
0x0000003938830ec5 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Current language:  auto; currently c
(gdb) bt
#0  0x0000003938830ec5 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003938832970 in abort () at abort.c:88
#2  0x000000393886b0db in __libc_message (do_abort=2,
    fmt=0x3938921ef0 "*** %s ***: %s terminated\n") at
#3  0x00000039388ea362 in __fortify_fail (msg=0x3938921ebf "buffer
overflow detected")
    at fortify_fail.c:32
#4  0x00000039388e8a90 in __chk_fail () at chk_fail.c:29
#5  0x00000039388e90bb in __realpath_chk (buf=0x66c8 <Address 0x66c8 out
of bounds>,
    resolved=0x66c8 <Address 0x66c8 out of bounds>, resolvedlen=6) at
#6  0x00002aaaaacd96af in -[NSString stringByResolvingSymlinksInPath]
    _cmd=<value optimized out>) at /usr/include/bits/stdlib.h:46
#7  0x00002aaaaaca0217 in GNUstepConfig (newConfig=0x0) at
#8  0x00002aaaaac9c35b in InitialisePathUtilities () at
#9  0x00002aaaaaca040c in GSDefaultsRootForUser (userName=0x66c8) at
#10 0x00002aaaaad004c5 in -[NSUserDefaults initWithUser:]
(self=0x6cb070, _cmd=0x66c8,
    userName=0x6) at NSUserDefaults.m:761
#11 0x00002aaaaad041db in +[NSUserDefaults standardUserDefaults]
    _cmd=0x62f790) at NSUserDefaults.m:463
#12 0x00000000004018dd in main (argc=<value optimized out>, argv=<value
optimized out>,
    env=<value optimized out>) at autogsdoc.m:724

Richard Frith-Macdonald wrote:
Update of bug #23029 (project gnustep):

                  Status:                    None => Need Info


Follow-up Comment #1:

I can't reproduce this buffer overrun under efence or valgrind .(I don't have
a selinux system), but perhaps some specific setup on your system is causing
the problem.

Not having the same system as you, the stack addresses mean nothing...

Please could you examine a core dump of the process under gdb and obtain a
stack trace with symbolic information (function/method name and source code
line numbers) so that we can see where the problem is occurring.




 HP OpenCall Software TESS HW/OS Team
 Email  : address@hidden
 Phone  : +33 (0)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]