384493 – dev-lang/R-2.13.1-r1 reports stack smashing attacks during build

Bug 384493 - dev-lang/R-2.13.1-r1 reports stack smashing attacks during build

Summary: dev-lang/R-2.13.1-r1 reports stack smashing attacks during build

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Science Mathematics related packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-26 01:56 UTC by Howard B. Golden
Modified:	2012-01-02 19:59 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Build log (R-build.log,164.26 KB, text/plain) 2011-09-26 01:56 UTC, Howard B. Golden	Details
emerge --info and emerge -qpv (R-info.txt,7.50 KB, text/plain) 2011-09-26 02:03 UTC, Howard B. Golden	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Howard B. Golden 2011-09-26 01:56:37 UTC

Created attachment 287745 [details]
Build log

See the attached build log which shows several stack smashing attacks when built with a hardened toolchain.

Comment 1 Howard B. Golden 2011-09-26 02:03:07 UTC

Created attachment 287747 [details]
emerge --info and emerge -qpv

Add emerge --info and emerge -qpv as attachment.

Comment 2 Attila Tóth 2011-10-06 05:46:27 UTC

I'd like to confirm this bug as well.

"
i686-pc-linux-gnu-gcc -std=gnu99 -I/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/include  -I/usr/local/include    -fpic  -O2 -march=i686 -mtune=athlon-mp -pipe -c survregc1.c -o survregc1.o
i686-pc-linux-gnu-gcc -std=gnu99 -I/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/include  -I/usr/local/include    -fpic  -O2 -march=i686 -mtune=athlon-mp -pipe -c survregc2.c -o survregc2.o
i686-pc-linux-gnu-gcc -std=gnu99 -shared -Wl,-O1 -Wl,--as-needed -o survival.so agexact.o agfit3.o agfit5.o agmart.o agmart2.o agscore.o agsurv3.o agsurv4.o agsurv5.o chinv2.o chinv3.o cholesky2.o cholesky3.o chsolve2.o chsolve3.o concordance1.o cox_Rcallback.o coxcount1.o coxdetail.o coxfit2.o coxfit5.o coxmart.o coxph_wtest.o coxsafe.o coxscho.o coxscore.o dmatrix.o doloop.o pyears1.o pyears2.o pyears3.o pystep.o survConcordance.o survdiff2.o survfit4.o survpenal.o survreg6.o survreg7.o survregc1.o survregc2.o -L/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/lib -lR
make[3]: Leaving directory `/var/tmp/portage/dev-lang/R-2.13.1-r1/temp/Rtmpp66xYV/R.INSTALL4546b921/survival/src'
installing to /var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/library/survival/libs
** R
** data
**  moving datasets to lazyload DB
** inst
** preparing package for lazy loading
** help
*** stack smashing detected ***: R - terminated
R: stack smashing attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/bin/INSTALL: line 34:  1448 Done                    echo 'tools:::.install_packages()'
      1449 Killed                  | R_DEFAULT_PACKAGES= LC_COLLATE=C "${R_HOME}/bin/R" $myArgs --slave --args ${args}
make[2]: *** [survival.ts] Error 1
make[2]: Leaving directory `/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/src/library/Recommended'
make[1]: *** [recommended-packages] Error 2
make[1]: Leaving directory `/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/src/library/Recommended'
make: *** [stamp-recommended] Error 2
"

OMZG

Comment 3 Howard B. Golden 2011-10-06 07:45:39 UTC

Please see the R Bugzilla:

http://bugs.r-project.org/bugzilla3/show_bug.cgi?id=14627

This describes stack smashing (due to a bug). It's possibly related to this bug, but I'm not sure. Upstream reports that this is fixed in R-2.14 (in development).

Comment 4 Sébastien Fabbro (RETIRED) gentoo-dev

2012-01-02 19:59:19 UTC

R-2.14.1 in cvs fixes it. Affected versions gone.