Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 546928 - sys-apps/iproute2-4.0.0 tc command gives "buffer overflow detected" message when using "show" argument
Summary: sys-apps/iproute2-4.0.0 tc command gives "buffer overflow detected" message ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL: http://git.kernel.org/cgit/linux/kern...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-17 18:20 UTC by jamesrutledge
Modified: 2015-04-20 21:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jamesrutledge 2015-04-17 18:20:21 UTC
BAD RESULT FROM NEW tc VERSION BELOW:
#Using sys-apps/iproute2-4.0.0
#with linux-headers 4.0
## and Manually downloaded and compiled  Linux Kernel 4.0
##
## executed command: tc -s qdisc show dev enp4s0
## output from executed command:
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 91 direct_qlen 256
 Sent 1298658 bytes 9576 pkt (dropped 4, overlimits 1951 requeues 0)
 backlog 0b 0p requeues 0
*** buffer overflow detected ***: tc terminated; report to <http://bugs.gentoo.org/>
Killed
#------------
This problem does not occur with sys-apps/iproute2-3.19.0

Below is output of emerge --info

#------------Portage 2.2.14 (python 2.7.9-final-0, hardened/linux/amd64/no-multilib, gcc-4.9.2, glibc-2.20-r2, 4.0.0 x86_64)
=================================================================
System uname: Linux-4.0.0-x86_64-Intel-R-_Core-TM-2_Duo_CPU_E8400_@_3.00GHz-with-gentoo-2.2
KiB Mem:     8166920 total,   6674944 free
KiB Swap:    4194300 total,   4194300 free
Timestamp of tree: Fri, 17 Apr 2015 03:45:01 +0000
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.3_p33-r2
dev-lang/perl:            5.20.2
dev-lang/python:          2.7.9-r1, 3.3.5-r1, 3.4.3
dev-util/cmake:           2.8.12.2-r1
dev-util/pkgconfig:       0.28-r2
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.13.11
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6-r1, 1.13.4, 1.14.1
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.9.2
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.6
sys-devel/make:           4.1-r1
sys-kernel/linux-headers: 4.0 (virtual/os-headers)
sys-libs/glibc:           2.20-r2
Repositories: gentoo
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -mfpmath=sse -pipe -fno-delete-null-pointer-checks -fno-builtin-memcmp -fomit-frame-pointer -fno-var-tracking-assignments -fstack-protector-strong"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/init.d /etc/portage /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -mfpmath=sse -pipe -fno-delete-null-pointer-checks -fno-builtin-memcmp -fomit-frame-pointer -fno-var-tracking-assignments -fstack-protector-strong"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg cgroup clean-logs compress-build-logs config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms strict suidctl unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://gentoo.cites.uiuc.edu/pub/gentoo/ ftp://ftp.gtlib.gatech.edu/pub/gentoo ftp://mirror.iawnet.sandia.gov/pub/gentoo/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/var/cache/portage"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
USE="X Xaw3d aalib acl alsa amd64 amr apng assistant atmo audio auto-hinter bash-completion berkdb bluray boehm-gc branding bzip2 cairo caps cdda cdio celt cli clvm cman cracklib crypt cups curl cxx dbus deprecated dirac dlz dri dri3 dshow dynamic ecore egl evas exif expat extra faac ffmpeg flac fontconfig fribidi g3dvl gallium gdbm gdu gif glamor gles gles2 glib glut gmp gstreamer gtk gudev harden hardened harfbuzz havege hpcups hpijs html hwdb iconv icu imlib2 ipc iproute2 jadetex jpeg jpeg2k justify keymap kmod kpathsea latex latex3 lcms libav libffi libkms live llvm llvm-shared-libs lock lua lua52compat luatex mad matroska mbox mime minizip mmx mmxext modules mp4 mpg123 mplayer mudflap ncurses network network-cron nls nptl nsplugin numpy ogg openal openmp openssl osmesa pam pango pcf pcre pep8 perl physics pic pixman png postfix postgres postscript ppds pyflakes python qt4 r600-llvm-compiler readline rfc3779 rpc rtmp sasl scanner schroedinger scim secure-delete session shared-glapi shine sndfile speex spell sqlite sse sse2 sse3 sse4 sse4_1 ssl ssse3 stream svg system-cairo system-jpeg system-sqlite tcl tcpd theora threads tiff tk tls truetype twolame udev unicode unlock-notify urandom usb uudeview v4l v4l2 vdpau vim vlc vlm vorbis vpx wav wavpack webm wma-fixed xa xanim xattr xcomposite xetex xim xkb xml xorg xpm xrandr xtpax xv xvfb xvid xwayland zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 sse4_1 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="radeon r600" XFCE_PLUGINS="menu trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON



Reproducible: Always

Steps to Reproduce:
1.execute command:  
2.tc -s qdisc show dev enp4s0
3.(Use a proper network device for your system instead of enp4s0)
4. Output will vary depending upon what qdiscs you have on that network device.
Actual Results:  
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 91 direct_qlen 256
 Sent 1298658 bytes 9576 pkt (dropped 4, overlimits 1951 requeues 0)
 backlog 0b 0p requeues 0
*** buffer overflow detected ***: tc terminated; report to <http://bugs.gentoo.org/>
Killed


Expected Results:  
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 131 direct_qlen 256
 Sent 1542528 bytes 11274 pkt (dropped 4, overlimits 2031 requeues 0)
 backlog 0b 0p requeues 0
qdisc pfifo 15: parent 1:11 limit 15p
 Sent 9900 bytes 110 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 16: parent 1:12 limit 1024p flows 1024 quantum 300 target 28.0ms interval 100.0ms ecn
 Sent 1527126 bytes 11033 pkt (dropped 4, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 1514 drop_overlimit 0 new_flow_count 979 ecn_mark 0
  new_flows_len 1 old_flows_len 3
qdisc ingress ffff: parent ffff:fff1 ----------------
 Sent 15078829 bytes 14180 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0


The kernel used was a vanilla kernel 4.0 manually downloaded from kernel.org.

The gcc used is gcc 4.9.2.
 
After Linux Kernel 4.0 was compiled and sys-kernel/linux-headers-4.0 had been installed, I ran emerge -e world.  Then when the new iproute2 became available, I emerged it and found this problem with the tc command.

The tc command seems to work correctly when used to add qdiscs and filters.
Comment 1 Mike Gilbert gentoo-dev 2015-04-19 14:22:59 UTC
It might be helpful if you could get a backtrace from gdb.

https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
Comment 2 jamesrutledge 2015-04-19 17:32:46 UTC
Below are the results from running gdb.
There is no library "linux-vdso.so.1" on my system.

Reading symbols from tc...done.
(gdb) run
Starting program: /sbin/tc -s qdisc show dev enp4s0
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 257 direct_qlen 256
 Sent 3598684 bytes 28190 pkt (dropped 0, overlimits 1868 requeues 0)
 backlog 0b 0p requeues 0
*** buffer overflow detected ***: tc terminated; report to <http://bugs.gentoo.org/>

Program terminated with signal SIGKILL, Killed.
The program no longer exists.
(gdb) bt
No stack.
(gdb) quit
Comment 3 SpanKY gentoo-dev 2015-04-20 06:09:04 UTC
(In reply to jamesrutledge from comment #2)

before you run it, put break points on the exit locations:
(gdb) b assert
(gdb) b __chk_fail
Comment 4 jamesrutledge 2015-04-20 18:35:23 UTC
Adding the break points gave the same result.



Now, I have reduced the CFLAGS in make.conf to be just
     CFLAGE="-march=native -O2 -pipe -mfpmath=sse -pipe"

I have, now, also added "nostrip" to FEATURES.

Now I am in the process of doing an "emerge -e world"

This might make the binaries more "gdb" friendly.
Comment 5 Guillaume Castagnino 2015-04-20 19:07:42 UTC
I think you can stop rebuilding. It’s fixed upstream: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=46679bbbe89699016d31486de7599590d02a5054
Comment 6 SpanKY gentoo-dev 2015-04-20 20:51:23 UTC
should be all set now in the tree; thanks for the report!

Commit message: Add fix from upstream for buffer overflows when running `tc qdisc show`
http://sources.gentoo.org/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch?rev=1.1
http://sources.gentoo.org/sys-apps/iproute2/iproute2-4.0.0-r1.ebuild?rev=1.1
Comment 7 jamesrutledge 2015-04-20 21:07:29 UTC
Thank you!