qt-3.3.4-r9 is not affected.

Comment 2 Jakub Moc (RETIRED) 2006-03-25 17:09:31 UTC

*** Bug 127580 has been marked as a duplicate of this bug. ***

Comment 3 Caleb Tennis (RETIRED) 2006-03-27 05:49:15 UTC

I have to defer to the hardened team on what the proper fix for this type of problem is.

(In reply to comment #3)
> I have to defer to the hardened team on what the proper fix for this type of
> problem is.
> 

Any progress?

As a workaround one can compile such packages with a gcc compiler not using stack smashing protection. This can be done by first switching the compiler with gcc-config.

There are some other packages which have stack smashing issues. Wine for example. Some components of xorg on the other hand do not allow emerging when "gcc specs" is set to other than vanilla.

Comment 5 Caleb Tennis (RETIRED) 2006-05-13 04:19:27 UTC

The mail I have from Trolltech says that they are "investigating further".

It's got issue #N114641 if that's helpful

Comment 6 Kevin F. Quinn (RETIRED) 2006-05-13 05:58:26 UTC

(In reply to comment #4)
> As a workaround one can compile such packages with a gcc compiler not using
> stack smashing protection. This can be done by first switching the compiler
> with gcc-config.

That's not a work-around, it's just hiding the issue.  It's possible that the problem is due to a mis-compilation as a result of using the stack protector, but until you can demonstrate that you must assume that qt has a buffer overflow.

We do now have two independent SSP implementations; the one we know best in the gcc-3.x series and the new one in gcc-4.1 and beyond written by people at RedHat, so one way to see if it might be a 3.x SSP compiler bug is to try it with gcc 4.x, and see if you get the same errors.  Switch to the 4.1.0 compiler, add '-fstack-protector-all' to your CFLAGS and emerge qt.  Don't forget to remove the '-fstack-protector-all' from CFLAGS afterwards, or you'll get into all sorts of trouble.  Also don't forget to switch your compiler back to the hardened 3.x version as the 4.x series are not hardened at all.

> There are some other packages which have stack smashing issues. Wine for
> example. Some components of xorg on the other hand do not allow emerging when
> "gcc specs" is set to other than vanilla.

For information:

wine doesn't use the linux loader, so can't support SSP without additional code, and it's of limited value there since most code run under wine is binary-only.

Xorg is a special case, and the xorg issue is about lazy binding and has nothing to do with SSP (bug #110506)

In general, bailing and asking the user to switch to a vanilla compiler is not a good way to deal with things - from hardened's perspective it's better to mask the package versions that fail in the hardened profile.

I think I have the same problem with an Athlon XP 2100+ and Intel(R) Pentium(R) III Mobile CPU 1200MHz in KDE: kcontrol / screensavers 
(both machines with gcc (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9)).

kdebase without OpenGL:
-----------------------
$kcontrol
$kblankscrn.kss: stack smashing attack in function virtual void QWidget::create(WId, bool, bool)()

kdebase with OpenGL:
--------------------
$kcontrol
$kcontrol: stack smashing attack in function virtual void QWidget::create(WId, bool, bool)()


Gentoo Base System version 1.6.14
Portage 2.0.54-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r3, 2.6.16-gentoo-r7 i686)
=================================================================
System uname: 2.6.16-gentoo-r7 i686 Intel(R) Pentium(R) III Mobile CPU      1200MHz
dev-lang/python:     2.3.5-r2, 2.4.2
dev-python/pycrypto: [Not Present]
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=pentium3 -mfpmath=sse -msse -mmmx -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/lib/mozilla/defa
ults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/con
fig/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -pipe -march=pentium3 -mfpmath=sse -msse -mmmx -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/ ftp://194.117.143.71/mirrors/gentoo ftp://ftp-stud.fht-esslingen.d
e/pub/Mirrors/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/"
LANG="de_DE.utf8"
LC_ALL="de_DE.utf8"
LINGUAS="de en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 7zip X Xaw3d a52 aac aalib acpi acpi4linux alsa arts artworkextra asm auctex audiofile avi bigger-fonts binfilter b
itmap-fonts bluetooth bonobo cairo caps cdda cddb cdio cdparanoia cdr chroot cli codecs crypt cups dbus dga dhcp divx4linux
dlloader doc dts dv dvb dvd dvdr dvdread edl encode erandom esd evo evo2 exif extraicons faad fame ffmpeg firefox flac font-
server fortran ftp gd ggi gif gimp gimpprint gnokii gnome gnomedb gnuplot gnutls gphoto2 gpm gps gs gsl gsm gstreamer gtk gt
k2 gtkhtml hardened hardenedphp haskell hbci html i8x0 ieee1394 imagemagick imap imlib imlib2 irda irmc jack jack-tmpfs java
 javascript jp2 jpeg jpeg2k kde kdepim kipi koffice-plugin lcd lcms ldap libcaca libwww linuxthreads-tls lirc live lm_sensor
s logitech-mouse logrotate lzo mad maildir makecheck matroska mbox md5sum mikmod mime mimencode mixer mjpeg mmx mmx2 mmxext
mng motif mozilla mp3 mpeg mpeg2 mpeg4 mplayer mppe-mppc mythtv nas ncurses nls nptl ogg oggvorbis openexr opengl opie oss p
ccts pcre pdf pdfkit pdflib perl pic pie png pnp portaudio ppds python qt qt-static quicktime rdesktop readline real reiser4
 reiserfs rrdtool rtc sasl scanner sdk sdl session slang smime sndfile sox speex spell sse ssl stream svg sysfs syslog tcltk
 tetex tga theora tiff truetype truetype-fonts type1 type1-fonts unicode usb utf8 v4l v4l2 vcd vcdimager video_cards_ati vid
eos vidix vim visualization vorbis wifi win32codecs wma123 wmf wxwindows xanim xcomposite xine xinerama xml xml2 xmms xosd x
pm xprint xv xvid xvmc zeroconf zlib zvbi video_cards_radeon linguas_de linguas_en userland_GNU kernel_linux elibc_glibc"
Unset:  CTARGET, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY

I have this exact same problem on both my laptop and my desktop now that I just upgraded both. Luckily, I haven't tried to reboot my desktop, because I rebooted the laptop and can't even start KDE. KDM kinda sorta crashes (it gives all indications of crashing, but the process is still there), and after re-emerging half my system, I just found from /var/log/kdm.log that I am getting the exact same error as the original poster, only originating from kdm_greet. I'm using qt-3.3.6-r1 on both computers. I really wish more stuff would be tested better with hardened Gentoo, before it's marked stable and you install it and it just doesn't work.

Is bug #133301 a duplicate of this one?

Here's the info from my desktop (I'm not going to type in all the info from my laptop):

Portage 2.0.54-r2 (default-linux/amd64/2005.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.15-gentoo-r1 x86_64)
=================================================================
System uname: 2.6.15-gentoo-r1 x86_64 AMD Opteron(tm) Processor 246
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron -O3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=opteron -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 X Xaw3d a52 aac aalib accessibility acl acpi adns aim alsa apache2 arts audiofile avi bash-completion bcmath berkdb bidi bitmap-fonts bluetooth bonobo bzip2 bzlib calendar canna cdb cdparanoia cdr chasen cjk cli crypt cscope ctype cups curl curlwrappers db2 dba dbase dbm dbx dedicated dga dio directfb divx4linux doc dri dts dv dvb dvd dvdr dvdread eds emacs emacs-w3 emboss emul-linux-x86 encode esd ethereal evo examples exif expat fam fastcgi fbcon ffmpeg flac flash flatfile foomaticdb fortran freetds freewnn ftp gb gcj gd gdbm geoip ggi gif ginac glut gmp gnome gnustep gnutls gphoto2 gpm gps gstreamer gtk gtk2 gtkhtml guile hal hardened hardenedphp howl hyperwave-api iconv icq idn imagemagick imap imlib inifile innodb interbase iodbc ipv6 isdnlog jabber jack javascript joystick jpeg kde kdeenablefinal kerberos krb4 ladcca lcms ldap leim libcaca libg++ libgda libwww lirc lm_sensors lua lzw lzw-tiff m17n-lib mad maildir mailwrapper matroska mbox mcal mcve memlimit mhash migemo mikmod milter mime ming mmap mng mnogosearch motif mozilla mp3 mpeg mpi msession msql mssql mule mysql mysqli nas ncurses neXt netcdf nis nls nocd nptl oci8 odbc offensive ofx ogg openal opengl oracle oracle7 osc oscar oss ovrimos pam pcntl pcre pda pdflib perl php plotutils png portaudio posix postgres ppds pppd prelude python qdbm qt quicktime readline recode reflection ruby samba sapdb sasl scanner sdl session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile snmp soap sockets socks5 source sox speex spell spl sqlite ssl svg symlink sysvipc szip tcltk tcpd tetex theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts udev unicode usb v4l vcd vhosts videos vorbis wddx wifi wmf wxwindows xface xine xml xml2 xmlrpc xmms xorg xosd xpm xprint xsl xv xvid yahoo yaz zeo zlib userland_GNU kernel_linux elibc_glibc"
Unset:  CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY

Comment 9 Kevin F. Quinn (RETIRED) 2006-06-05 22:53:58 UTC

(In reply to comment #8)
> I really wish more stuff
> would be tested better with hardened Gentoo, before it's marked stable and you
> install it and it just doesn't work.

If you want to help out, that'd be great.  We don't (and won't) have a stable marking for hardened; we'd need separate markers for each arch and it would clutter the keywords far too much, especially as the vast majority of the time there's no problem.  Also this problem may actually be a compiler issue that also exists on non-hardened, but is just not fatal there (although behaviour may be incorrect).

If you want to get your desktop up and running, try backing out qt to the previous version (3.3.4-r9).

> Is bug #133301 a duplicate of this one?

W.r.t the QPainter::setWorldMatrix issue; don't know at the moment, because I can't reproduce it.  Probably amd64 specific.

w.r.t. the QWidget::create issue, see bug #133301 - you could try the patch on there and see if it makes any difference for you.

(In reply to comment #9)
> If you want to get your desktop up and running, try backing out qt to the
> previous version (3.3.4-r9).

Line
>=x11-libs/qt-3.3.6-r1
in /etc/portage/package.mask and re-emerging qt have fixed the problem for now. 
The previous stable version (on AMD64) is qt-3.3.4-r8.

> W.r.t the QPainter::setWorldMatrix issue; don't know at the moment, because I
> can't reproduce it.  Probably amd64 specific.

All programs using qt-3.3.6 I've tested ended with smashing attack in QPainter::setWorldMatrix(). Backtrace in gdb doesn't help much to understand where the real problem is.

I don't really know, if this is related, but for some time I have an issue with kwin (apparantly) randomly crashing due to a segmentation fault. According to the backtrace, that happens in QPainter::drawTiledPixmap.
I am using hardened profile + hardened kernel + hardened gcc. (For getting the backtrace, qt, kdelibs, kdebase were compiled with i686-pc-linux-gnu-3.4.6-hardenednopie).
I observed this in qt-3.3.4-r8 and qt-3.3.6-r1 with kdelibs-3.5.2-r6 and kdebase-3.5.2-r1 as well as kdelibs-3.4.3-r1 and kdebase-3.4.3-r1.
If you think, I should report this as a separate bug, I am happy to do so, but I thought, it may be related.

I have some difficulties to reproduce this issue, it happens now and then, about once per day, often shortly after the first kde session is started, but I will try to trigger it a few times and look if there are differences.  Additionally I am planning to compile qt with a vanilla gcc for comparison. If you are interested, I will post my observations here or anywhere else.

In grsec.log the event is logged as:
Jun  7 17:42:12 quark grsec: signal 11 sent to /usr/kde/3.5/bin/kdeinit[kwin:12596] uid/euid:1000/1000 gid/egid:100/100, parent /usr/kde/3.5/bin/kdeinit[kdeinit:28043] uid/euid:1000/1000 gid/egid:100/100

The backtrace I got is:
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 1290602160 (LWP 12596)]
0x4eeb3802 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#0  0x4eeb3802 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x4cf5d120 in nanosleep () from /lib/libc.so.6
#2  0x4cf5cf50 in sleep () from /lib/libc.so.6
#3  0x4e336ecc in KCrash::startDrKonqi (argv=0x5bdfad90, argc=18)
    at kcrash.cpp:311
#4  0x4e371780 in KCrash::defaultCrashHandler (sig=11) at kcrash.cpp:228
#5  0x4cefc888 in killpg () from /lib/libc.so.6
#6  0x4d720995 in QPainter::drawTiledPixmap (this=0x5bdfb370, x=0, y=0, w=0,
    h=0, pixmap=@0x8294028, sx=0, sy=0) at qpainter_x11.cpp:2849
#7  0x4cc12762 in QPainter::drawTiledPixmap (this=0x5bdfb370, r=@0x5bdfb360,
    pm=@0x8294028) at qpainter.h:664
#8  0x4cc0e766 in KWinPlastik::PlastikClient::captionPixmap (this=0x827b8b8)
    at plastikclient.cpp:491
#9  0x4cc0ec7d in KWinPlastik::PlastikClient::captionRect (this=0x827b8b8)
    at plastikclient.cpp:381
#10 0x4cc0efb9 in KWinPlastik::PlastikClient::updateCaption (this=0x827b8b8)
    at plastikclient.cpp:426
#11 0x4ccb48e1 in KCommonDecoration::init (this=0x827b8b8)
    at kcommondecoration.cpp:124
#12 0x4cc0947c in KWinPlastik::PlastikClient::init (this=0x827b8b8)
    at plastikclient.cpp:197
#13 0x4cd3dc7e in KWinInternal::Client::updateDecoration (this=0x827c2c8,
    check_workspace_pos=false, force=false) at client.cpp:276
#14 0x4cd54db2 in KWinInternal::Client::manage (this=0x827c2c8, w=44040201,
    isMapped=false) at manage.cpp:296
#15 0x4cd5b64c in KWinInternal::Workspace::createClient (this=0x81a8e40,
    w=4294966780, is_mapped=false) at workspace.cpp:477
#16 0x4cd5bf2b in KWinInternal::Workspace::workspaceEvent (this=0x81a8e40,
    e=0x5bdfbf80) at events.cpp:360
#17 0x4cd5c01c in KWinInternal::Application::x11EventFilter (this=0x5bdfc200,
    e=0x5bdfbf80) at main.cpp:154
#18 0x4d6c9fc8 in qt_x11EventFilter (ev=0x5bdfbf80)
    at qapplication_x11.cpp:386
#19 0x4d6d6974 in QApplication::x11ProcessEvent (this=0x5bdfc200,
    event=0x5bdfbf80) at qapplication_x11.cpp:3308
#20 0x4d700776 in QEventLoop::processEvents (this=0x816cb20, flags=4)
    at qeventloop_x11.cpp:192
#21 0x4d79a710 in QEventLoop::enterLoop (this=0x816cb20) at qeventloop.cpp:198
#22 0x4d79a5b3 in QEventLoop::exec (this=0x816cb20) at qeventloop.cpp:145
#23 0x4d77d794 in QApplication::exec (this=0x5bdfc200)
    at qapplication.cpp:2758
#24 0x4cd5da55 in kdemain (argc=3, argv=0x8142fb0) at main.cpp:282
#25 0x4cda0834 in kdeinitmain (argc=-516, argv=0xfffffdfc) at kwin_dummy.cpp:3
#26 0x0804fe53 in launch (argc=3, _name=0x81426d4 "kwin", args=0x814271a "",
    cwd=0x0, envc=0, envs=0x814271e "", reset_env=false, tty=0x0,
    avoid_loops=false,
    startup_id_str=0xfffffdfc <Address 0xfffffdfc out of bounds>)
    at kinit.cpp:639
#27 0x080505b7 in handle_launcher_request (sock=8) at kinit.cpp:1203
#28 0x08050b7c in handle_requests (waitForPid=0) at kinit.cpp:1406
#29 0x08051260 in main (argc=2, argv=0x5bdfc9e4, envp=0x5bdfc9f0)
    at kinit.cpp:1850

# emerge --info
Portage 2.1_rc4-r1 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r3, 2.6.14-hardened-r8 i686)
=================================================================
System uname: 2.6.14-hardened-r8 i686 AMD Athlon(tm) 64 Processor 3500+
Gentoo Base System version 1.6.14
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=athlon64 -march=athlon64 -O2 -pipe -Wall -g3 -ggdb3"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/gconf /etc/postfix/sample /etc/revdep-rebuild /etc/terminfo /etc/env.d"
CXXFLAGS="-mtune=athlon64 -march=athlon64 -O2 -pipe -Wall -g3 -ggdb3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer nostrip parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror"
LINGUAS="de"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://linux.rz.ruhr-uni-bochum.de/gentoo-portage"
USE="3dnow 3dnowext X a52 acpi alsa ash-completion berkdb bitmap-fonts cdparanoia crypt cups debug dga dlloader dri dv dvd dvdr dvdread encode font-server glx gtk gtk2 hardened imap isdnlog jabber kde kdeenablefinal live lzo mad matrox mbox mime mjpeg mmx mmxext mozcalendar mozsvg mp3 mpeg mplayer musicbrainz network nls nodrm nptl nptlonly nsplugin offensive ogg opengl pam pam_timestamp pdf pic png quicktime readline real sftplogging sse ssl tcpd theora truetype truetype-fonts type1 type1-fonts userlocales v4l v4l2 vorbis win32codecs x86 xmms xorg xprint xv zlib elibc_glibc kernel_linux linguas_de userland_GNU video_cards_nv"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

My solution was to recompile Qt with the vanilla GCC profile, the same I always do with the plethora of packages that don't compile or (more rarely) compile and crash on hardened AMD64.

I do kind of help testing hardened stuff somewhat, because I have 19 entries in /etc/portage/package.keywords on my desktop (and who knows how many on my laptop), but I don't think I can go full-blown ~amd64 because I'm kind of reliant on my computers working as a computer science graduate student (when things don't work here, enough words generally fly to make a sailor cringe in fear). I think I'll try to use more ~amd64 stuff though; I get newer software, and Gentoo and its users get to know that something is broken before thousands of people the world over find out simultaneously when the package is marked stable. Actually, I was recently considering compiling my entire system with debugging information (400 GB hard drive), but getting debugging to work requires compiling with "-g -nopie" and/or changing to a softened GCC profile, whereas I just wanted debugging information, not to change the generated code, so I decided against it (although if anyone has any wise recommendations, I'm all ears). Although, wouldn't my -O3 flag make the debugging information less useful anyway?

Ok. I emerged qt with the vanilla gcc 5 days ago and used it since then. And - surprise: My problem (kwin crashes in QPainter::drawTiledPixmap) occured, too, although much less of it seems.
I therefore tend to assume, my problem is not related to this bug (or the issue in this bug is not an ssp issue...). I will probably file a new bug report later the day.

I have the exact same problem on my amd64 system with qt>=3.3.6 
I had to roll back to qt-3.3.4-r8.

But I don't think I have a hardened system (at least, I don't have the hardened USE flag)



 
Portage 2.1-r2 (default-linux/amd64/2005.1, gcc-3.4.4, glibc-2.3.6-r4, 2.6.17-gentoo-r4 x86_64)
=================================================================
System uname: 2.6.17-gentoo-r4 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.12.4
USE="amd64 16bit 7zip X a52 aac acpi aim akode alsa amarok amazon amr amuled apache2 arts authlib bash-completion beagle berkdb bittorrent bonobo c++ cairo cap cddb cdparanoia cdrom cg chroot corba courier cracklib crypt css cups cvs cxx dbus dlloader dri dvb dvd dvdr dvdread encode enscript ethereal fame ffmpeg firefox flac fltk font-server foomaticdb ftp gimp gimpprint gmail gpm gstreamer gtalk gtk gtk2 gvim gzip i8x0 icq imap imlib ipfilter ipv6 j2ee jabber jboss jingle jpeg jpeg2k kde kdeenablefinal kqemu lame libvisual lm_sensors log4j logrotate lzo lzw mad maildir maildrop make-symlinks md5sum mime mimencode mjpeg mozsvg mp3 mpeg mplayer mpm-peruser msn musepack musicbrainz mysql ncurses nls nsplugin nvidia ocaml oggvorbis opengl openssh openssl pam pcre pdf perl php png postfix python qt3 qt4 quicktime rdesktop readline reiserfs rss screen sdl speex spell sqlite ssl subversion suid svg theora tiff transcode truetype truetype-fonts type1 type1-fonts udev unicode unzip usb visualization vnc vorbis webdav wma wmf x11vnc xinetd xorg xscreensaver xslt xvid zip zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux linguas_en linguas_fr lirc_devices_all userland_GNU video_cards_nv video_cards_nvidia video_cards_vesa"

Comment 15 Kevin F. Quinn (RETIRED) 2006-08-25 07:26:19 UTC

(In reply to comment #14)
> I have the exact same problem on my amd64 system with qt>=3.3.6 
> I had to roll back to qt-3.3.4-r8.
> 
> But I don't think I have a hardened system (at least, I don't have the hardened
> USE flag)

The trigger to seeing the error "stack smashing attack in..." is having qt built with the stack-protector enabled.  You may have -fstack-protector{,-all} in your CFLAGS, or you may have compiled with the -hardened or -hardenednopie version of the compiler.  The hardened USE flag just changes the default compiler, so to build with the -hardened compiler it's necessary to deliberately select it via gcc-config, but it is not necessary to have the hardened USE flag set.

(In reply to comment #15)
> > I have the exact same problem on my amd64 system with qt>=3.3.6 
> > I had to roll back to qt-3.3.4-r8.
> > 
> > But I don't think I have a hardened system 
> 
> The trigger to seeing the error "stack smashing attack in..." is having qt
> built with the stack-protector enabled.

Yes, it seems senseful.

>  You may have -fstack-protector{,-all}
> in your CFLAGS, 

no, my CFLAGS are very simple
CFLAGS="-march=athlon64 -O2 -pipe"

> or you may have compiled with the -hardened or -hardenednopie
> version of the compiler.  The hardened USE flag just changes the default
> compiler, so to build with the -hardened compiler it's necessary to
> deliberately select it via gcc-config, but it is not necessary to have the
> hardened USE flag set.

My default compiler is not hardened:
kro64 ~ # gcc-config -l
 [1] x86_64-pc-linux-gnu-3.4.4 *
 [2] x86_64-pc-linux-gnu-3.4.4-hardenednopie
 [3] x86_64-pc-linux-gnu-3.4.4-hardenednopiessp
 [4] x86_64-pc-linux-gnu-3.4.4-hardenednossp
 [5] x86_64-pc-linux-gnu-3.4.4-vanilla

I have just recompiled qt-3.3.6-r1 and I have this bug again. If I understand correctly, the question becomes: Why is it compiled hardened when I never asked for it? 

Comment 17 Kevin F. Quinn (RETIRED) 2006-08-26 07:14:46 UTC

(In reply to comment #16)
> My default compiler is not hardened:
> kro64 ~ # gcc-config -l
>  [1] x86_64-pc-linux-gnu-3.4.4 *
>  [2] x86_64-pc-linux-gnu-3.4.4-hardenednopie
>  [3] x86_64-pc-linux-gnu-3.4.4-hardenednopiessp
>  [4] x86_64-pc-linux-gnu-3.4.4-hardenednossp
>  [5] x86_64-pc-linux-gnu-3.4.4-vanilla
> 
> I have just recompiled qt-3.3.6-r1 and I have this bug again. If I understand
> correctly, the question becomes: Why is it compiled hardened when I never asked
> for it? 

The above shows that your default compiler _is_ hardened - which means when gcc-3.4.4 was built you had 'hardened' in your USE flags.

The way gcc-config works is that the default compiler (whether it's vanilla or hardened) is listed as CTARGET without any suffix, and all the others are listed as CTARGET-SUFFIX.  Since you have a -vanilla version listed, the default must be the hardened compiler.  FWIW eselect-compiler lists the suffix for all versions, to avoid this confusion (although that hides whether the compiler libraries are built vanilla or hardened...).

Do:

# gcc-config 5 && env-update

to get the vanilla compiler.  Alternatively you can build it with the -hardenednossp and it'll do the other hardened bits (in particalar BIND_NOW) but it'll skip SSP.

(In reply to comment #17)
> > My default compiler is not hardened:
> > kro64 ~ # gcc-config -l
> >  [1] x86_64-pc-linux-gnu-3.4.4 *
> >  [2] x86_64-pc-linux-gnu-3.4.4-hardenednopie
> >  [3] x86_64-pc-linux-gnu-3.4.4-hardenednopiessp
> >  [4] x86_64-pc-linux-gnu-3.4.4-hardenednossp
> >  [5] x86_64-pc-linux-gnu-3.4.4-vanilla
> 
> The above shows that your default compiler _is_ hardened - which means when
> gcc-3.4.4 was built you had 'hardened' in your USE flags.

I'm sorry, I have been confused (I thought only the -hardened extensions were actually hardened).

In the meantime I did 
> # gcc-config 5 && env-update
> to get the vanilla compiler. 
as suggested in comment #4. 

Thanks for your time.

Comment 19 Tristan Heaven (RETIRED) 2006-10-27 15:26:53 UTC

*** Bug 143973 has been marked as a duplicate of this bug. ***

Comment 20 Sune Kloppenborg Jeppesen (RETIRED) 2007-05-02 13:54:03 UTC

Has there been any progress on this one?

Any progress on this?  There are two Security Advisories out for qt now, 200611-02 and 200708-16, and this is preventing me from upgrading.

Comment 22 Christian Heim (RETIRED) 2007-11-10 09:26:18 UTC

Due to SSP having issues with C++ code, I just placed a -fno-stack-protector in the x11-libs/qt ebuilds. Thus, you should no longer see those issues when emerging anything qt-based or QT itself.