First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 175996
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: The Gentoo Linux Hardened Team <hardened@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Christian Korff <christian.korff@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 175996 depends on: Show dependency tree
Bug 175996 blocks: 135265
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-04-25 17:46 0000 
qt seems to have a bug related to the hardened gcc. When I start qtparted it
crashs with the following message:
# LC_ALL=C qtparted 
Warning: GNU Parted has detected libreiserfs interface version mismatch.  Found
1-1, required 0. ReiserFS support will be disabled.
qtparted: stack smashing attack in function void QPainter::setWorldMatrix(const
QWMatrix&, bool)()
Abgebrochen

(Abgebrochen - Canceled; I don't know why it's ignored LC_ALL=C)

------- Comment #1 From solar 2007-04-25 18:22:53 0000 ------- 
kevin, This is another QT/C++/SSP problem? if so can you mark it a dupe of that
other bug.. tia.

------- Comment #2 From Kevin F. Quinn (RETIRED) 2007-04-25 21:14:40 0000 ------- 
Certainly looks like the same thing.

------- Comment #3 From Christian Korff 2007-09-15 18:29:41 0000 ------- 
A week ago I tried the vanilla gcc spec (using gcc-config) and it doesn't work.
I want to note this for information.

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-09-24 16:51:51 0000 ------- 
Just a note that qt-3.3.4+ are working fine with gcc-4 from kevquinn's hardened
overlay (kevquinn_hardened) here on amd64.

------- Comment #5 From solar 2007-09-25 02:43:36 0000 ------- 
(In reply to comment #4)
> Just a note that qt-3.3.4+ are working fine with gcc-4 from kevquinn's hardened
> overlay (kevquinn_hardened) here on amd64.

Thanks and yep.. These c++/KDE/QT bugs are a long standing 
gcc-3.x problem that are known to work in gcc-4.x

All existing c++ ebuilds that filter fstack need need to be re 
(tested|evaluated) for gcc-4.x. 

Thanks for the confirmation report.

------- Comment #6 From Francisco J. Sánchez 2007-10-10 08:59:03 0000 ------- 
I can confirm the problem. Many qt (3.3.8-r4) apps send "stack smashing attack
in function void QPainter::drawPixmap" (and many more functions in the same
class) to stderr and crash.

Portage 2.1.3.9 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.5-r4,
2.6.20-hardened-r10 x86_64)
=================================================================
System uname: 2.6.20-hardened-r10 x86_64 AMD Athlon(tm)64 X2 Dual Core
Processor 4800+
Timestamp of tree: Wed, 10 Oct 2007 05:30:09 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r5
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -fforce-addr"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict
unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/
ftp://ftp.caliu.info/gentoo/ ftp://ftp.udc.es/gentoo/ "
LANG="es_ES.UTF-8"
LINGUAS="es es_ES"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X alsa amd64 amuled apache2 arts artscdr berkdb branding bzip2 cairo
calendar cli courier cracklib crypt ctype cups dri dvd ffmpeg gif gimpprint
gnome gtk hal hardened howl iconv imap java jpeg justify kde libwww mad maildir
mbox midi mp3 mpeg multilib mysql nls nptl nptlonly nsplugin ogg opengl pam
pcre php pic png postfix ppds python qt3 quicktime readline resolvconf sasl sdl
session spell ssl svg symlink tcpd tiff unicode urandom vhosts vorbis wmf xml
xmlreader xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop
empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi
null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse
keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216
lcdm001 mtxorb ncurses text" LINGUAS="es es_ES" USERLAND="GNU"
VIDEO_CARDS="vesa fglrx"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #7 From Christian Heim (RETIRED) 2007-11-10 09:26:30 0000 ------- 
Due to SSP having issues with C++ code, I just placed a -fno-stack-protector in
the x11-libs/qt ebuilds. Thus, you should no longer see those issues when
emerging anything qt-based or QT itself.
First Last Prev Next    No search results available      Search page      Enter new bug