atti@magic ~ $ mahjongg mahjongg: stack smashing attack in function load_map_from_file() Aborted strace output added Reproducible: Always Steps to Reproduce: Portage 2.0.51.22-r2 (default-linux/amd64/2004.3/lib64, gcc-3.4.3, glibc-2.3.5-r0, 2.6.12-gentoo-r4 x86_64) ================================================================= System uname: 2.6.12-gentoo-r4 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.6.13 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.11 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O3 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /usr/X11R6/bin/startx /etc/env.d" CXXFLAGS="-march=athlon64 -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy distlocks sandbox severe sfperms strict" GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/" LANG="de_DE@euro" LC_ALL="de_DE@euro" LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="X a52 aac acpi alsa amd64 audiofile avi berkdb bitmap-fonts bzlib cdr crypt cups curl dga directfb dlloader dmalloc dpms dts dvd dvdr dvdread eds emacs encode esd exif fam fame fat fbcon ffmpeg flac font-server foomaticdb fortran gdbm gif gimpprint gnome gpm gstreamer gtk gtk2 hal hardened howl imagemagick imlib ipv6 ithreads javascript jp2 jpeg jpeg2k kde lcms libsamplerate libwww lzo lzw lzw-tiff mad matroska memlimit mikmod mjpeg mmap mng mozcalendar mozdevelop mozsvg mp3 mpeg mpi multilib ncurses nls nptl nptlonly ntfs nvidia ogg oggvorbis on-the-fly-crypt openal openexr opengl oss pam pda pdflib perl png ppds python qt quicktime readline real reiserfs sdl slang sndfile spell ssl svg symlink tcltk tcpd test tetex tga theora threads tidy tiff toolbar truetype truetype-fonts type1-fonts unicode usb userlocales videos vorbis wmf xine xml2 xmms xpm xprint xrandr xtermtoolbar xv xvid xvmc yv12 zlib linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, PORTDIR_OVERLAY
Created attachment 64434 [details] strace output
what version of gnome-extra/gnome-games are you running?
magic atti # emerge -pv gnome These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild U ] www-client/epiphany-1.6.0-r3 [1.4.8] -debug -doc 0 kB [ebuild U ] gnome-base/gnome-2.10-r1 [2.8.3-r1] -accessibility +cdr +dvdr +hal 0 kB Total size of downloads: 0 kB magic atti # BTW: can't emerge gnome-2.10-r1 because of bug 91984
ups ... my fault... magic atti # emerge -pv gnome-games These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] gnome-extra/gnome-games-2.10.0 -artworkextra -debug -guile +howl 0 kB Total size of downloads: 0 kB
Using gcc vanilla profile (gcc-config ...) works as workaround.
Flipping assigned to and CC as this is a hardened issue.
What is the exact program that provides your mahjongg?
I'm not sure what you mean with "program" ... package is: magic atti # emerge gnome-games -pvD [ebuild U ] gnome-extra/gnome-games-2.12.2 [2.10.1] +artworkextra* -debug -guile +howl 4,798 kB magic atti # I can start it in the console: atti@magic ~ $ mahjongg (mahjongg:17352): GdkPixbuf-CRITICAL **: gdk_pixbuf_loader_write: assertion `buf != NULL' failed atti@magic ~ $ the executable is here: /usr/bin/mahjongg
thanks, there are a few things in portage that can provide 'mahjongg' Testing the version you have this is what I get. $ scanelf -Bs'__guard' /usr/bin/mahjongg ET_DYN __guard /usr/bin/mahjongg ## This tells us it was compiled with SSP enabled. $ dumpelf -v /usr/bin/mahjongg | grep GCC:|sort -u * GCC: (GNU) 3.4.4 (Gentoo Hardened 3.4.4, ssp-3.4.4-1.0, pie-8.7.8) ## This shows me that it was compiled with a hardened compiler. $ /usr/bin/mahjongg $ echo $? 0 This shows us that I launched the game and ran it for a bit then exited cleanly. Tested with 2.10.1-r1 Can anybody else reproduce this? If so does it seem limited to 64bit arches only?
