Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 100902 - oocalc aborted with soffice.bin: stack smashing attack in function osl_incrementInterlockedCount()
Summary: oocalc aborted with soffice.bin: stack smashing attack in function osl_increm...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on: 93011
Blocks:
  Show dependency tree
 
Reported: 2005-07-31 09:41 UTC by John Baxter
Modified: 2005-08-09 09:32 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
environment.bz2 (environment.bz2,32.19 KB, application/octet-stream)
2005-07-31 14:23 UTC, John Baxter 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Baxter 2005-07-31 09:41:08 UTC 
When I attempt to enter a formula or perform a sum, ocalc is aborted with the
following console output:

soffice.bin: stack smashing attack in function osl_incrementInterlockedCount()
Aborted


Reproducible: Always
Steps to Reproduce:
1. start oocalc/ooffice with a new spreadsheet
2. press the "=" key, or click the add function button or the sum button
3.

Actual Results:  
oocalc is terminated.
oocalc is rendered worthless.


Expected Results:  
A formula or sum should be able to be entered.

app-office/openoffice-1.1.4-r1  +curl +hardened +java -kde +nptl +zlib

Portage 2.0.51.22-r2 (selinux/2004.1/x86, gcc-3.3.5-20050130, glibc-2.3.5-r0,
2.6.11-hardened-r15-tao i686)
=================================================================
System uname: 2.6.11-hardened-r15-tao i686 AMD Athlon(tm) MP 2400+
Gentoo Base System version 1.6.13
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.11
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-Os -march=athlon-mp -ftracer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/bind
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-Os -march=athlon-mp -ftracer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d acpi alsa apache2 berkdb bitmap-fonts bonobo cdr
cgi crypt cups curl cyrus dba dga dlloader dvd dvdr eds esd ethereal fam fastcgi
fb fbcon firefox font-server gcc-libffi gcj gd gd-external gdbm gif gimp
gimpprint gnustep gphoto2 gpm gs gtk gtk2 gtkhtml hardened ialsa imagemagick
imap imlib imlib2 ipv6arpa java javascript jikes jit jpeg junit lcd lcms ldap
lesstif libgda mad md5sum mikmod mime mmx mmx2 motif mozilla mp3 mpeg mplayer
msn ncurses network nls nocardbus nptl nptlonly objc odbc ogg opengl openssh pam
pam_chroot pdflib perl php pic png posix ppds prelude pwdb python qt radeon
readline real rplay sasl sdl selinux slang smp snmp sox speex spell sse sse2 ssl
stroke svg svga sysfs tcltk tcpd tiff transcode truetype truetype-fonts type1
type1-fonts unicode usb videos vim-with-x vorbis wmf xfs xinetd xml2 xmms xpm
xprint xscreensaver xv xvid zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 1 John Baxter 2005-07-31 09:51:44 UTC 
I do not have PAX enabled in the kernel, I am attempting to work with selinux
only at the current time.
Comment 2 Kevin F. Quinn (RETIRED) gentoo-dev 2005-07-31 13:13:37 UTC 
hmm; openoffice should have been built with ssp switched off

Could you attach the file environment.bz2 from
/var/db/pkg/app-office/openoffice-1.1.4-r1?

(btw PaX has nothing to do with the stack protector - they're separate
technologies).
Comment 3 John Baxter 2005-07-31 14:23:21 UTC 
Created attachment 64823 [details]
environment.bz2
Comment 4 John Baxter 2005-07-31 14:33:49 UTC 
If I try running oomath, shortly after the ooffice splash screen is displayed I
receive the following console output:

soffice.bin: stack smashing attack in function EditEngine&
SmDocShell::GetEditEngine()()
Aborted

Writer, Impress, Draw and Printer Admin seem to function properly in limited
testing.
Comment 5 Kevin F. Quinn (RETIRED) gentoo-dev 2005-07-31 22:06:02 UTC 
Ah - got it.  You're suffering from bug #93011 - gcc-3.3.5-20050130 has broken
SSP support.

I'll try to get #93011 moving.  In the meantime, you could emerge the binary
package app-office/openoffice-bin - this will get you a working openoffice,
albeit without any of the hardened features.
Comment 6 John Baxter 2005-08-07 18:03:33 UTC 
I read somewhere that clearing of the ccache cache resolved an issue. So I ran
cccache -z -C and then rm -fr /var/tmp/ccache and then re-emerged openoffice.
This seems to have resolved the issue.
Comment 7 Kevin F. Quinn (RETIRED) gentoo-dev 2005-08-09 09:32:22 UTC 
The stuff I did on bug #100974 should clear this (that's probably what
fixed it, not clearing the ccache).  Re-open if it recurs.