On my hardened gentoo system (no pax), I can crash oowriter with the following procedure. Reproducible: Always Steps to Reproduce: 1. start oowriter 2. create a 2 x 2 table 3. mark a single cell Actual Results: openoffice crashes and leaves the following message: soffice.bin: stack smashing attack in function BOOL lcl_BoxSetSplitBoxFmts(const SwTableBox*&, void*)() Portage 2.0.51.22-r2 (default-linux/x86/2005.1, gcc-3.3.5-20050130, glibc-2.3.5-r1, 2.6.11-gentoo-r9 i686) ================================================================= System uname: 2.6.11-gentoo-r9 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.6.13 ccache version 2.3 [enabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo http://gentoo.osuosl.org/" LANG="de_DE@euro" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X Xaw3d a52 aac aalib accessibility acl acpi aim alsa apache2 apm arts audiofile avi bash-completion bcmath berkdb bitmap-fonts bluetooth bzip2 calendar caps cdb cdparanoia cdr cpdflib crypt cscope cups curl curlwrappers dbm dbus dedicated dga dio directfb divx4linux doc dv dvb dvd dvdr dvdread eds emacs emboss encode esd ethereal examples exif fam fastcgi fbcon ffmpeg fftw flac flash flatfile foomaticdb fortran freetds ftp gd gdbm geoip gif ginac glut gmp gnome gnutls gphoto2 gpm gps gstreamer gtk gtk2 guile hal hardened hardenedphp howl hyperwave-api icc iconv icq ieee1394 imagemagick imap imlib innodb iodbc ipv6 jabber jack java javascript joystick jpeg kde kdeenablefinal kerberos krb4 ladcca lcms ldap leim lesstif libcaca libg++ libgda libwww lirc lm_sensors mad maildir matroska matrox mcal mcve memlimit mhash mikmod milter mime ming mmap mmx mng mono motif mozilla mp3 mpeg mpi msession msn mule mysql mysqli nas ncurses netcdf nls nocd nptl offensive ofx ogg oggvorbis openal opengl osc oscar oss pam pcntl pcre pda pdflib perl pfpro php plotutils png portaudio posix ppds python qdbm qt quicktime radius readline recode ruby samba sasl scanner sdl session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile snmp soap sockets socks5 sox speex spell spl sqlite ssl svg svga tcltk tcpd tetex theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts usb v4l vcd vhosts videos vorbis wddx win32codecs wmf wxwindows x86 xface xine xml xml2 xmlrpc xmms xpm xprint xsl xv xvid yahoo yaz zeo zlib linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LC_ALL, LDFLAGS, PORTDIR_OVERLAY
Hmm; this should have been fixed. Could you post the output of: gcc -v please?
Reading specs from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/specs Configured with: /var/tmp/portage/gcc-3.3.6/work/gcc-3.3.6/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.3.6 --includedir=/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.3.6 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.3.6/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.3.6/info --with-gxx-include-dir=/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/include/g++-v3 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --disable-libunwind-exceptions --disable-multilib --disable-libgcj --enable-languages=c,c++,f77 --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu Thread model: posix gcc version 3.3.6 (Gentoo Hardened 3.3.6, ssp-3.3.6-1.0, pie-8.7.8) BTW, I also had another problem with my hardened oowriter, namely that simply saving a file leads to crash. Afterwards, I recompiled openoffice with "-fno-stack-protector -fno-stack-protector-all" and both problems disappeared.
OK; looks like ships crossed in the night, I'll assume for now that you had the problem before the fix propogated to your system. Re-open if the problem happens again.
