After capturing packets and trying to list them, ethereal aborts trying to free an invalid pointer. Step to Reproduce: start ethereal open the "capture options" dialog click start allow a few packets to be captured click stop Actual Results: *** glibc detected *** free(): invalid pointer: 0x57b61068 *** ethereal recieves SIGABRT Expected Results: A list of captured packets should be displayed emerge --info output: Portage 2203-svn (hardened/x86/2.6, gcc-3.4.5-hardenednopie, glibc-2.3.6-r3, 2.6.14-hardened-r8 i686) ================================================================= System uname: 2.6.14-hardened-r8 i686 AMD Sempron(tm) 2400+ Gentoo Base System version 1.6.14 ccache version 2.3 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2 dev-python/pycrypto: 2.0-r1 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -fforce-addr" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe -fforce-addr" DISTDIR="/usr/local/src" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://mirror.pacific.net.au/linux/Gentoo http://mirror.isp.net.au/ftp/pub/gentoo http://planetmirror.com/pub/gentoo http://gentoo.osuosl.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LC_ALL="en_AU" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/var/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.au.gentoo.org/gentoo-portage" USE="X acpi alsa apache2 asf audiofile avi bash-completion berkdb bzip2 caps cdparanoia cdr cjk crypt curl directfb dlloader dvd emacs encode esd ethereal exif expat fam ffmpeg flac gcj gd gdbm gif glut gmp gnutls gpm gtk gtk2 hardened imagemagick imap imlib java jpeg lcms libwww mad maildir mbox mhash mime mng motif mysql ncurses nls nptl nptlonly offensive ogg oggvorbis openal opengl oss pam pcre perl php pic png python readline samba sdl sockets speex spell srvdir ssl tcltk tcpd tetex theora threads tiff timidity truetype udev usb userlocales vorbis win32codecs x86 xine xml xml2 xmms xsl xv zlib video_cards_nvidia userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS I will attach a stack trace.
Created attachment 86635 [details] Stack Trace
Hmm this is pretty much an upstream issue, would you mind reporting there? Otherwise drop a note here and I'll report it for you
Could you please report it. Thanks
Running tethereal also produces this bug: # tethereal Capturing on eth0 *** glibc detected *** free(): invalid pointer: 0xbfb38708 *** Aborted It doesn't crash immediately; it stays alive for a few milliseconds. After running it over and over I managed to have tethereal print out a captured packet just before crashing: # tethereal Capturing on eth0 0.000000 192.168.1.2 -> 255.255.255.255 UDP Source port: 3512 Destination port: 712 *** glibc detected *** free(): invalid pointer: 0xbfd717c8 *** Aborted I did a quick search in Ethereal's bug database but didn't come up with anything. Has an upstream bug been filed? If so, would someone kindly post a link to it?
Since this bug is not being noticed my a ton of people, I thought it might be related to the "hardened" use flag. Sure enough, both the original poster and I have "hardened" in our use flags. Perhaps this is a clue? Here's my emerge --info: Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-gentoo-r12-t3 i686) ================================================================= System uname: 2.6.16-gentoo-r12-t3 i686 Intel(R) Pentium(R) M processor 1.70GHz Gentoo Base System version 1.6.15 app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium-m -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium-m -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms strict userfetch userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://www.gtlib.gatech.edu/pub/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/ " MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X acpi alsa apache2 apm arts avi berkdb bitmap-fonts bzip2 caps cdr cli crypt cups dbus directfb dlloader dri dvd eds emboss encode esd fbcon firefox flac foomaticdb fortran gdbm gif gnome gpm gstreamer gtk gtk2 hal hardened imlib ipv6 isdnlog jpeg kde libg++ libwww lm_sensors mad mailwrapper mikmod motif mp3 mpeg ncurses nls nptl nsplugin ogg opengl oss pam pcmcia pcre pdflib perl pic png pppd python qt qt3 qt4 quicktime readline reflection samba sdl session spell spl ssl tcpd truetype truetype-fonts type1-fonts udev unicode vorbis win32codecs xml xmms xorg xv zlib elibc_glibc input_devices_evdev input_devices_keyboard input_devices_mouse input_devices_synaptics kernel_linux userland_GNU video_cards_fglrx video_cards_radeon video_cards_fbdev video_cards_vesa" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
I also have backtraces for ethereal and tethereal, which I will attach. How I got the backtraces: ================================================================ # CFLAGS="-O2 -march=pentium-m -pipe -ggdb" CXXFLAGS="${CFLAGS}" LDFLAGS="-nopie" FEATURES="splitdebug" emerge ethereal # ulimit -c unlimited # ethereal *** glibc detected *** free(): invalid pointer: 0xbfc980c8 *** Aborted (core dumped) # mv core ethereal.core # gdb ethereal --core ethereal.core --batch --quiet -ex "thread apply all bt full" -ex "quit" > ethereal_backtrace.txt warning: Can't read pathname for load map: Input/output error. # tethereal Capturing on eth0 *** glibc detected *** free(): invalid pointer: 0xbfc77d28 *** Aborted (core dumped) # mv core tethereal.core # gdb tethereal --core tethereal.core --batch --quiet -ex "thread apply all bt full" -ex "quit" > tethereal_backtrace.txt warning: Can't read pathname for load map: Input/output error. ================================================================ I'm not sure what those gdb warnings are about -- I hope this is the right way to get a useful backtrace.
Created attachment 91525 [details] gdb backtrace for ethereal
Created attachment 91526 [details] gdb backtrace for tethereal
reported upstream: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001
I have confirmed that this is a hardened problem. I compiled net-analyzer/wireshark-0.99.2 with various different gcc profiles to see what works. The ones that worked are: i686-pc-linux-gnu-3.4.6-hardenednossp i686-pc-linux-gnu-3.4.6-hardenednopiessp i686-pc-linux-gnu-3.4.6-vanilla The ones that did not work are: i686-pc-linux-gnu-3.4.6 i686-pc-linux-gnu-3.4.6-hardenednopie So, it looks like SSP is the culprit. Is there any way to modify the ebuild to turn off SSP as a workaround until upstream fixes the problem?
(In reply to comment #10) > So, it looks like SSP is the culprit. Is there any way to modify the ebuild > to turn off SSP as a workaround until upstream fixes the problem? Apparently this is possible because the valgrind ebuild disables SSP. Is anyone reading this bug anymore, or should I file a new bug?
All you need to do to disable SSP in an ebuild is to add: filter-flags -fstack-protector # see bug #133092 in src_compile() before doing econf and emake. Please make sure that at least the bug number is referenced so we can know why ssp is filtered, then if the problem is fixed in the future we know we can remove the filter.
Thanks Richard and Kevin. Patch as per comment #11 added. Matt thanks for your patience.
FYI, upstream is closing their bug as WONTFIX because they have definitively concluded that it is a compiler problem, not an Ethereal/Wireshark problem. For the curious, the upstream bug (linked in comment #9) has lots of details.
Seems to be a duplicate of http://bugs.gentoo.org/show_bug.cgi?id=145974
Created attachment 101680 [details, diff] wireshark-except-double-free.diff Set catcher->except_obj.except_dyndata to NULL after beeing freed
(In reply to comment #15) > Seems to be a duplicate of http://bugs.gentoo.org/show_bug.cgi?id=145974 This bug has already been resolved as a flaw in the gcc 3.4 SSP patch, verified through pain-staking disassembly of the compiled code. The resolution was to turn off SSP. The resolution shouldn't be "UPSTREAM". It's not actually an upstream bug -- it's a hardened gcc bug.
*** Bug 145974 has been marked as a duplicate of this bug. ***
thanks a7x and didier for getting to the bottom of this. Frederic Heem thanks for the patch. Added wireshark-0.99.4-r1 for your compiling pleasure. is it safe to omit "filter-flags -fstack-protector" from the ebuild now?
