225563 – media-gfx/inkscape-0.46-r2 stack smashing at app startup

Bug 225563 - media-gfx/inkscape-0.46-r2 stack smashing at app startup

Summary: media-gfx/inkscape-0.46-r2 stack smashing at app startup

Status:	RESOLVED TEST-REQUEST

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal (vote)
Assignee:	Gentoo Graphics Project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-06-09 12:24 UTC by SATtva
Modified:	2010-04-16 10:50 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SATtva 2008-06-09 12:24:46 UTC

I'm unable to start media-gfx/inkscape-0.46-r2 due to stack smashing protection under Hardened profile. Unstable version 0.46-r3 has the same SSP behavior. Former stable revision (r1, IIRC) has worked correctly.
The package is built with 'perl spell wmf' USE-flags.

Reproducible: Always

Steps to Reproduce:
1. Build a package with 'perl spell wmf' USE-flags under Hardened profile with PIE+SSP.
2. Run application.
Actual Results:  
Here's an error from console output (no error in pax.log or grsec.log):

$ inkscape
*** stack smashing detected ***: inkscape - terminated
inkscape: stack smashing attack in function virtual Geom::Piecewise<Geom::D2<Geom::SBasis> > Inkscape::LivePathEffect::LPESkeletalStrokes::doEffect_pwd2(Geom::Piecewise<Geom::D2<Geom::SBasis> >&) - terminated


Portage 2.1.4.4 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.6.1-r0, 2.6.23-hardened-r12 x86_64)
=================================================================
System uname: 2.6.23-hardened-r12 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-50
Timestamp of tree: Mon, 09 Jun 2008 01:45:02 +0000
ccache version 2.4 [disabled]
app-shells/bash:     3.2_p33
dev-lang/python:     2.4.4-r13
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -O2 -pipe -fPIC"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=k8 -msse3 -O2 -pipe -fPIC"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--ask --deep --with-bdeps=y"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://fido.online.kz/gentoo/pub         http://mirrors.tds.net/gentoo   ftp://ftp.roedu.net/pub/mirrors/gentoo.org"
LANG="ru_RU.UTF-8"
LINGUAS="en ru"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X acpi alsa amd64 apache2 apm bash-completion bcmath berkdb bl branding bzip bzip2 cairo cdr coldplug cpudetection cracklib crypt css ctype dbus directfb dri dv dvd dvdr dvdread encode ffmpeg firefox flac gd gdbm gif gmp gpm gtk hal hardened hash iconv icu idea imagemagick imlib jpeg jpeg2k justify lm_sensors logrotate mad matroska midi mjpeg mmx mmxext mp3 mpeg mplayer mysql ncurses nls nptl nptlonly ogg opengl pam pcre pdf perl php pic pmu png python qt3 qt3support qt4 readline sdl session spell srt sse sse2 ssl svg symlink tcpd threads tiff truetype udev unicode urandom v4l vim-syntax vorbis wmf xcomposite xinerama xml xorg xv xvid xvmc yv12 zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="*" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" USERLAND="GNU" VIDEO_CARDS="fglrx radeon vesa"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 1 SATtva 2008-08-05 20:37:15 UTC

Problem persists in media-gfx/inkscape-0.46-r3.

Comment 2 Samuli Suominen (RETIRED) gentoo-dev

2010-04-16 10:50:29 UTC

Try 0.47.