app-portage/portage-utils-0.2





emerge --info
Portage 2.1.6.10 (default/linux/amd64/2008.0/no-multilib, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.28-gentoo-r4 x86_64)
=================================================================
System uname: Linux-2.6.28-gentoo-r4-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_3800+-with-glibc2.2.5
Timestamp of tree: Thu, 26 Mar 2009 15:15:01 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     4.0_p10-r1
dev-java/java-config: 1.3.7-r1, 2.1.7
dev-lang/python:     2.5.4-r2
dev-python/pycrypto: 2.0.1-r8
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.6.3
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.4.3-r2
sys-apps/sandbox:    1.6
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.19.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.28-r1
ABI="amd64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ALSA_CARDS="hda-intel"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol"
ANT_HOME="/usr/share/ant"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ARCH="amd64"
ASFLAGS_x86="--32"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CCACHE_SIZE="2G"
CDEFINE_amd64="__x86_64__"
CDEFINE_x86="__i386__"
CFLAGS="-march=k8 -O2 -pipe -msse3 -ftree-vectorize "
CFLAGS_x86="-m32"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x86="i686-pc-linux-gnu"
CLASSPATH="."
CLEAN_DELAY="5"
COLLISION_IGNORE="/lib/modules"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/share/config/kdm/ /usr/kde/3.5/shutdown /usr/kde/4.2/env /usr/kde/4.2/share/config /usr/kde/4.2/shutdown /usr/lib/findcruft/ /usr/share/config /var/qmail/alias /var/qmail/control /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -O2 -pipe -msse3 -ftree-vectorize "
DCCC_PATH="/usr/lib64/distcc/bin"
DEFAULT_ABI="amd64"
DISPLAY="localhost:10.0"
DISTCC_LOG=""
DISTCC_VERBOSE="0"
DISTDIR="/usr/portage/distfiles"
EDITOR="/usr/bin/vi"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS=" --verbose --with-bdeps y "
EMERGE_WARNING_DELAY="10"
FEATURES="ccache distlocks fixpackages metadata-transfer parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp ${URI} -P ${DISTDIR}"
GCC_SPECS=""
GDK_USE_XFT="1"
GENERATION="2"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ "
GUILE_LOAD_PATH="/usr/share/guile/1.8"
HISTCONTROL="ignoredups"
HOME="/root"
HTTP_PROXY="http://127.0.0.1:8080/"
INFOPATH="/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.19.1/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.3.3/info"
INPUT_DEVICES="keyboard mouse evdev"
I_PROMISE_TO_SUPPLY_PATCHES_WITH_BUGS="1"
JAVAC="/etc/java-config-2/current-system-vm/bin/javac"
JAVACC_HOME="/usr/share/javacc/"
JAVA_HOME="/etc/java-config-2/current-system-vm"
JDK_HOME="/etc/java-config-2/current-system-vm"
KDE_IS_PRELINKED="1"
KERNEL="linux"
LANG="C"
LDFLAGS="-Wl,-O1"
LDFLAGS_x86="-m elf_i386"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe.sh %s"
LIBDIR_amd64="lib64"
LIBDIR_amd64_fbsd="lib64"
LIBDIR_ppc="lib32"
LIBDIR_ppc64="lib64"
LIBDIR_sparc32="lib32"
LIBDIR_sparc64="lib64"
LIBDIR_x86="lib32"
LIBDIR_x86_fbsd="lib32"
LIBXCB_ALLOW_SLOPPY_LOCK="1"
LINGUAS="en de"
LOGNAME="root"
LPDEST="lp"
LS_COLORS="rs=0:di=01;34:ln=01;36:hl=44;37:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:"
MAKEOPTS="-j3 "
MANPATH="/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.19.1/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.3.3/man:/opt/blackdown-jdk-1.4.2.03/man:/etc/java-config/system-vm/man/:/usr/kde/4.2/share/man:/usr/kde/3.5/share/man:/usr/qt/3/doc/man:/opt/man:/usr/local/man:/root/man"
MULTILIB_ABIS="amd64"
MULTILIB_STRICT_DENY="64-bit.*shared object"
MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"
MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)"
NETBEANS="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml"
OPENGL_PROFILE="nvidia"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.3.3:/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:/usr/kde/4.2/sbin:/usr/kde/4.2/bin:/usr/kde/3.5/sbin:/usr/kde/3.5/bin:/usr/qt/3/bin:/var/qmail/bin:/var/vpopmail/bin:/root/bin:/root/bin/s:/root/bin/cs"
PKGDIR="/usr/portage/packages"
PKG_CONFIG_PATH="/usr/qt/3/lib64/pkgconfig"
PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha hppa amd64-fbsd sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib64/portage/bin"
PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="warn error info log"
PORTAGE_ELOG_MAILFROM="linux64portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="mail_summary"
PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"
PORTAGE_FETCH_RESUME_MIN_SIZE="350K"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_NICENESS="5"
PORTAGE_PYM_PATH="/usr/lib64/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp/portage"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_VERBOSE="1"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/sabayon /usr/portage/local/layman/arcon /usr/portage/local/layman/xemacs /usr/portage/local/layman/sunrise /usr/portage/local/layman/science"
PRELINK_PATH_MASK="/usr/lib64/klibc"
PRINTER="lp"
PROFILE_ONLY_VARIABLES="ARCH ELIBC KERNEL USERLAND"
PS1="\[\033[01;31m\][64bit]\[\033[01;34m\]\h:\w # \[\033[00m\]\[\e]30;\H:\w\a\]"
PS2="> "
QMAKESPEC="linux-g++"
QTDIR="/usr/qt/3"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp ${URI} -P ${DISTDIR}"
ROOT="/"
ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.3.3:/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:/usr/kde/4.2/sbin:/usr/kde/4.2/bin:/usr/kde/3.5/sbin:/usr/kde/3.5/bin:/usr/qt/3/bin:/var/qmail/bin:/var/vpopmail/bin"
RPMDIR="/usr/portage/rpm"
SANE_CONFIG_DIR="/etc/sane.d"
SCHEME_LIBRARY_PATH="/usr/share/slib/"
SEARCH_DIRS_MASK="/media /PART /usr/i586-pc-linux-gnu /DATA/chroot_gen32 "
SHELL="/bin/bash"
SHLVL="2"
STAGE1_USE="nptl nptlonly unicode"
SYMLINK_LIB="yes"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
TERM="xterm"
USB_DEVFS_PATH="/dev/bus/usb"
USE="3dnow 3dnowext 64bit 7zip X Xaw3d a52 aac aalib acct acl acpi aiglx aio alsa amarok amd amd64 amr ao apm arts asf audiofile autoreplace bash-completion berkdb binary-drivers boost branding bzip2 cairo ccache cdb cdda cdparanoia cdr cdrom cg chm chroot cli colordiff connectionstatus cpudetection cracklib crypt css cups curl cutterlimit cutterqueue cuttime cvs d dbase dbus debugger deprecated device-mapper dga dia diet directfb disk-partition djvu dlloader dmi dnd dnotify dri dts dv dvb dvd dvdr dvdread dvi dxr3 emboss encode exceptions exif extensions extrafilters extraicons fame fat fbcondecor fbdev fbsplash ffmpeg fftw flac fortran gcrypt gdbm gif gimp gnome gnutls gphoto2 gpm graphviz gs gsm gstreamer gtk gtk2 hal hpn iconv icq imagemagick imap inkjar inotify ipod iproute2 ipv6 irc jabber jack john joystick jpeg jpeg2k kde kdehiddenvisibility kdeprefix kdm keyring kipi lame largefile lcd lcms libcaca libgcrypt libssh2 live lm_sensors logrotate lzma lzo mad maildir matroska mhash midi mjpeg mmap mmx mmxext mng mozilla mp2 mp3 mp3rtp mp4 mpd mpeg mpeg2 mplayer msn mudflap musepack mysql mythtv nat ncurses network-cron new-login nls nptl nptlonly nsplugin ntfs ntlm nvidia ogg openal openexr opengl openmp openssl pam pam_chroot pam_timestamp pascal pcap pcre pda pdf perl plasma png portaudio posix postproc postscript povray ppds pppd prelude python qmail qt3 qt3support qt4 quicktime rar readline realmedia reflection rrdtool rss rtc scanner sdl seamonkey session sftp sftplogging skins sndfile sockets socks5 speech speex spell spl spoof-source sql sqlite sqlite3 sse sse2 ssl stream subversion svg swig sysfs sysvipc taglib tagwriting tcpd tcpwrapper tga theora threads tidy tiff timestats tls tomsfastmath tordns transcode truetype udev unicode unix98 urandom usb utempter v4l v4l2 vcd visualization vnc voice volctrl vorbis vpopmail webkit wifi wireshark wma wmf wmp wxwindows x264 xanim xattr xemacs xforms xfs xine xinetd xml xmp xorg xosd xpm xrender xulrunner xv xvid xvmc yahoo zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="agfa_cl20 casio_qv dimagev dimera3500 kodak_dc120 kodak_dc210 kodak_dc240 kodak_dc3200 kodak_ez200 konica_qm150 pana sonic_coolshot panasonic_dc1000 panasonic_dc1580 panasonic_l859 polaroid_pdc320 polaroid_pdc640 polaroid_pdc700 ricoh_g3 sipix_blink sipix_blink2 sipix_web2 sony_dscf1 sony_dscf55 toshiba_pdrm11" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="nvidia nv vesa cirrus"
USER="root"
USERLAND="GNU"
USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CAMERAS CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS NETBEANS_MODULES USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults:pkginternal:env.d"
VIDEO_CARDS="nvidia nv vesa cirrus"
VMHANDLE="blackdown-jdk-1.4.2"
XAUTHORITY="/root/.xauthJXxJIb"
XDG_DATA_DIRS="/usr/share:/usr/kde/4.2/share:/usr/local/share:/usr/kde/3.5/share"
_="/usr/bin/emerge"
ac_cv_func_calloc_0_nonnull="yes"
ac_cv_func_malloc_0_nonnull="yes"
ac_cv_func_realloc_0_nonnull="yes"
http_proxy="http://127.0.0.1:8080/"
ignoreeof="0"

an unstripped version with debugging compiler option


(gdb) bt
#0  0x00000031000321e5 in raise () from /lib/libc.so.6
#1  0x0000003100033703 in abort () from /lib/libc.so.6
#2  0x000000310006d998 in ?? () from /lib/libc.so.6
#3  0x00000031000e4d67 in __fortify_fail () from /lib/libc.so.6
#4  0x00000031000e2b40 in __chk_fail () from /lib/libc.so.6
#5  0x00000031000e1e39 in ?? () from /lib/libc.so.6
#6  0x0000003100071805 in _IO_default_xsputn () from /lib/libc.so.6
#7  0x0000003100046245 in vfprintf () from /lib/libc.so.6
#8  0x00000031000e1edd in __vsprintf_chk () from /lib/libc.so.6
#9  0x00000031000e1e20 in __sprintf_chk () from /lib/libc.so.6
#10 0x0000000000403dd4 in dep_prune_use (root=0x64bf10, use=0x7fff83ed1750 "  md64 elibc_glibc kdeprefix kernel_linux plasma semantic-desktop sqlite userland_GNU ") at /usr/include/bits/stdio2.h:34
#11 0x0000000000403d6c in dep_prune_use (root=0x645cf0, use=0x7fff83ed1750 "  md64 elibc_glibc kdeprefix kernel_linux plasma semantic-desktop sqlite userland_GNU ") at qdepends.c:294
#12 0x0000000000417e8d in qdepends_vdb_deep (depend_file=0x42206f "DEPEND", query=0x7fff83ed5e82 "app-portage/portage-utils") at qdepends.c:521
#13 0x0000000000414fa8 in q_main (argc=3, argv=0x7fff83ed5958) at q.c:82
#14 0x00000000004153a6 in main (argc=3, argv=0x7fff83ed5958) at main.c:1072

Created attachment 187611 [details, diff]
fix use flag buffer overflow

patch works as expected ;-)
 
the snprintf is always good. but I think it's not a good solution to have a non configurable char buffer with now a fixed length of 83 bytes somewhere deep inside the source code.

Comment 5 solar (RETIRED) 2009-04-08 19:13:20 UTC

That code should probably use a xmalloc() free() so it always handles the proper sizes no matter how messed up they might be.

Comment on attachment 187611 [details, diff]
fix use flag buffer overflow

This patch doesn't fix the problem. The bug is about parsing USE dependences.

I get a segfault. Is this the same bug?

qdepends -Q gpgme:

[...]
open("/var/db/pkg/virtual/poppler-glib-0.10.5/DEPEND", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=46, ...}) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=46, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff9000
read(5, "~app-text/poppler-bindings-0.10.5"..., 4096) = 46
close(5)                                = 0
munmap(0xb7ff9000, 4096)                = 0
open("/var/db/pkg/virtual/poppler-glib-0.10.5/USE", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=48, ...}) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=48, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff9000
read(5, "cairo elibc_glibc kernel_linux us"..., 4096) = 48
close(5)                                = 0
munmap(0xb7ff9000, 4096)                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

segment fault here.

# qdepends -v -Q gnome-mount
*** buffer overflow detected ***: qdepends terminated
======= Backtrace: =========                         
/lib/libc.so.6(__fortify_fail+0x48)[0xb7ea6048]      
/lib/libc.so.6[0xb7ea4090]                           
/lib/libc.so.6[0xb7ea3718]                           
/lib/libc.so.6(_IO_default_xsputn+0xa0)[0xb7e2be40]  
/lib/libc.so.6(_IO_vfprintf+0x379d)[0xb7e0315d]      
/lib/libc.so.6(__vsprintf_chk+0xa7)[0xb7ea37c7]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xb7ea370d]
qdepends[0x804b4a7]
qdepends[0x804b448]
qdepends[0x805a405]
qdepends[0x805b2a1]
qdepends[0x805b70c]
/lib/libc.so.6(__libc_start_main+0xe5)[0xb7dd8725]
qdepends[0x8049d61]
======= Memory map: ========
08048000-0806e000 r-xp 00000000 03:05 5254       /usr/bin/q
0806e000-0806f000 r--p 00025000 03:05 5254       /usr/bin/q
0806f000-0807a000 rw-p 00026000 03:05 5254       /usr/bin/q
0807a000-080ac000 rw-p 0807a000 00:00 0          [heap]
b7db3000-b7dbf000 r-xp 00000000 03:05 514971     /usr/lib/gcc/i686-pc-linux-gnu/4.3.3/libgcc_s.so.1
b7dbf000-b7dc0000 r--p 0000b000 03:05 514971     /usr/lib/gcc/i686-pc-linux-gnu/4.3.3/libgcc_s.so.1
b7dc0000-b7dc1000 rw-p 0000c000 03:05 514971     /usr/lib/gcc/i686-pc-linux-gnu/4.3.3/libgcc_s.so.1
b7dc1000-b7dc2000 rw-p b7dc1000 00:00 0
b7dc2000-b7eff000 r-xp 00000000 03:05 239306     /lib/libc-2.9.so
b7eff000-b7f01000 r--p 0013d000 03:05 239306     /lib/libc-2.9.so
b7f01000-b7f02000 rw-p 0013f000 03:05 239306     /lib/libc-2.9.so
b7f02000-b7f05000 rw-p b7f02000 00:00 0
b7f1d000-b7f39000 r-xp 00000000 03:05 239450     /lib/ld-2.9.so
b7f39000-b7f3a000 rw-p b7f39000 00:00 0
b7f3a000-b7f3b000 r--p 0001c000 03:05 239450     /lib/ld-2.9.so
b7f3b000-b7f3c000 rw-p 0001d000 03:05 239450     /lib/ld-2.9.so
bfb27000-bfb3c000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted

The same here as well:

schlepptop ~ # qdepends -Q boost
app-office/openoffice-3.0.1
media-gfx/povray-3.7.0_beta29-r2
dev-libs/boost-1.37.0-r1
*** buffer overflow detected ***: qdepends terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xb7e82048]
/lib/libc.so.6[0xb7e80090]
/lib/libc.so.6[0xb7e7f718]
/lib/libc.so.6(_IO_default_xsputn+0xa0)[0xb7e07e40]
/lib/libc.so.6(_IO_vfprintf+0x379d)[0xb7ddf15d]
/lib/libc.so.6(__vsprintf_chk+0xa7)[0xb7e7f7c7]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xb7e7f70d]
qdepends[0x804b4e6]
======= Memory map: ========
08048000-0806e000 r-xp 00000000 08:03 13934      /usr/bin/q
0806e000-0806f000 r--p 00026000 08:03 13934      /usr/bin/q
0806f000-0807b000 rw-p 00027000 08:03 13934      /usr/bin/q
0807b000-08087000 rw-p 00000000 00:00 0 
09fc6000-09fed000 rw-p 00000000 00:00 0          [heap]
b7d9d000-b7d9e000 rw-p 00000000 00:00 0 
b7d9e000-b7edb000 r-xp 00000000 08:03 7480       /lib/libc-2.9.so
b7edb000-b7edc000 ---p 0013d000 08:03 7480       /lib/libc-2.9.so
b7edc000-b7ede000 r--p 0013d000 08:03 7480       /lib/libc-2.9.so
b7ede000-b7edf000 rw-p 0013f000 08:03 7480       /lib/libc-2.9.so
b7edf000-b7ee3000 rw-p 00000000 00:00 0 
b7ef4000-b7f00000 r-xp 00000000 08:03 746221     /usr/lib/gcc/i686-pc-linux-gnu/4.3.3/libgcc_s.so.1
b7f00000-b7f01000 r--p 0000b000 08:03 746221     /usr/lib/gcc/i686-pc-linux-gnu/4.3.3/libgcc_s.so.1
b7f01000-b7f02000 rw-p 0000c000 08:03 746221     /usr/lib/gcc/i686-pc-linux-gnu/4.3.3/libgcc_s.so.1
b7f02000-b7f03000 rw-p 00000000 00:00 0 
b7f03000-b7f1f000 r-xp 00000000 08:03 7471       /lib/ld-2.9.so
b7f1f000-b7f20000 r-xp 00000000 00:00 0          [vdso]
b7f20000-b7f21000 r--p 0001c000 08:03 7471       /lib/ld-2.9.so
b7f21000-b7f22000 rw-p 0001d000 08:03 7471       /lib/ld-2.9.so
bff92000-bffa7000 rw-p 00000000 00:00 0          [stack]
Abgebrochen

Same buffer overflow backtrace here. I'm curious about the root cause.

Comment 11 solar (RETIRED) 2009-06-10 16:41:02 UTC

(In reply to comment #10)
> Same buffer overflow backtrace here. I'm curious about the root cause.

It's probably shoving the contents of USE or *DEPEND into too small of a static buffer. To help us pinpoint it. It would be helpful if somebody who gets the error if they could build a debugging (-ggdb -g3 nostrip) version and say run 
ltrace q depends $stuff
Then post the last few lines before the segv. Most likely the last open() call is we will see where the error will be. 

Created attachment 194595 [details]
ltrace qdepends kmail-4.2.4

(In reply to comment #11)
I too have had this problem for a while now, but it just suddenly appeared on a machine that hadn't been updated at all.

Running ltrace on the command as suggested seems to indicate that qdepends has problems handling EAPI2 ebuild syntax.

More specifically the crash occurs for me when parsing this line from /var/db/pkg/kde-base/kmail-4.2.4/kmail-4.2.4.ebuild ....
   >=kde-base/kdelibs-${PV}:${SLOT}[kdeprefix=,semantic-desktop?]

Same bug here. Traced it with gdb and adding printf's around and it seems the cause is this line:

char useflag[40+3]; /* use flags shouldnt be longer than 40 ... */

A fixed 40+3 buffer doesnt seem such a good idea ... anyway here's the USE flags that made it crash in my case:

dep_prune_use() -> root->info is >=kde-base/kscreensaver-4.3.0:4.3[kdeprefix=,opengl, use is   md64 eigen elibc_glibc kernel_linux multilib opengl userland_GNU

dep_prune_use() -> root->info is >=kde-base/kscreensaver-4.3.0:4.3[kdeprefix=,opengl, use is   md64 eigen elibc_glibc kernel_linux multilib opengl userland_GNU
*** buffer overflow detected ***: ./q terminated


And here's a "worksforme" patch:

diff -ur portage-utils-0.2/qdepends.c portage-utils-0.2-fre/qdepends.c
--- portage-utils-0.2/qdepends.c        2009-03-23 09:28:07.000000000 +0100
+++ portage-utils-0.2-fre/qdepends.c    2009-08-13 01:37:41.802640236 +0200
@@ -293,8 +293,8 @@
 {
        if (root->neighbor) dep_prune_use(root->neighbor, use);
        if (root->type == DEP_USE) {
-               char useflag[40+3]; /* use flags shouldnt be longer than 40 ... */
                int notfound, invert = (root->info[0] == '!' ? 1 : 0);
+               char useflag[strlen(root->info+invert)];
                sprintf(useflag, " %s ", root->info+invert);
                notfound = (strstr(use, useflag) == NULL ? 1 : 0);
                if (notfound ^ invert) {

Comment 14 Andrey Grozin 2009-08-22 09:06:58 UTC

Same here

laptop ~ # qdepends -Q dev-python/PyQt
dev-util/eric-4.3.6
dev-python/qscintilla-python-2.4
*** buffer overflow detected ***: qdepends terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xb7f810f8]
/lib/libc.so.6[0xb7f7efc0]
/lib/libc.so.6[0xb7f7e5e8]
/lib/libc.so.6(_IO_default_xsputn+0xae)[0xb7eff85e]
/lib/libc.so.6(_IO_vfprintf+0x360c)[0xb7ed476c]
/lib/libc.so.6(__vsprintf_chk+0xa3)[0xb7f7e693]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xb7f7e5dd]
qdepends[0x804b3eb]
qdepends[0x805cdd6]
qdepends[0x805dcc9]
qdepends[0x805e141]
/lib/libc.so.6(__libc_start_main+0xe1)[0xb7ea8a51]
qdepends(strcasestr+0x1a9)[0x8049ca1]
======= Memory map: ========
08048000-0806f000 r-xp 00000000 03:02 2392817    /usr/bin/q
0806f000-08070000 r--p 00026000 03:02 2392817    /usr/bin/q
08070000-0807b000 rw-p 00027000 03:02 2392817    /usr/bin/q
0807b000-080c9000 rw-p 0807b000 00:00 0          [heap]
b7e91000-b7e92000 rw-p b7e91000 00:00 0
b7e92000-b7fde000 r-xp 00000000 03:02 10757926   /lib/libc-2.10.1.so
b7fde000-b7fe0000 r--p 0014c000 03:02 10757926   /lib/libc-2.10.1.so
b7fe0000-b7fe1000 rw-p 0014e000 03:02 10757926   /lib/libc-2.10.1.so
b7fe1000-b7fe5000 rw-p b7fe1000 00:00 0
b7ff2000-b800d000 r-xp 00000000 03:02 12588444   /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libgcc_s.so.1
b800d000-b800e000 r--p 0001a000 03:02 12588444   /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libgcc_s.so.1
b800e000-b800f000 rw-p 0001b000 03:02 12588444   /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libgcc_s.so.1
b800f000-b8010000 rw-p b800f000 00:00 0
b8010000-b802e000 r-xp 00000000 03:02 10754242   /lib/ld-2.10.1.so
b802e000-b802f000 r--p 0001d000 03:02 10754242   /lib/ld-2.10.1.so
b802f000-b8030000 rw-p 0001e000 03:02 10754242   /lib/ld-2.10.1.so
bfb19000-bfb2f000 rw-p bffea000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted

Comment 15 solar (RETIRED) 2009-08-23 00:49:58 UTC

(In reply to comment #13)
> And here's a "worksforme" patch:

I just got back from vacation. Thanks for the patch. Would anybody mind making it use xmalloc/xasprintf on the heap etc vs any static buffers.

Comment 16 solar (RETIRED) 2009-08-23 06:16:36 UTC

Created attachment 201987 [details, diff]
another patch

Can somebody that hits this bug test with the following patch?

Comment 17 Romain Perier (RETIRED) 2009-08-29 16:14:30 UTC

It's works for me :)

qdepends-263892.diff fixed it for me. Please revise the code and make another release. Both 0.1.29 and 0.2 are broken for me.

Comment 19 Lars Wendler (Polynomial-C) (RETIRED) 2009-09-05 09:06:23 UTC

*** Bug 283728 has been marked as a duplicate of this bug. ***

Comment 20 solar (RETIRED) 2009-09-05 16:51:24 UTC

(In reply to comment #18)
> qdepends-263892.diff fixed it for me. Please revise the code and make another
> release. Both 0.1.29 and 0.2 are broken for me.

Thanks for the feedback. 0.2.1 was pushed to the tree to address this bug.

(In reply to comment #20)
> Thanks for the feedback. 0.2.1 was pushed to the tree to address this bug.

Can I ask for an estimate date for stabilization?