On my AMD64 non-hardened system, media-sound/grip-3.3.0 crashes with the message grip: stack smashing attack in function ArgsToLocale() Aborted (core dumped) when it has ripped a track and is about to launch the "Wav filter command", which in my case is "/usr/bin/normalize --peak %w". Running GDB on the resulting core file gives this backtrace: #0 0x00002aaaaf881089 in kill () from /lib/libc.so.6 #1 0x00002aaaaf86ddcc in __stack_smash_handler () from /lib/libc.so.6 #2 0x0000000000429ccd in ArgsToLocale () #3 0x0000000000429d62 in TranslateAndLaunch () #4 0x000000000041f22b in UpdateRipProgress () #5 0x000000000040bcbb in GripUpdate () #6 0x000000000040b19f in TimeOut () #7 0x00002aaaaf361f46 in g_main_context_wakeup () from /usr/lib/libglib-2.0.so.0 #8 0x00002aaaaf35eb92 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #9 0x00002aaaaf360afd in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #10 0x00002aaaaf360e85 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #11 0x00002aaaad67dc04 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #12 0x000000000040b04b in Cmain () #13 0x000000000040ad48 in main () Placing debug printf:s in launch.c:ArgsToLocale doesn't give much useful information, probably because I don't know anything about glib, except that the function seems to do its job successfully and then crashes on return. Reproducible: Always Steps to Reproduce: Portage 2.0.51.19 (default-linux/amd64/2005.0, gcc-3.4.3-20050110, glibc-2.3.4. 20050125-r1, 2.6.11-gentoo-r6 x86_64) ================================================================= System uname: 2.6.11-gentoo-r6 x86_64 AMD Athlon(tm) 64 Processor 3200+ Gentoo Base System version 1.6.10 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Feb 18 2005, 12:57:44)] ccache version 2.4 [enabled] dev-lang/python: 2.3.5 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.14 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CFLAGS="-march=athlon64 -O2 -pipe -fstack-protector -fweb -frename-registers - fomit-frame-pointer -momit-leaf-frame-pointer -funit-at-a-time -ftracer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/ share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb / usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/ share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon64 -O2 -pipe -fstack-protector -fweb -frename-registers - fomit-frame-pointer -momit-leaf-frame-pointer -funit-at-a-time -ftracer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache collision-protect distlocks sandbox strict userpriv usersandbox" GENTOO_MIRRORS="http://ftp.du.se/pub/os/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://makanee.ferretporn.se/gentoo-portage" USE="amd64 X Xaw3d a52 aalib acpi adns alsa bash-completion berkdb bitmap-fonts cdinstall cdparanoia cdr cjk crypt cscope curl doc dvd emacs emacs-w3 fam flac font-server freetype gcl gd gdbm gif glut gmp gtk gtk2 imagemagick imap imlib jp2 jpeg kde libwww lzw lzw-tiff mad maildir matroska mbox mikmod mp3 ncurses nls nocd nptl nptlonly nvidia offensive ogg oggvorbis openal opengl operanom2 pam perl pie png python qt readline ruby samba sdl sendfile slang spell sqlite ssl stencil-buffer tcpd tetex tiff truetype truetype-fonts type1-fonts unicode usb userlocales utf8 vorbis xface xine xml2 xmms xpm xrandr xv xvid xvmc zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
The crash does not occur on my non-hardened x86 laptop.
compile without -fstack-protector and you're fine. generally tune down your cflags befor reporting bugs.