Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 96147 - stack smashing attack error when compiling libgnomeui
Summary: stack smashing attack error when compiling libgnomeui
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GNOME (show other bugs)
Hardware: PPC Linux
: High major (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-14 20:54 UTC by Thomas Marschall
Modified: 2005-11-05 23:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Marschall 2005-06-14 20:54:45 UTC 
creating libgnomeui-scan
lt-libgnomeui-scan: stack smashing attack in function main()
Scan failed
make[3]: *** [scan-build.stamp] Error 255
make[3]: Leaving directory
`/var/tmp/portage/libgnomeui-2.10.0/work/libgnomeui-2.10.0/doc/reference'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/var/tmp/portage/libgnomeui-2.10.0/work/libgnomeui-2.10.0/doc'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/var/tmp/portage/libgnomeui-2.10.0/work/libgnomeui-2.10.0'
make: *** [all] Error 2

!!! ERROR: gnome-base/libgnomeui-2.10.0 failed.
!!! Function gnome2_src_compile, Line 41, Exitcode 2
!!! compile failure
!!! If you need support, post the topmost build error, NOT this status message.



Reproducible: Always
Steps to Reproduce:
1. Do "emerge --sync"
2. Do "emerge libgnomeui"
3. Watch.

Actual Results:  
libgnomeui would not compile, preventing update of gnome

Expected Results:  
Software should have compiled.

emerge info output:
Portage 2.0.51.19 (default-linux/ppc/2004.3, gcc-3.4.4, glibc-2.3.4.20041102-r1,
2.6.9-test ppc)
=================================================================
System uname: 2.6.9-test ppc 7450, altivec supported
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.5 [2.3.5 (#1, May  3 2005, 13:26:47)]
distcc 2.16 powerpc-unknown-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
dev-lang/python:     2.3.5
sys-apps/sandbox:    [Not Present]
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.5, 1.9.5, 1.8.5-r3, 1.7.9-r1, 1.6.3, 1.4_p6
sys-devel/binutils:  2.15.90.0.3-r5
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="ppc"
AUTOCLEAN="yes"
CFLAGS="-O2 -mtune=powerpc -fno-strict-aliasing -pipe -mcpu=7400 -maltivec
-mabi=altivec"
CHOST="powerpc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mtune=powerpc -fno-strict-aliasing -pipe -mcpu=7400 -maltivec
-mabi=altivec"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://10.0.1.1/gentoo-portage"
USE="ppc X Xaw3d alsa altivec arts audiofile bash-completion bcmath berkdb
bitmap-fonts bonobo caps cpdflib crypt ctype cups curl curlwrappers doc dvd eds
emacs emboss encode esd ethereal evo exif fam fftw flac font-server fortran ftp
gd gdbm gif ginac gnome gnustep gnutls gpm gstreamer gtk gtk2 gtkhtml
hardenedphp iconv imagemagick imlib innodb ipv6 jabber jack java jpeg junit kde
kerberos krb4 ladcca leim lesstif libedit libg++ libgda libwww mad mhash mime
mmap mng mnogosearch motif mozilla mp3 mpeg mpi msession msn mule mysql mysqli
nas ncurses nls nocd offensive ogg oggvorbis openal opengl oscar oss pam pcntl
pcre pdflib perl php pic pie plotutils png portaudio posix ppds prelude python
qt quicktime readline ruby samba sdl session shared sharedmem simplexml slang
slp sndfile soap sockets spell spl ssl svg sysvipc tcltk tcpd tetextheora tidy
tiff tokenizer truetype truetype-fonts type1-fonts unicode usb vhosts videos
vorbis wmf wxwindows xface xine xinerama xml xml2 xmlrpc xmms xosd xpm xprint
xsl xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Comment 1 foser (RETIRED) gentoo-dev 2005-06-15 07:48:51 UTC 
Could any of the security guys have a look at this issue and possibly provide a
patch ?
Comment 2 solar (RETIRED) gentoo-dev 2005-06-16 22:18:35 UTC 
I am unable to reproduce this on an x86 system with libgnomeui-2.10.0 with +doc
+jpeg and do not have access to a ppc with X installed.

I can confirm however that this package has 946 text relocations in two libs. 
The reaason it has so many textrels is due to it assuming -DPIC actually does
something for position independent code which it pretty much does not.

temp workaround try merging without +doc set as libgnomeui-2.10.0/doc/reference

note: -fno-strict-aliasing is also known to cause problems with pic code. 
sed, coreutils(cp), glibc come to mind.
Comment 3 John N. Laliberte (RETIRED) gentoo-dev 2005-10-14 08:52:19 UTC 
reporter: are you still having this issue?
Comment 4 Mike Gardiner (RETIRED) gentoo-dev 2005-11-05 23:00:02 UTC 
Reopen if this issue persists.