Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 225563

Summary: media-gfx/inkscape-0.46-r2 stack smashing at app startup
Product: Gentoo Linux Reporter: SATtva <sattva>
Component: Current packagesAssignee: Gentoo Graphics Project <graphics+disabled>
Status: RESOLVED TEST-REQUEST    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description SATtva 2008-06-09 12:24:46 UTC 
I'm unable to start media-gfx/inkscape-0.46-r2 due to stack smashing protection under Hardened profile. Unstable version 0.46-r3 has the same SSP behavior. Former stable revision (r1, IIRC) has worked correctly.
The package is built with 'perl spell wmf' USE-flags.

Reproducible: Always

Steps to Reproduce:
1. Build a package with 'perl spell wmf' USE-flags under Hardened profile with PIE+SSP.
2. Run application.
Actual Results:  
Here's an error from console output (no error in pax.log or grsec.log):

$ inkscape
*** stack smashing detected ***: inkscape - terminated
inkscape: stack smashing attack in function virtual Geom::Piecewise<Geom::D2<Geom::SBasis> > Inkscape::LivePathEffect::LPESkeletalStrokes::doEffect_pwd2(Geom::Piecewise<Geom::D2<Geom::SBasis> >&) - terminated


Portage 2.1.4.4 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.6.1-r0, 2.6.23-hardened-r12 x86_64)
=================================================================
System uname: 2.6.23-hardened-r12 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-50
Timestamp of tree: Mon, 09 Jun 2008 01:45:02 +0000
ccache version 2.4 [disabled]
app-shells/bash:     3.2_p33
dev-lang/python:     2.4.4-r13
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -O2 -pipe -fPIC"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=k8 -msse3 -O2 -pipe -fPIC"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--ask --deep --with-bdeps=y"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://fido.online.kz/gentoo/pub         http://mirrors.tds.net/gentoo   ftp://ftp.roedu.net/pub/mirrors/gentoo.org"
LANG="ru_RU.UTF-8"
LINGUAS="en ru"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X acpi alsa amd64 apache2 apm bash-completion bcmath berkdb bl branding bzip bzip2 cairo cdr coldplug cpudetection cracklib crypt css ctype dbus directfb dri dv dvd dvdr dvdread encode ffmpeg firefox flac gd gdbm gif gmp gpm gtk hal hardened hash iconv icu idea imagemagick imlib jpeg jpeg2k justify lm_sensors logrotate mad matroska midi mjpeg mmx mmxext mp3 mpeg mplayer mysql ncurses nls nptl nptlonly ogg opengl pam pcre pdf perl php pic pmu png python qt3 qt3support qt4 readline sdl session spell srt sse sse2 ssl svg symlink tcpd threads tiff truetype udev unicode urandom v4l vim-syntax vorbis wmf xcomposite xinerama xml xorg xv xvid xvmc yv12 zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="*" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" USERLAND="GNU" VIDEO_CARDS="fglrx radeon vesa"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 1 SATtva 2008-08-05 20:37:15 UTC 
Problem persists in media-gfx/inkscape-0.46-r3.
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2010-04-16 10:50:29 UTC 
Try 0.47.