installed package: ssmtp mailx reproduce: echo -e "abc\nabc\n" | strace -s100 -f /bin/mail write(3, "From: is an optional port number that defaults to 25.\n\r\n", 56) = 56 problem: the "From" field shall never be that string, as it's just a comment in the config. file /etc/ssmtp/revaliases: # sSMTP aliases # # Format: local_account:outgoing_address:mailhub # # Example: root:your_login@your.domain:mailhub.your.domain[:port] # where [:port] is an optional port number that defaults to 25. (not modified) but
Created attachment 83135 [details, diff] stack variable not initized before strdup patch
reproduce condiction: CFLAGS="-O3" can't reproduce condiction: CFLAGS="-O2"
reproduce condiction: CFLAGS="-O3" and non root user can't reproduce condiction: CFLAGS="-O2" or root user
I've been able to recreate this (x86-64 @ -O2). I fixed it a different way (before I found this bug :-), but my findings and fix ended up being essentially the same (write something into char buf[] before the function can strdup() it). This is a fairly serious problem since the program is using uninitialized stack data. It's also _really_ annoying. It's been over a month since this bug was originally filed. Can we expect a fix anytime soon?
(In reply to comment #0) > installed package: ssmtp mailx > reproduce: > echo -e "abc\nabc\n" | strace -s100 -f /bin/mail > write(3, "From: is an optional port number that defaults to 25.\n\r\n", 56) = > 56 > > problem: the "From" field shall never be that string, as it's just a comment in > the config. > > > file /etc/ssmtp/revaliases: > # sSMTP aliases > # > # Format: local_account:outgoing_address:mailhub > # > # Example: root:your_login@your.domain:mailhub.your.domain[:port] > # where [:port] is an optional port number that defaults to 25. > > (not modified) > but > (In reply to comment #2) > reproduce condiction: > CFLAGS="-O3" > can't reproduce condiction: > CFLAGS="-O2" > toolchain, please advise.
I can't reproduce this on either x86 or ~x86 keywords. $ emerge --info | egrep 'CFLAGS|KEYWORDS' ACCEPT_KEYWORDS="x86" CFLAGS="-O3 -march=pentium4 -fomit-frame-pointer" $ echo -e"abc\nabc\n" | strace -s100 -o mailx.strace -f /bin/mail No mail for langthang $ grep -i from mailx.strace 15483 read(3, "set ask askcc append dot save crt\nignore Received Message-Id Resent-Message-Id Status Mail-From Retu"..., 4096) = 125
First of all, this is in no way an optimization bug. Optimization may expose (or hide) the bug, but it is not the compiler or optimizer's fault. It is coded incorrectly. You can tell this by code inspection. (In reply to comment #6) > I can't reproduce this on either x86 or ~x86 keywords. Reproduction requires that your GECOS information be empty. If you follow the flow of the code, it's essentially: from_format(char *str) { char buf[SIZE]; if (something) { //stuff }else{ if (somethingelse) { //more stuff } } return (strdup(buf)); Now, if something and somethingelse are both false, buf gets strdup'ed without ever being set (which is what the bodies of something and something else do).
indeed ... in this case, optimization just happens to trigger the issue more often ... not an uncommon scenario
Whoops.. I had a chance to actually look at the original patch and it's got a flaw in it (it restructured the if-else flow, but it did it wrong). I'll attach my original fix which preserves the original intent of the code (and fixes the buffer problem). It feels like this flow could be cleaned up a bit, but correctness first, beauty later.
Created attachment 86184 [details, diff] stack variable used before init (updated) Alternate implementation of fix that properly preserves if-else flow.
Thanks guys, fixed in -r2 and -r31. - ferdy
you're right, the fix was wrong. i wanted to kill duplicate code but didn't notice the "else" before "if(gecos)" char *from_format(....) { char buf[(BUF_SZ + 1)]; if (override_from && minus_f) { str = append_domain(minus_f); ..sprintf...; } else if (gecos) { ..sprintf...; } else { ..sprintf...; } } i do think the bad flow IS the reason author made the mistake. although you fixed it by a patch as smallest as possible. i still recommend to kill duplicate code and use a more clear flow. thank u for fixing this bug, anyway.
to be clear: "the fix was wrong" => "my fix was wrong".
*** Bug 131192 has been marked as a duplicate of this bug. ***
Could one of the versions with the fix be stabilized? I just hit this bug with gcc-4.1
CCing arches. Please test and stabilize version mentioned in summary, as it fixes config file parsing. It's been in portage since May. Target keywords: KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" Thanks!
ppc64 stable
- emerges fine on amd64 - passes collision-test - passes multilib-strict - works Portage 2.1.1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-ck1-r3 x86_64) ================================================================= System uname: 2.6.17-ck1-r3 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.5 Last Sync: Fri, 22 Sep 2006 11:20:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.29 dev-lang/python: 2.4.3-r3 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LANG="en_US.ISO8859-1" LC_ALL="en_US.ISO8859-1" LINGUAS="" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/overlay" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 X a52 aac acpi alsa amr avi berkdb bitmap-fonts branding bzip2 cairo cdinstall cdparanoia cdr cli crypt cups dbus divx dlloader dri dvd dvdr dvdread elibc_glibc emboss encode expat fam firefox fortran gdbm gif glut gnutls gpm gstreamer gtk gtk2 hal imagemagick input_devices_evdev input_devices_keyboard isdnlog jpeg kernel_linux lcms ldap libg++ lirc lirc_devices_inputlirc logrotate mad mikmod mng mp3 mpeg musicbrainz ncurses nls nptl nptlonly offensive ogg opengl pam pcre pdflib php png ppds pppd quicktime readline reflection reiserfs rtc sdl session socks5 spl ssl svg symlink tcpd tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU userlocales v4l v4l2 video_cards_fglrx vim-with-x vorbis wmp x264 xfs xine xinerama xml xorg xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS
1) emerges fine 2) passes collision test 3) seems to work Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686) ================================================================= System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+ Gentoo Base System version 1.12.5 Last Sync: Fri, 22 Sep 2006 05:50:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.2.11-r1 dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/" LANG="de_DE@euro" LC_ALL="de_DE@euro" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage" USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript jikes jpeg jpeg2k kernel_linux ldap leim libg++ linguas_de lm_sensors mad maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
x86/amd64 done
ppc done
sparc stable.
HPPA done!
Alpha done.
Stable on MIPS.