137682 – Flightgear-0.9.10 crashes with stack smashing attack on startup

Bug 137682 - Flightgear-0.9.10 crashes with stack smashing attack on startup

Summary: Flightgear-0.9.10 crashes with stack smashing attack on startup

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	AMD64 Linux

Importance:	High critical (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	135265
	Show dependency tree

Reported:	2006-06-22 20:16 UTC by Tommy McDaniel
Modified:	2009-10-14 00:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tommy McDaniel 2006-06-22 20:16:23 UTC

Starting flightgear-0.9.10 results in the following:

tommstein@Morpheus ~ $ fgfs
Error reading properties:
Failed to open file
 at /home/tommstein/.fgfs/autosave.xml
 (reported by SimGear XML Parser)
  Model Author:  Unknown
  Creation Date: 2002-01-01
  Version:       $Id: c172p.xml,v 1.17 2006-03-13 15:27:14 ehofman Exp $
  Description:   Cessna C-172
altitude         = -1.12977
sea level radius = 2.08996e+07
latitude         = 0.653236
longitude        = -2.13554
fgfs: stack smashing attack in function virtual void FGJSBsim::update(double)()
Aborted
tommstein@Morpheus ~ $

I use a hardened GCC (hence why I filed the bug under the component "Hardened"). I'm sure that recompiling FlightGear with the vanilla profile will solve this, but I might as well report it. Here is my emerge --info:

Portage 2.1 (default-linux/amd64/2005.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.15-gentoo-r1 x86_64)
=================================================================
System uname: 2.6.15-gentoo-r1 x86_64 AMD Opteron(tm) Processor 246
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/gcc-config: 1.3.13-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron -O3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-march=opteron -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 X Xaw3d a52 aac aalib accessibility acl acpi adns aim alsa apache2 arts audiofile avi bash-completion bcmath berkdb bidi bitmap-fonts bluetooth bonobo bzlib calendar canna cdb cdparanoia cdr chasen cjk cli crypt cscope ctype cups curl curlwrappers db2 dba dbase dbm dbx dedicated dga dio directfb divx4linux doc dri dv dvb dvd dvdr dvdread eds emacs emacs-w3 emboss emul-linux-x86 encode esd ethereal evo examples exif expat fam fastcgi fbcon ffmpeg flac flash flatfile foomaticdb fortran freetds freewnn ftp gb gcj gd gdbm geoip ggi gif ginac glut gmp gnome gnustep gnutls gphoto2 gpm gps gstreamer gtk gtk2 gtkhtml guile hal hardened hardenedphp howl hyperwave-api iconv icq imagemagick imap imlib inifile innodb interbase iodbc ipv6 isdnlog jabber jack javascript joystick jpeg kde kdeenablefinal kerberos krb4 ladcca lcms ldap leim libcaca libg++ libgda libwww lirc lm_sensors lzw lzw-tiff m17n-lib mad maildir mailwrapper matroska mbox mcal mcve memlimit mhash migemo mikmod milter mime ming mmap mng mnogosearch motif mozilla mp3 mpeg mpi msession msql mssql mule mysql mysqli nas ncurses neXt netcdf nis nls nocd nptl oci8 odbc offensive ofx ogg openal opengl oracle oracle7 osc oscar oss ovrimos pam pcntl pcre pda pdflib perl php plotutils png portaudio posix postgres ppds pppd prelude python qdbm qt quicktime readline recode reflection ruby samba sapdb sasl scanner sdl session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile snmp soap sockets socks5 source sox speex spell spl sqlite ssl svg symlink sysvipc szip tcltk tcpd tetex theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts unicode usb v4l vcd vhosts videos vorbis wddx wifi wmf wxwindows xface xine xml xml2 xmlrpc xmms xorg xosd xpm xprint xsl xv xvid yahoo yaz zeo zlib elibc_glibc kernel_linux userland_GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 1 Tommy McDaniel 2006-06-22 23:46:30 UTC

Indeed, the vanilla profile hides the bug.

Comment 2 Kevin F. Quinn (RETIRED) gentoo-dev

2006-06-23 00:12:14 UTC

A quick glance at the code and it does a lot of data declaration inside local blocks so I suspect this is the same compiler issue we see elsewhere.

Comment 3 Gordon Malm (RETIRED) gentoo-dev

2009-10-14 00:57:11 UTC

GCC 4.3.4 is stable on hardened.  GCC 3.4.x is frozen/not being worked on. 
Closing as WONTFIX.