175996 – qtparted: stack smashing attack in function void QPainter::setWorldMatrix(const QWMatrix&, bool)()

Bug 175996 - qtparted: stack smashing attack in function void QPainter::setWorldMatrix(const QWMatrix&, bool)()

Summary: qtparted: stack smashing attack in function void QPainter::setWorldMatrix(con...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	135265
	Show dependency tree

Reported:	2007-04-25 17:46 UTC by Christian Korff
Modified:	2007-11-10 09:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Korff 2007-04-25 17:46:31 UTC

qt seems to have a bug related to the hardened gcc. When I start qtparted it crashs with the following message:
# LC_ALL=C qtparted 
Warning: GNU Parted has detected libreiserfs interface version mismatch.  Found 1-1, required 0. ReiserFS support will be disabled.
qtparted: stack smashing attack in function void QPainter::setWorldMatrix(const QWMatrix&, bool)()
Abgebrochen

(Abgebrochen - Canceled; I don't know why it's ignored LC_ALL=C)

Comment 1 solar (RETIRED) gentoo-dev

2007-04-25 18:22:53 UTC

kevin, This is another QT/C++/SSP problem? if so can you mark it a dupe of that other bug.. tia.

Comment 2 Kevin F. Quinn (RETIRED) gentoo-dev

2007-04-25 21:14:40 UTC

Certainly looks like the same thing.

Comment 3 Christian Korff 2007-09-15 18:29:41 UTC

A week ago I tried the vanilla gcc spec (using gcc-config) and it doesn't work. I want to note this for information.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-09-24 16:51:51 UTC

Just a note that qt-3.3.4+ are working fine with gcc-4 from kevquinn's hardened overlay (kevquinn_hardened) here on amd64.

Comment 5 solar (RETIRED) gentoo-dev

2007-09-25 02:43:36 UTC

(In reply to comment #4)
> Just a note that qt-3.3.4+ are working fine with gcc-4 from kevquinn's hardened
> overlay (kevquinn_hardened) here on amd64.

Thanks and yep.. These c++/KDE/QT bugs are a long standing 
gcc-3.x problem that are known to work in gcc-4.x

All existing c++ ebuilds that filter fstack need need to be re 
(tested|evaluated) for gcc-4.x. 

Thanks for the confirmation report.

Comment 6 Francisco J. Sánchez 2007-10-10 08:59:03 UTC

I can confirm the problem. Many qt (3.3.8-r4) apps send "stack smashing attack in function void QPainter::drawPixmap" (and many more functions in the same class) to stderr and crash.

Portage 2.1.3.9 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r10 x86_64)
=================================================================
System uname: 2.6.20-hardened-r10 x86_64 AMD Athlon(tm)64 X2 Dual Core Processor 4800+
Timestamp of tree: Wed, 10 Oct 2007 05:30:09 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r5
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -fforce-addr"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.caliu.info/gentoo/ ftp://ftp.udc.es/gentoo/ "
LANG="es_ES.UTF-8"
LINGUAS="es es_ES"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X alsa amd64 amuled apache2 arts artscdr berkdb branding bzip2 cairo calendar cli courier cracklib crypt ctype cups dri dvd ffmpeg gif gimpprint gnome gtk hal hardened howl iconv imap java jpeg justify kde libwww mad maildir mbox midi mp3 mpeg multilib mysql nls nptl nptlonly nsplugin ogg opengl pam pcre php pic png postfix ppds python qt3 quicktime readline resolvconf sasl sdl session spell ssl svg symlink tcpd tiff unicode urandom vhosts vorbis wmf xml xmlreader xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="es es_ES" USERLAND="GNU" VIDEO_CARDS="vesa fglrx"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 7 Christian Heim (RETIRED) gentoo-dev

2007-11-10 09:26:30 UTC

Due to SSP having issues with C++ code, I just placed a -fno-stack-protector in the x11-libs/qt ebuilds. Thus, you should no longer see those issues when emerging anything qt-based or QT itself.