Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 257016 - app-backup/bacula + gcc-4.3.3 - reports a false buffer overflow in glibc in cause of builded with FORTIFY_SOURCE on
Summary: app-backup/bacula + gcc-4.3.3 - reports a false buffer overflow in glibc in c...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: Wolfram Schlich (RETIRED)
: 295246 (view as bug list)
Depends on:
Blocks: fortify-source
  Show dependency tree
Reported: 2009-01-30 23:04 UTC by Martin
Modified: 2010-05-22 16:03 UTC (History)
9 users (show)

See Also:
Package list:
Runtime testing required: ---

adds -U_FORTIFY_SOURCE to CFLAGS (bacula-2.4.4_U_FORTIFY_SOURCE.patch,558 bytes, patch)
2009-11-05 15:08 UTC, Daniel Troeder
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Martin 2009-01-30 23:04:36 UTC

I opened a bug into the bacula bug tracking system and got the answer that the source has to been build without FORTIFY_SOURCE turned on. To solve the issue that builded bacula versions with gcc 4.3.3 detects a false buffer overflow. The complete thread is appended as additional information.

Here the direct link to the bug also with emerge info:

Best Regards

Reproducible: Always

The following issue has been CLOSED 
Reported By:                mrbscreen
Assigned To:                kern
Project:                    bacula
Issue ID:                   1220
Category:                   bat
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Resolution:                 not a bug
Fixed in Version:           
Date Submitted:             2009-01-30 06:53 UTC
Last Modified:              2009-01-30 08:04 UTC
Summary:                    compile bacula with gcc 4.3.3 doesnot work
Dear Sear or Madame,

yesterday I updated gcc from version 4.3.2 to version 4.3.3 on my gentoo
system. After that I updated bacula to version 2.4.4 the build was without
errors but if I start the any program a "buffer overflow" detection of
glibc occurs (see additional information). I downgraded to version 2.4.1
and the same thing happens. After downgrade the C Compiler to version 4.3.2
bacula works well also in version 2.4.4. The error occurs also in bconsole

Best Regards,
Martin Bauer

 (0003901) mrbscreen (reporter) - 2009-01-30 06:55 
Note that the "emerge --info" is from the working set. If it is helpfully I
can do one with gcc 4.3.2


 (0003902) kern (administrator) - 2009-01-30 08:04 
You are not building Bacula with the Bacula makefiles, and consequently,
you (or you packaging tool) are adding the -DFORTIFY_SOURCE option, which
is broken.  This creates a false buffer overflow detection by glibc.  You
need to build without FORTIFY_SOURCE turned on. 

Issue History 
Date Modified    Username       Field                    Change               
2009-01-30 06:53 mrbscreen      New Issue                                    
2009-01-30 06:53 mrbscreen      Status                   new => assigned     
2009-01-30 06:53 mrbscreen      Assigned To               => dbartley        
2009-01-30 06:55 mrbscreen      Note Added: 0003901                          
2009-01-30 06:55 mrbscreen      Issue Monitored: mrbscreen                    
2009-01-30 06:55 mrbscreen      Note Edited: 0003901                         
2009-01-30 08:04 kern           Note Added: 0003902                          
2009-01-30 08:04 kern           Assigned To              dbartley => kern    
2009-01-30 08:04 kern           Status                   assigned => closed  
2009-01-30 08:04 kern           Resolution               open => not a bug   
2009-01-30 08:04 kern           Steps to Reproduce Updated                    
Comment 1 Thomas Capricelli 2009-01-31 12:36:36 UTC
i confirm this bug here...
gcc (Gentoo 4.3.3 p1.0, pie-10.1.5) 4.3.3

starting bacula-fd gives.

*** buffer overflow detected ***: /usr/sbin/bacula-fd terminated        
======= Backtrace: =========                                            


7f573c72c000-7f573c733000 r-xp 00000000 08:01 341219                     /lib64/
7f573c733000-7f573c833000 ---p 00007000 08:01 341219                     /lib64/libwrap31-Jan 13:34 bacula-fd: Fatal Error because: Bacula interrupted by signal 6: IOT trap
Kaboom! bacula-fd, bacula-fd got signal 6 - IOT trap. Attempting traceback.
Kaboom! exepath=/usr/sbin/
Calling: /usr/sbin/btraceback /usr/sbin/bacula-fd 6447
/usr/sbin/btraceback: line 22: /usr/sbin/bsmtp: No such file or directory
cat: write error: Broken pipe
Traceback complete, attempting cleanup ...
Segmentation fault (core dumped)
Comment 2 Nick Brooker 2009-01-31 21:29:42 UTC

I added -D_FORTIFY_SOURCE=0 to the CFLAGS and compiled it and it no longer dumps but I've never used bacula before so I'm not really sure if it's running. Webmin says it looks ok though.
Comment 3 Martin 2009-02-01 10:56:04 UTC
(In reply to comment #2)

I can confirm if bacula is build with: 

CFLAGS="-D_FORTIFY_SOURCE=0 ${CFLAGS}" emerge -v1 bacula

Bacula runs well.

Best Regards
Comment 4 Marc Schiffbauer gentoo-dev 2009-02-24 00:18:25 UTC
Just a "me too" message, having same issue, solution also  -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0
Comment 5 Peter Alfredsen (RETIRED) gentoo-dev 2009-03-02 00:26:44 UTC
In this particular instance, it's the glibc implementation that is buggy, so the correct fix indeed is to add -U_FORTIFY_SOURCE to CFLAGS.
per , it looks like upstream graciously have worked around this issue in the development version. 
Comment 6 Adam Nielsen 2009-03-08 09:11:56 UTC
-U_FORTIFY_SOURCE fixed this for me too - thanks!
Comment 7 Thomas Capricelli 2009-05-08 23:32:18 UTC
i had the same problem, 
CFLAGS="-D_FORTIFY_SOURCE=0 ${CFLAGS}" emerge -v1 bacula
fixed it too... shouldn't that be somewhere in the ebuild ?

Thx anyway.
Comment 8 nuitari 2009-07-02 00:49:12 UTC
Got the same problem 6 months after it was reported, maybe it should be in the ebuild?
Comment 9 Wolfram Schlich (RETIRED) gentoo-dev 2009-08-07 12:25:12 UTC
Working on 3.0.2 which should incorporate the fix included in 2.5.28-b1...
Comment 10 Wolfram Schlich (RETIRED) gentoo-dev 2009-09-09 07:45:46 UTC
Should be fixed in 3.0.2.
Comment 11 Bruno Lustosa 2009-11-05 02:31:55 UTC
Perhaps the fix should be incorporated in the 2.x release as well. For example, in my setup I have to stick with 2.x versions because one other distro doesn't have bacula 3.x available, and I can't mix versions because they don't talk to each other.
Anyway, I fixed in my system by adding -U_FORTIFY_SOURCE to my CFLAGS, but I still think this is more of a workaround, as this option will be passed along to all ebuilds, and not only bacula.
Comment 12 Daniel Troeder 2009-11-05 15:08:58 UTC
Created attachment 209343 [details, diff]

Simple patch that adds "-U_FORTIFY_SOURCE" to the CFLAGS of bacula-2.4.4 - should be the same for the other versions.
Comment 13 Thomas Beierlein gentoo-dev 2009-12-01 06:47:58 UTC
*** Bug 295246 has been marked as a duplicate of this bug. ***
Comment 14 deadeyes 2009-12-19 17:42:12 UTC
While this has been fixed in 2.4.4, this has not been fixed in the ebuild for 2.4.1(-r1 in portage)

As this is marked stable I would expect this fix to be backported.
Comment 15 Domen Kožar 2010-03-24 15:24:55 UTC
Not fixed in 2.4.4, amd64 platform.
Comment 16 Disaster 2010-05-22 16:03:27 UTC
same thing here, thanks for reporting the fix