Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 309341 - sci-libs/libmuscle-3.7-r1 produces a buffer overflow
Summary: sci-libs/libmuscle-3.7-r1 produces a buffer overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High critical (vote)
Assignee: Andrey Kislyuk (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-14 07:11 UTC by Jessica Leigh
Modified: 2010-06-28 20:35 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
A patch that solved the problem for me. (ramfix.patch,591 bytes, patch)
2010-03-14 07:13 UTC, Jessica Leigh 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jessica Leigh 2010-03-14 07:11:53 UTC 
It looks like the function MemToStr in progress.cpp tries to write the progress to a char array that's too small. Only 9 chars are allocated, but this string is 9 characters long if memory use goes into the double digits, which leaves no space for the null char terminator. I changed it to 11, just in case, and things run smoothly.

I also "accidentally" found another bug in the GetRAMSizeMB function in globalslinux.cpp... towards the end of the function you have:

int Bytes = atoi(pMem+9)*1000;

This guy produces too big a number on my system to fit in an int (a measly 4 GB of RAM here). I changed it to:

long Bytes = atol(pMem+9)*1000;

But it's not clear to me why you're multiplying by 1000 here and then returning the result divided by 1,000,000 anyway. Why convert to bytes, rather than just dividing the kB result by 1000?

Anyway, I'll attach a patch that did the trick for me.

Reproducible: Always

Steps to Reproduce:
1. emerge libmuscle
2. run muscle -in 14-3-3.fas -out toto.fas


Actual Results:  
Muscle crashes with the following output:

MUSCLE v3.7 by Robert C. Edgar

http://www.drive5.com/muscle
This software is donated to the public domain.
Please cite: Edgar, R.C. Nucleic Acids Res 32(5), 1792-97.

14-3-3 64 seqs, max length 276, avg  length 248
*** buffer overflow detected ***: muscle terminated
======= Backtrace: =========                       
/lib/libc.so.6(__fortify_fail+0x37)[0x7f508f090a87]
/lib/libc.so.6[0x7f508f08e8a0]                     
/lib/libc.so.6[0x7f508f08db99]                     
/lib/libc.so.6(_IO_vfprintf+0x48f5)[0x7f508eff0fe5]
/lib/libc.so.6(__vsprintf_chk+0x9d)[0x7f508f08dc3d]
/lib/libc.so.6(__sprintf_chk+0x80)[0x7f508f08db80] 
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle8MemToStrEd+0x79)[0x7f508fb16099]
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle8ProgressEjj+0x61)[0x7f508fb16391]
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle11DistKmer6_6ERKNS_7SeqVectERNS_8DistFuncE+0x683)[0x7f508fae2443]
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle13DistUnalignedERKNS_7SeqVectENS_8DISTANCEERNS_8DistFuncE+0x385)[0x7f508fadfae5]
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle15TreeFromSeqVectERKNS_7SeqVectERNS_4TreeENS_7CLUSTERENS_8DISTANCEENS_4ROOTEPKc+0x41)[0x7f508fadf341]
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle8DoMuscleEv+0xbdd)[0x7f508fad9e1d]                                                                   
/usr/lib/libMUSCLE-3.7.so.1(_ZN6muscle3RunEv+0x143)[0x7f508fada0c3]                                                                        
muscle(__gxx_personality_v0+0x182)[0x400f5a]                                                                                               
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f508efc8a26]                                                                                     
muscle(__gxx_personality_v0+0x51)[0x400e29]                                                                                                
======= Memory map: ========                                                                                                               
00400000-00402000 r-xp 00000000 08:04 115972                             /usr/bin/muscle                                                   
00601000-00602000 r--p 00001000 08:04 115972                             /usr/bin/muscle                                                   
00602000-00603000 rw-p 00002000 08:04 115972                             /usr/bin/muscle                                                   
00872000-008b4000 rw-p 00000000 00:00 0                                  [heap]                                                            
7f508e7a9000-7f508efaa000 rw-p 00000000 00:00 0                                                                                            
7f508efaa000-7f508f0f9000 r-xp 00000000 08:04 14557202                   /lib64/libc-2.10.1.so                                             
7f508f0f9000-7f508f2f9000 ---p 0014f000 08:04 14557202                   /lib64/libc-2.10.1.so                                             
7f508f2f9000-7f508f2fd000 r--p 0014f000 08:04 14557202                   /lib64/libc-2.10.1.so                                             
7f508f2fd000-7f508f2fe000 rw-p 00153000 08:04 14557202                   /lib64/libc-2.10.1.so                                             
7f508f2fe000-7f508f303000 rw-p 00000000 00:00 0                                                                                            
7f508f303000-7f508f319000 r-xp 00000000 08:04 6750243                    /lib64/libgcc_s.so.1                                              
7f508f319000-7f508f518000 ---p 00016000 08:04 6750243                    /lib64/libgcc_s.so.1                                              
7f508f518000-7f508f519000 r--p 00015000 08:04 6750243                    /lib64/libgcc_s.so.1                                              
7f508f519000-7f508f51a000 rw-p 00016000 08:04 6750243                    /lib64/libgcc_s.so.1                                              
7f508f51a000-7f508f59c000 r-xp 00000000 08:04 14557245                   /lib64/libm-2.10.1.so                                             
7f508f59c000-7f508f79b000 ---p 00082000 08:04 14557245                   /lib64/libm-2.10.1.so                                             
7f508f79b000-7f508f79c000 r--p 00081000 08:04 14557245                   /lib64/libm-2.10.1.so                                             
7f508f79c000-7f508f79d000 rw-p 00082000 08:04 14557245                   /lib64/libm-2.10.1.so                                             
7f508f79d000-7f508f88c000 r-xp 00000000 08:04 13361304                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.4/libstdc++.so.6.0.10      
7f508f88c000-7f508fa8c000 ---p 000ef000 08:04 13361304                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.4/libstdc++.so.6.0.10      
7f508fa8c000-7f508fa93000 r--p 000ef000 08:04 13361304                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.4/libstdc++.so.6.0.10      
7f508fa93000-7f508fa95000 rw-p 000f6000 08:04 13361304                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.4/libstdc++.so.6.0.10      
7f508fa95000-7f508faa8000 rw-p 00000000 00:00 0                                                                                            
7f508faa8000-7f508fb46000 r-xp 00000000 08:04 115935                     /usr/lib64/libMUSCLE-3.7.so.1.0.0                                 
7f508fb46000-7f508fd46000 ---p 0009e000 08:04 115935                     /usr/lib64/libMUSCLE-3.7.so.1.0.0                                 
7f508fd46000-7f508fd47000 r--p 0009e000 08:04 115935                     /usr/lib64/libMUSCLE-3.7.so.1.0.0                                 
7f508fd47000-7f508fd4f000 rw-p 0009f000 08:04 115935                     /usr/lib64/libMUSCLE-3.7.so.1.0.0                                 
7f508fd4f000-7f508fd98000 rw-p 00000000 00:00 0                                                                                            
7f508fd98000-7f508fdb5000 r-xp 00000000 08:04 14557211                   /lib64/ld-2.10.1.so                                               
7f508ff7e000-7f508ff81000 rw-p 00000000 00:00 0                                                                                            
7f508ffb1000-7f508ffb4000 rw-p 00000000 00:00 0                                                                                            
7f508ffb4000-7f508ffb5000 r--p 0001c000 08:04 14557211                   /lib64/ld-2.10.1.so                                               
7f508ffb5000-7f508ffb6000 rw-p 0001d000 08:04 14557211                   /lib64/ld-2.10.1.so                                               
7fff28761000-7fff28776000 rw-p 00000000 00:00 0                          [stack]                                                           
7fff287ff000-7fff28800000 r-xp 00000000 00:00 0                          [vdso]                                                            
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]                                                        
Aborted                                                                                                                                    


Expected Results:  
The following output, and an alignment written to the file toto.fas

MUSCLE v3.7 by Robert C. Edgar

http://www.drive5.com/muscle
This software is donated to the public domain.
Please cite: Edgar, R.C. Nucleic Acids Res 32(5), 1792-97.

14-3-3 64 seqs, max length 276, avg  length 248
00:00:00     23 MB(1%)  Iter   1  100.00%  K-mer dist pass 1
00:00:00     23 MB(1%)  Iter   1  100.00%  K-mer dist pass 2
00:00:01     35 MB(1%)  Iter   1  100.00%  Align node
00:00:01     35 MB(1%)  Iter   1  100.00%  Root alignment
00:00:01     35 MB(1%)  Iter   2  100.00%  Refine tree
00:00:01     35 MB(1%)  Iter   2  100.00%  Root alignment
00:00:01     35 MB(1%)  Iter   2  100.00%  Root alignment
00:00:01     35 MB(1%)  Iter   3  100.00%  Refine biparts
00:00:01     35 MB(1%)  Iter   4  100.00%  Refine biparts
00:00:01     35 MB(1%)  Iter   5  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter   6  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter   7  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter   7  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter   8  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter   9  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  10  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  11  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  12  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  13  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  14  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  15  100.00%  Refine biparts
00:00:02     35 MB(1%)  Iter  15  100.00%  Refine biparts


I got the same buffer overflow with sci-biology/muscle-3.6
Comment 1 Jessica Leigh 2010-03-14 07:13:01 UTC 
Created attachment 223491 [details, diff]
A patch that solved the problem for me.
Comment 2 Myckel Habets (work) 2010-03-15 09:21:24 UTC 
Notified upstream. 4.x branch seems to be unaffected (files not present any more), but should be regarded as unstable by developer.
Comment 3 Myckel Habets 2010-03-27 17:56:00 UTC 
Notified also the mauve developers (who developed libmuscle) instead of the original muscle developer.
Comment 4 Justin Lecher (RETIRED) gentoo-dev 2010-06-28 20:35:24 UTC 
Thanks for patch and everything. Please test.