Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 324863 - mail-client/thunderbird-3.1_rc2-r1 buffer overflow w/ gcc-4.5 and -U_FORTIFY_SOURCE=2
Summary: mail-client/thunderbird-3.1_rc2-r1 buffer overflow w/ gcc-4.5 and -U_FORTIFY_...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Mozilla Gentoo Team
URL: https://bugzilla.mozilla.org/show_bug...
Whiteboard:
Keywords: REGRESSION
Depends on:
Blocks: gcc-4.5
  Show dependency tree
 
Reported: 2010-06-20 18:57 UTC by Samuli Suominen (RETIRED)
Modified: 2010-08-02 16:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
hunspell-buffer.patch (hunspell-buffer.patch,802 bytes, patch)
2010-06-24 21:23 UTC, Harald van Dijk (RETIRED)
Details | Diff
hunspell-buffer.patch (hunspell-buffer.patch,936 bytes, patch)
2010-06-24 22:37 UTC, Harald van Dijk (RETIRED)
Details | Diff
hunspell-buffer.patch (thunderbird-3.1-gcc45.patch,1.08 KB, patch)
2010-07-07 05:57 UTC, Harald van Dijk (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Samuli Suominen (RETIRED) gentoo-dev 2010-06-20 18:57:30 UTC
3.0.5 is working fine w/ gcc-4.5 but 3.1_rc2-r1 fails w/ gcc-4.5, fortify source issues. the crash happens when you click the "Write" button, so basically it renders it unusable.

$ thunderbird 

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "mist",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "industrial",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "mist",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",

(thunderbird-bin:10871): Gtk-WARNING **: Unable to locate theme engine in module_path: "clearlooks",
*** buffer overflow detected ***: /usr/lib64/mozilla-thunderbird/thunderbird-bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f85e3b79a17]
/lib/libc.so.6(+0xe4830)[0x7f85e3b77830]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1d96f)[0x7f85dbba896f]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1dff9)[0x7f85dbba8ff9]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1e157)[0x7f85dbba9157]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1e3a1)[0x7f85dbba93a1]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0xee16)[0x7f85dbb99e16]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x6beb)[0x7f85dbb91beb]
/usr/lib64/mozilla-thunderbird/components/libcomposer.so(+0xd3e4)[0x7f85c66f63e4]
/usr/lib64/mozilla-thunderbird/components/libcomposer.so(+0xe054)[0x7f85c66f7054]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0xae7f)[0x7f85dbb95e7f]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x580d8d)[0x7f85d32d9d8d]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(NS_InvokeByIndex_P+0x249)[0x7f85e4082721]
/usr/lib64/mozilla-thunderbird/components/libxpconnect.so(+0x402e0)[0x7f85d9d182e0]
/usr/lib64/mozilla-thunderbird/components/libxpconnect.so(+0x461d7)[0x7f85d9d1e1d7]
/usr/lib64/mozilla-thunderbird/libmozjs.so(js_Invoke+0x448)[0x7f85e33a0158]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x66c80)[0x7f85e3392c80]
/usr/lib64/mozilla-thunderbird/libmozjs.so(js_Invoke+0x918)[0x7f85e33a0628]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x74cde)[0x7f85e33a0cde]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x859a8)[0x7f85e33b19a8]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x861e9)[0x7f85e33b21e9]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x65eeb)[0x7f85e3391eeb]
/usr/lib64/mozilla-thunderbird/libmozjs.so(js_Invoke+0x918)[0x7f85e33a0628]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x74b80)[0x7f85e33a0b80]
/usr/lib64/mozilla-thunderbird/libmozjs.so(JS_CallFunctionValue+0x1a)[0x7f85e334c6ca]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x519dfa)[0x7f85d3272dfa]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x52c31f)[0x7f85d328531f]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x52c5c2)[0x7f85d32855c2]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(+0x6b4f7)[0x7f85e407a4f7]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(+0x6b6aa)[0x7f85e407a6aa]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(+0x69026)[0x7f85e4078026]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(_Z21NS_ProcessNextEvent_PP9nsIThreadi+0x2b)[0x7f85e404cc7b]
/usr/lib64/mozilla-thunderbird/components/libwidget_gtk2.so(+0x41289)[0x7f85d8aa4289]
/usr/lib64/mozilla-thunderbird/components/libtoolkitcomps.so(+0x859a)[0x7f85d6db259a]
/usr/lib64/mozilla-thunderbird/libxul.so(XRE_main+0x2c6d)[0x7f85e42e65eb]
/usr/lib64/mozilla-thunderbird/thunderbird-bin[0x4018b0]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f85e3ab1b6d]
/usr/lib64/mozilla-thunderbird/thunderbird-bin[0x401699]
======= Memory map: ========
00400000-0040c000 r-xp 00000000 08:01 9308884                            /usr/lib64/mozilla-thunderbird/thunderbird-bin
0060b000-0060c000 r--p 0000b000 08:01 9308884                            /usr/lib64/mozilla-thunderbird/thunderbird-bin
0060c000-0060d000 rw-p 0000c000 08:01 9308884                            /usr/lib64/mozilla-thunderbird/thunderbird-bin
0060d000-0060e000 rw-p 00000000 00:00 0 
7f85c66e9000-7f85c66fd000 r-xp 00000000 08:01 11576213                   /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7f85c66fd000-7f85c68fd000 ---p 00014000 08:01 11576213                   /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7f85c68fd000-7f85c68ff000 r--p 00014000 08:01 11576213                   /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7f85c68ff000-7f85c6900000 rw-p 00016000 08:01 11576213                   /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7f85c6900000-7f85c6a00000 rw-p 00000000 00:00 0 
7f85c6b00000-7f85c6c00000 rw-p 00000000 00:00 0 
7f85c6cfe000-7f85c6cff000 ---p 00000000 00:00 0 
7f85c6cff000-7f85c74ff000 rw-p 00000000 00:00 0 
7f85c74ff000-7f85c7500000 ---p 00000000 00:00 0 
7f85c7500000-7f85c7e00000 rw-p 00000000 00:00 0 
7f85c7eac000-7f85c7ecf000 r-xp 00000000 08:01 11576221                   /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7f85c7ecf000-7f85c80cf000 ---p 00023000 08:01 11576221                   /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7f85c80cf000-7f85c80d0000 r--p 00023000 08:01 11576221                   /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7f85c80d0000-7f85c80d1000 rw-p 00024000 08:01 11576221                   /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7f85c80d1000-7f85c80d3000 r-xp 00000000 08:01 11583995                   /usr/lib64/libXinerama.so.1.0.0
7f85c80d3000-7f85c82d2000 ---p 00002000 08:01 11583995                   /usr/lib64/libXinerama.so.1.0.0
7f85c82d2000-7f85c82d3000 r--p 00001000 08:01 11583995                   /usr/lib64/libXinerama.so.1.0.0
7f85c82d3000-7f85c82d4000 rw-p 00002000 08:01 11583995                   /usr/lib64/libXinerama.so.1.0.0
7f85c82d4000-7f85c82db000 r-xp 00000000 08:01 11576233                   /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7f85c82db000-7f85c84da000 ---p 00007000 08:01 11576233                   /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7f85c84da000-7f85c84db000 r--p 00006000 08:01 11576233                   /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7f85c84db000-7f85c84dc000 rw-p 00007000 08:01 11576233                   /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7f85c84dc000-7f85c84dd000 ---p 00000000 00:00 0 
7f85c84dd000-7f85c8cdd000 rw-p 00000000 00:00 0 
7f85c8cdd000-7f85c8cde000 ---p 00000000 00:00 0 
7f85c8cde000-7f85c94de000 rw-p 00000000 00:00 0 
7f85c94de000-7f85c954a000 r-xp 00000000 08:01 11616615                   /usr/lib64/libnssckbi.so.12
7f85c954a000-7f85c974a000 ---p 0006c000 08:01 11616615                   /usr/lib64/libnssckbi.so.12
7f85c974a000-7f85c975b000 r--p 0006c000 08:01 11616615                   /usr/lib64/libnssckbi.so.12
7f85c975b000-7f85c9765000 rw-p 0007d000 08:01 11616615                   /usr/lib64/libnssckbi.so.12
7f85c9765000-7f85c97c6000 r-xp 00000000 08:01 11616611                   /usr/lib64/libfreebl3.so.12
7f85c97c6000-7f85c99c6000 ---p 00061000 08:01 11616611                   /usr/lib64/libfreebl3.so.12
7f85c99c6000-7f85c99c7000 r--p 00061000 08:01 11616611                   /usr/lib64/libfreebl3.so.12
7f85c99c7000-7f85c99c8000 rw-p 00062000 08:01 11616611                   /usr/lib64/libfreebl3.so.12
7f85c99c8000-7f85c99cc000 rw-p 00000000 00:00 0 
7f85c99cc000-7f85c99f3000 r-xp 00000000 08:01 11616612                   /usr/lib64/libnssdbm3.so.12
7f85c99f3000-7f85c9bf2000 ---p 00027000 08:01 11616612                   /usr/lib64/libnssdbm3.so.12
7f85c9bf2000-7f85c9bf3000 r--p 00026000 08:01 11616612                   /usr/lib64/libnssdbm3.so.12
7f85c9bf3000-7f85c9bf4000 rw-p 00027000 08:01 11616612                   /usr/lib64/libnssdbm3.so.12
7f85c9bf4000-7f85c9c7e000 r-xp 00000000 08:01 11165910                   /usr/lib64/libsqlite3.so.0.8.6
7f85c9c7e000-7f85c9e7e000 ---p 0008a000 08:01 11165910                   /usr/lib64/libsqlite3.so.0.8.6
7f85c9e7e000-7f85c9e7f000 r--p 0008a000 08:01 11165910                   /usr/lib64/libsqlite3.so.0.8.6
7f85c9e7f000-7f85c9e81000 rw-p 0008b000 08:01 11165910                   /usr/lib64/libsqlite3.so.0.8.6
7f85c9e81000-7f85c9ebe000 r-xp 00000000 08:01 11616729                   /usr/lib64/libsoftokn3.so.12
7f85c9ebe000-7f85ca0bd000 ---p 0003d000 08:01 11616729                   /usr/lib64/libsoftokn3.so.12
7f85ca0bd000-7f85ca0bf000 r--p 0003c000 08:01 11616729                   /usr/lib64/libsoftokn3.so.12
7f85ca0bf000-7f85ca0c0000 rw-p 0003e000 08:01 11616729                   /usr/lib64/libsoftokn3.so.12
7f85ca0c0000-7f85ca0da000 r-xp 00000000 08:01 11616609                   /usr/lib64/libnssutil3.so.12
7f85ca0da000-7f85ca2d9000 ---p 0001a000 08:01 11616609                   /usr/lib64/libnssutil3.so.12
7f85ca2d9000-7f85ca2de000 r--p 00019000 08:01 11616609                   /usr/lib64/libnssutil3.so.12
7f85ca2de000-7f85ca2df000 rw-p 0001e000 08:01 11616609                   /usr/lib64/libnssutil3.so.12
7f85ca2df000-7f85ca412000 r-xp 00000000 08:01 11616607                   /usr/lib64/libnss3.so.12
7f85ca412000-7f85ca611000 ---p 00133000 08:01 11616607                   /usr/lib64/libnss3.so.12
7f85ca611000-7f85ca616000 r--p 00132000 08:01 11616607                   /usr/lib64/libnss3.so.12
7f85ca616000-7f85ca618000 rw-p 00137000 08:01 11616607                   /usr/lib64/libnss3.so.12
7f85ca618000-7f85ca61a000 rw-p 00000000 00:00 0 
7f85ca61a000-7f85ca642000 r-xp 00000000 08:01 11616614                   /usr/lib64/libsmime3.so.12
7f85ca642000-7f85ca842000 ---p 00028000 08:01 11616614                   /usr/lib64/libsmime3.so.12
7f85ca842000-7f85ca845000 r--p 00028000 08:01 11616614                   /usr/lib64/libsmime3.so.12
7f85ca845000-7f85ca846000 rw-p 0002b000 08:01 11616614                   /usr/lib64/libsmime3.so.12
7f85ca846000-7f85ca87b000 r-xp 00000000 08:01 11616613                   /usr/lib64/libssl3.so.12
7f85ca87b000-7f85caa7a000 ---p 00035000 08:01 11616613                   /usr/lib64/libssl3.so.12
7f85caa7a000-7f85caa7c000 r--p 00034000 08:01 11616613                   /usr/lib64/libssl3.so.12
7f85caa7c000-7f85caa7d000 rw-p 00036000 08:01 11616613                   /usr/lib64/libssl3.so.12
7f85caa7d000-7f85caa7e000 rw-p 00000000 00:00 0 
7f85caa7e000-7f85caaf5000 r-xp 00000000 08:01 11576380                   /usr/lib64/mozilla-thunderbird/components/libpipnss.so
7f85caaf5000-7f85cacf5000 ---p 00077000 08:01 11576380                   /usr/lib64/mozilla-thunderbird/components/libpipnss.so
7f85cacf5000-7f85cacfd000 r--p 00077000 08:01 11576380                   /usr/lib64/mozilla-thunderbird/components/libpipnss.so
7f85cacfd000-7f85cad00000 rw-p 0007f000 08:01 11576380                   /usr/lib64/mozilla-thunderbird/components/libpipnss.so
7f85cad00000-7f85cae00000 rw-p 00000000 00:00 0 
7f85caf00000-7f85cb000000 rw-p 00000000 00:00 0 
7f85cb0c3000-7f85cb0fb000 r-xp 00000000 08:01 11576214                   /usr/lib64/mozilla-thunderbird/components/libmork.so
7f85cb0fb000-7f85cb2fb000 ---p 00038000 08:01 11576214                   /usr/lib64/mozilla-thunderbird/components/libmork.so
7f85cb2fb000-7f85cb2ff000 r--p 00038000 08:01 11576214                   /usr/lib64/mozilla-thunderbird/components/libmork.so
7f85cb2ff000-7f85cb300000 rw-p 0003c000 08:01 11576214                   /usr/lib64/mozilla-thunderbird/components/libmork.so
7f85cb300000-7f85cb400000 rw-p 00000000 00:00 0 
7f85cb500000-7f85cb600000 rw-p 00000000 00:00 0 
7f85cb6f2000-7f85cb6fe000 r-xp 00000000 08:01 11576275                   /usr/lib64/mozilla-thunderbird/components/libsatchel.so
7f85cb6fe000-7f85cb8fe000 ---p 0000c000 08:01 11576275                   /usr/lib64/mozilla-thunderbird/components/libsatchel.so
7f85cb8fe000-7f85cb8ff000 r--p 0000c000 08:01 11576275                   /usr/lib64/mozilla-thunderbird/components/libsatchel.so/usr/lib64/mozilla-thunderbird/run-mozilla.sh: line 131: 10871 Aborted                 "$prog" ${1+"$@"}
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2010-06-20 18:57:59 UTC
Portage 2.2_rc67 (default/linux/amd64/10.0/desktop, gcc-4.5.0-asneeded, glibc-2.11.2-r0, 2.6.34 x86_64)
=================================================================
System uname: Linux-2.6.34-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q8200_@_2.33GHz-with-gentoo-2.0.1
Timestamp of tree: Unknown
app-shells/bash:     4.1_p7
dev-java/java-config: 2.1.11
dev-lang/python:     2.6.5-r2
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.4_p6-r1, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.5.0
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
virtual/os-headers:  2.6.34
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -msse4.1 -O2 -pipe -Wimplicit-function-declaration"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=core2 -msse4.1 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y"
FEATURES="assume-digests collision-protect cvs distlocks fixpackages multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
LINGUAS="en"
MAKEOPTS="-j9"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/home/ssuominen/gentoo-x86"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
Comment 2 Tomasz Golinski 2010-06-21 17:56:19 UTC
I have the same problem. Also gcc 4.5.0

*** buffer overflow detected ***: /usr/lib64/mozilla-thunderbird/thunderbird-bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fb804ee9a17]
/lib/libc.so.6(+0xe4830)[0x7fb804ee7830]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1dfc7)[0x7fb7fd3a7fc7]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1e651)[0x7fb7fd3a8651]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1e7af)[0x7fb7fd3a87af]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x1e9f9)[0x7fb7fd3a89f9]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0xf4a6)[0x7fb7fd3994a6]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0x727b)[0x7fb7fd39127b]
/usr/lib64/mozilla-thunderbird/components/libcomposer.so(+0xd744)[0x7fb7e54f6744]
/usr/lib64/mozilla-thunderbird/components/libcomposer.so(+0xe375)[0x7fb7e54f7375]
/usr/lib64/mozilla-thunderbird/components/libspellchecker.so(+0xb50f)[0x7fb7fd39550f]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x582c85)[0x7fb7f4ed4c85]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(NS_InvokeByIndex_P+0x249)[0x7fb8051d7c41]
/usr/lib64/mozilla-thunderbird/components/libxpconnect.so(+0x416c0)[0x7fb7fb50f6c0]
/usr/lib64/mozilla-thunderbird/components/libxpconnect.so(+0x475b7)[0x7fb7fb5155b7]
/usr/lib64/mozilla-thunderbird/libmozjs.so(js_Invoke+0x43e)[0x7fb8047085de]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x68ed0)[0x7fb8046faed0]
/usr/lib64/mozilla-thunderbird/libmozjs.so(js_Invoke+0x935)[0x7fb804708ad5]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x771d6)[0x7fb8047091d6]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x877a8)[0x7fb8047197a8]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x87fe3)[0x7fb804719fe3]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x68130)[0x7fb8046fa130]
/usr/lib64/mozilla-thunderbird/libmozjs.so(js_Invoke+0x935)[0x7fb804708ad5]
/usr/lib64/mozilla-thunderbird/libmozjs.so(+0x7708c)[0x7fb80470908c]
/usr/lib64/mozilla-thunderbird/libmozjs.so(JS_CallFunctionValue+0x1a)[0x7fb8046b41fa]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x51bcf2)[0x7fb7f4e6dcf2]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x52e217)[0x7fb7f4e80217]
/usr/lib64/mozilla-thunderbird/components/libgklayout.so(+0x52e4ba)[0x7fb7f4e804ba]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(+0x6da0b)[0x7fb8051cfa0b]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(+0x6dbbe)[0x7fb8051cfbbe]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(+0x6b53a)[0x7fb8051cd53a]
/usr/lib64/mozilla-thunderbird/libxpcom_core.so(_Z21NS_ProcessNextEvent_PP9nsIThreadi+0x2b)[0x7fb8051a218b]
/usr/lib64/mozilla-thunderbird/components/libwidget_gtk2.so(+0x429e1)[0x7fb7fa29a9e1]
/usr/lib64/mozilla-thunderbird/components/libtoolkitcomps.so(+0x8bea)[0x7fb7f8984bea]
/usr/lib64/mozilla-thunderbird/libxul.so(XRE_main+0x2c6d)[0x7fb80543d60b]
/usr/lib64/mozilla-thunderbird/thunderbird-bin[0x401bc0]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fb804e21b6d]
/usr/lib64/mozilla-thunderbird/thunderbird-bin[0x401989]
======= Memory map: ========
00400000-0040d000 r-xp 00000000 08:01 963253                             /usr/lib64/mozilla-thunderbird/thunderbird-bin
0060c000-0060d000 r--p 0000c000 08:01 963253                             /usr/lib64/mozilla-thunderbird/thunderbird-bin
0060d000-0060e000 rw-p 0000d000 08:01 963253                             /usr/lib64/mozilla-thunderbird/thunderbird-bin
0060e000-0060f000 rw-p 00000000 00:00 0 
7fb7e5300000-7fb7e5400000 rw-p 00000000 00:00 0 
7fb7e54e9000-7fb7e54fd000 r-xp 00000000 08:01 1161896                    /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7fb7e54fd000-7fb7e56fd000 ---p 00014000 08:01 1161896                    /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7fb7e56fd000-7fb7e56ff000 r--p 00014000 08:01 1161896                    /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7fb7e56ff000-7fb7e5700000 rw-p 00016000 08:01 1161896                    /usr/lib64/mozilla-thunderbird/components/libcomposer.so
7fb7e5700000-7fb7e5800000 rw-p 00000000 00:00 0 
7fb7e58ff000-7fb7e5900000 ---p 00000000 00:00 0 
7fb7e5900000-7fb7e6200000 rw-p 00000000 00:00 0 
7fb7e6300000-7fb7e6400000 rw-p 00000000 00:00 0 
7fb7e64d1000-7fb7e64fe000 r-xp 00000000 08:01 1161995                    /usr/lib64/mozilla-thunderbird/components/libgkplugin.so
7fb7e64fe000-7fb7e66fd000 ---p 0002d000 08:01 1161995                    /usr/lib64/mozilla-thunderbird/components/libgkplugin.so
7fb7e66fd000-7fb7e66ff000 r--p 0002c000 08:01 1161995                    /usr/lib64/mozilla-thunderbird/components/libgkplugin.so
7fb7e66ff000-7fb7e6700000 rw-p 0002e000 08:01 1161995                    /usr/lib64/mozilla-thunderbird/components/libgkplugin.so
7fb7e6700000-7fb7e6800000 rw-p 00000000 00:00 0 
7fb7e6900000-7fb7e6a00000 rw-p 00000000 00:00 0 
7fb7e6b00000-7fb7e6c00000 rw-p 00000000 00:00 0 
7fb7e6cfe000-7fb7e6cff000 ---p 00000000 00:00 0 
7fb7e6cff000-7fb7e74ff000 rw-p 00000000 00:00 0 
7fb7e74ff000-7fb7e7500000 ---p 00000000 00:00 0 
7fb7e7500000-7fb7e7e00000 rw-p 00000000 00:00 0 
7fb7e7f00000-7fb7e8000000 rw-p 00000000 00:00 0 
7fb7e80cd000-7fb7e80ce000 ---p 00000000 00:00 0 
7fb7e80ce000-7fb7e88ce000 rw-p 00000000 00:00 0 
7fb7e88ce000-7fb7e88cf000 ---p 00000000 00:00 0 
7fb7e88cf000-7fb7e90cf000 rw-p 00000000 00:00 0 
7fb7e90cf000-7fb7e90d4000 r-xp 00000000 08:01 1224596                    /lib64/libnss_dns-2.11.2.so
7fb7e90d4000-7fb7e92d3000 ---p 00005000 08:01 1224596                    /lib64/libnss_dns-2.11.2.so
7fb7e92d3000-7fb7e92d4000 r--p 00004000 08:01 1224596                    /lib64/libnss_dns-2.11.2.so
7fb7e92d4000-7fb7e92d5000 rw-p 00005000 08:01 1224596                    /lib64/libnss_dns-2.11.2.so
7fb7e92d5000-7fb7e92d6000 ---p 00000000 00:00 0 
7fb7e92d6000-7fb7e9ad6000 rw-p 00000000 00:00 0 
7fb7e9ad6000-7fb7e9ada000 r-xp 00000000 08:01 1162001                    /usr/lib64/mozilla-thunderbird/components/libunixproxy.so
7fb7e9ada000-7fb7e9cd9000 ---p 00004000 08:01 1162001                    /usr/lib64/mozilla-thunderbird/components/libunixproxy.so
7fb7e9cd9000-7fb7e9cda000 r--p 00003000 08:01 1162001                    /usr/lib64/mozilla-thunderbird/components/libunixproxy.so
7fb7e9cda000-7fb7e9cdb000 rw-p 00004000 08:01 1162001                    /usr/lib64/mozilla-thunderbird/components/libunixproxy.so
7fb7e9cdb000-7fb7e9cfe000 r-xp 00000000 08:01 1162528                    /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7fb7e9cfe000-7fb7e9efe000 ---p 00023000 08:01 1162528                    /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7fb7e9efe000-7fb7e9eff000 r--p 00023000 08:01 1162528                    /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7fb7e9eff000-7fb7e9f00000 rw-p 00024000 08:01 1162528                    /usr/lib64/mozilla-thunderbird/components/libmailcomps.so
7fb7e9f00000-7fb7ea000000 rw-p 00000000 00:00 0 
7fb7ea100000-7fb7ea200000 rw-p 00000000 00:00 0 
7fb7ea300000-7fb7ea400000 rw-p 00000000 00:00 0 
7fb7ea500000-7fb7ea600000 rw-p 00000000 00:00 0 
7fb7ea700000-7fb7ea800000 rw-p 00000000 00:00 0 
7fb7ea85b000-7fb7ea85d000 r-xp 00000000 08:01 870969                     /usr/lib64/libXinerama.so.1.0.0
7fb7ea85d000-7fb7eaa5c000 ---p 00002000 08:01 870969                     /usr/lib64/libXinerama.so.1.0.0
7fb7eaa5c000-7fb7eaa5d000 r--p 00001000 08:01 870969                     /usr/lib64/libXinerama.so.1.0.0
7fb7eaa5d000-7fb7eaa5e000 rw-p 00002000 08:01 870969                     /usr/lib64/libXinerama.so.1.0.0
7fb7eaa5e000-7fb7eaa65000 r-xp 00000000 08:01 1161853                    /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7fb7eaa65000-7fb7eac64000 ---p 00007000 08:01 1161853                    /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7fb7eac64000-7fb7eac65000 r--p 00006000 08:01 1161853                    /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7fb7eac65000-7fb7eac66000 rw-p 00007000 08:01 1161853                    /usr/lib64/mozilla-thunderbird/components/libmsgsmime.so
7fb7eac66000-7fb7eacd3000 r-xp 00000000 08:01 869710                     /usr/lib64/libnssckbi.so.12
7fb7eacd3000-7fb7eaed3000 ---p 0006d000 08:01 869710                     /usr/lib64/libnssckbi.so.12
7fb7eaed3000-7fb7eaee4000 r--p 0006d000 08:01 869710                     /usr/lib64/libnssckbi.so.12
7fb7eaee4000-7fb7eaeee000 rw-p 0007e000 08:01 869710                     /usr/lib64/libnssckbi.so.12
7fb7eaeee000-7fb7eaf50000 r-xp 00000000 08:01 869691                     /usr/lib64/libfreebl3.so.12
7fb7eaf50000-7fb7eb150000 ---p 00062000 08:01 869691                     /usr/lib64/libfreebl3.so.12
7fb7eb150000-7fb7eb151000 r--p 00062000 08:01 869691                     /usr/lib64/libfreebl3.so.12
7fb7eb151000-7fb7eb152000 rw-p 00063000 08:01 869691                     /usr/lib64/libfreebl3.so.12
7fb7eb152000-7fb7eb156000 rw-p 00000000 00:00 0 
7fb7eb156000-7fb7eb17e000 r-xp 00000000 08:01 869390                     /usr/lib64/libnssdbm3.so.12
7fb7eb17e000-7fb7eb37e000 ---p 00028000 08:01 869390                     /usr/lib64/libnssdbm3.so.12
7fb7eb37e000-7fb7eb37f000 r--p 00028000 08:01 869390                     /usr/lib64/libnssdbm3.so.12
7fb7eb37f000-7fb7eb380000 rw-p 00029000 08:01 869390                     /usr/lib64/libnssdbm3.so.12
7fb7eb380000-7fb7eb3be000 r-xp 00000000 08:01 869403                     /usr/lib64/libsoftokn3.so.12
7fb7eb3be000-7fb7eb5bd000 ---p 0003e000 08:01 869403                     /usr/lib64/libsoftokn3.so.12
7fb7eb5bd000-7fb7eb5bf000 r--p 0003d000 08:01 869403                     /usr/lib64/libsoftokn3.so.12
7fb7eb5bf000-7fb7eb5c0000 rw-p 0003f000 08:01 869403                     /usr/lib64/libsoftokn3.so.12
7fb7eb5c0000-7fb7eb5db000 r-xp 00000000 08:01 869707                     /usr/lib64/libnssutil3.so.12
7fb7eb5db000-7fb7eb7da000 ---p 0001b000 08:01 869707                     /usr/lib64/libnssutil3.so.12
7fb7eb7da000-7fb7eb7df000 r--p 0001a000 08:01 869707                     /usr/lib64/libnssutil3.so.12
7fb7eb7df000-7fb7eb7e0000 rw-p 0001f000 08:01 869707                     /usr/lib64/libnssutil3.so.12
7fb7eb7e0000-7fb7eb90c000 r-xp 00000000 08:01 869708                     /usr/lib64/libnss3.so.12
7fb7eb90c000-7fb7ebb0b000 ---p 0012c000 08:01 869708                     /usr/lib64/libnss3.so.12
7fb7ebb0b000-7fb7ebb10000 r--p 0012b000 08:01 869708                     /usr/lib64/libnss3.so.12
7fb7ebb10000-7fb7ebb12000 rw-p 00130000 08:01 869708                     /usr/lib64/libnss3.so.12
7fb7ebb12000-7fb7ebb14000 rw-p 00000000 00:00 0 
7fb7ebb14000-7fb7ebb3e000 r-xp 00000000 08:01 869701                     /usr/lib64/libsmime3.so.12
7fb7ebb3e000-7fb7ebd3e000 ---p 0002a000 08:01 869701                     /usr/lib64/libsmime3.so.12
7fb7ebd3e000-7fb7ebd41000 r--p 0002a000 08:01 869701                     /usr/lib64/libsmime3.so.12
7fb7ebd41000-7fb7ebd42000 rw-p 0002d000 08:01 869701                     /usr/lib64/libsmime3.so.12
7fb7ebd42000-7fb7ebd78000 r-xp 00000000 08:01 869694                     /usr/lib64/libssl3.so.12
7fb7ebd78000-7fb7ebf78000 ---p 00036000 08:01 869694                     /usr/lib64/libssl3.so.12
7fb7ebf78000-7fb7ebf7a000 r--p 00036000 08:01 869694                     /usr/lib64/libssl3.so.12
7fb7ebf7a000-7fb7ebf7b000 rw-p 00038000 08:01 869694                     /usr/lib64/libssl3.so.12/usr/lib64/mozilla-thunderbird/run-mozilla.sh: line 131: 30129 Aborted                 "$prog" ${1+"$@"}


Portage 2.1.8.3 (default/linux/amd64/10.0/desktop, gcc-4.5.0, glibc-2.11.2-r0, 2.6.33-ck-r1 x86_64)
=================================================================
System uname: Linux-2.6.33-ck-r1-x86_64-AMD_Athlon-tm-_II_X3_425_Processor-with-gentoo-2.0.1
Timestamp of tree: Sun, 20 Jun 2010 08:30:22 +0000
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.5-r2, 3.1.2-r3
dev-util/cmake:      2.6.4-r3
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4, 4.5.0
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/init.d /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/xdg"
CXXFLAGS="-O2 -march=native -pipe"
DISTDIR="/mnt/lupus/gentoo/distfiles"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LANG="pl_PL"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/mnt/lupus/gentoo/build"
PORTDIR="/mnt/lupus/gentoo/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/kde-sunset /usr/portage/local/layman/sunrise /mnt/lupus/gentoo/portage/local"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acl acpi alsa amd64 branding bzip2 cairo cdr cli consolekit cracklib crypt cxx dbus dri dts dvd dvdr emboss encode exif fam firefox flac fortran gif gpm gtk gtk2 hal iconv jpeg kpathsea lame lcms lirc mad mikmod mmx mmxext mng modules mp3 mp4 mpeg mudflap multilib musepack mysql ncurses nls nptl nptlonly nvidia offensive ogg opengl openmp pam pango pcre pdf perl png postscript ppds pppd python qt3support qt4 readline reflection sdl session smp spell spl sse sse2 sse3 sse4a ssl ssse3 svg sysfs system-sqlite tcpd tetex threads tiff truetype truetype-fonts unicode usb userlocales vdpau vorbis x264 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="intel8x0 emu10k1 virtuoso" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="serial" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia s3 vesa vga radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2010-06-21 18:01:18 UTC
Tomasz, or anyone else stumbling into this bug:

You can test `CFLAGS="-U_FORTIFY_SOURCE" emerge thunderbird` (or CXXFLAGS or CPPFLAGS, long as you see it being used in the build, i'm not sure what thunderbird is exactly using). That should disable the level 2 it's failing on.

If that doesn't work, you can always downgrade to 3.0.5 (that works even with gcc-4.5 compiled)

Or you can compile thunderbird with gcc-4.4.x if you still have it installed
Comment 4 niogic 2010-06-23 15:00:32 UTC
Same problem here. x86 system and gcc-4.5.0
This is a duplicate of #256668
But it was closed cantfix because its summary referred to the overlay ebuild.

Trying with CFLAGS.
Comment 5 niogic 2010-06-23 15:11:57 UTC
> 
> Trying with CFLAGS.
> 
You need
CXXFLAGS="-U_FORTIFY_SOURCE" emerge -1 thunderbird
Comment 6 Jory A. Pratt gentoo-dev 2010-06-23 19:15:20 UTC
(In reply to comment #4)
> Same problem here. x86 system and gcc-4.5.0
> This is a duplicate of #256668
> But it was closed cantfix because its summary referred to the overlay ebuild.
> 
> Trying with CFLAGS.
> 

Until gcc-4.5.0 is unmasked for arch testing I am not gonna concern mozilla team with this. The bug will remain open. If someone decides they want to help resolve the issue please get a strace -f and email to mozilla alias for review.
Comment 7 Harald van Dijk (RETIRED) gentoo-dev 2010-06-24 21:23:33 UTC
Created attachment 236443 [details, diff]
hunspell-buffer.patch

thunderbird is basically doing

struct s {
  int x;
  char data;
} *p = (struct s *) malloc (sizeof(struct s) + 3);
strcpy(&p->data, "!!!");

which isn't a security risk when done intentionally as it is here, but is neither valid C nor C++ and is rightly blocked. However, since it is valid to access a random block of memory as an array of char, provided you start from a pointer to that whole block, attached patch should fix this. Compiling takes a long time so it is currently untested.
Comment 8 Harald van Dijk (RETIRED) gentoo-dev 2010-06-24 21:26:29 UTC
Sorry, that patch has a bogus &. (char *) &h should be (char *) h.
Comment 9 Harald van Dijk (RETIRED) gentoo-dev 2010-06-24 22:37:26 UTC
Created attachment 236453 [details, diff]
hunspell-buffer.patch

It was also missing the #include for offsetof. Now compiled and installed, and the Write button doesn't cause a crash anymore.
Comment 10 Samuli Suominen (RETIRED) gentoo-dev 2010-06-26 13:13:24 UTC
(In reply to comment #9)
> Created an attachment (id=236453) [details]
> hunspell-buffer.patch
> 
> It was also missing the #include for offsetof. Now compiled and installed, and
> the Write button doesn't cause a crash anymore.
> 

I've tested this against 3.1 final, still applies cleanly and solves the issue, thanks!
Comment 11 Samuli Suominen (RETIRED) gentoo-dev 2010-06-26 15:32:54 UTC
Fixed without revision bump because gcc-4.5 is still p.masked.

+  26 Jun 2010; Samuli Suominen <ssuominen@gentoo.org>
+  thunderbird-3.1.ebuild, +files/thunderbird-3.1-gcc45.patch:
+  Fix buffer overflow with GCC 4.5 and _U_FORTIFY_SOURCE=2 wrt #324863 by
+  Harald van Dijk.
Comment 12 Harald van Dijk (RETIRED) gentoo-dev 2010-07-07 05:57:22 UTC
Created attachment 237839 [details, diff]
hunspell-buffer.patch

Now with a nice Signed-off-by line (and -U corrected to -D in the description) so that Jory can take it upstream :)
Comment 13 Jory A. Pratt gentoo-dev 2010-07-22 13:45:33 UTC
reopened for my benefit only.
Comment 14 Jory A. Pratt gentoo-dev 2010-08-01 17:14:24 UTC
We have it upstream now, will get it landed on trunk for next release.
Comment 15 Jory A. Pratt gentoo-dev 2010-08-02 16:11:59 UTC
Reopening bug has resurfaced.
Comment 16 Jory A. Pratt gentoo-dev 2010-08-02 16:30:35 UTC
Once again I am closing thanks to ssuominen for the help we discovered the patch was not being applied, this was caused when I moved everything to the patchset and forgot to rename from diff to patch.