Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 336606 - net-fs/coda _FORTIFY_SOURCE indicates presence of overflow
Summary: net-fs/coda _FORTIFY_SOURCE indicates presence of overflow
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Network Filesystems
URL:
Whiteboard: Pending Removal: 2012-04-24
Keywords: PMASKED
: 336861 (view as bug list)
Depends on:
Blocks: fortify-source
  Show dependency tree
 
Reported: 2010-09-09 14:47 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2012-04-23 18:28 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (coda-6.9.5:20100908-182651.log,415.50 KB, text/plain)
2010-09-09 14:47 UTC, Diego Elio Pettenò (RETIRED)
Details
coda-6.9.5_volutil-fix-strncyp-fail.patch (coda-6.9.5_volutil-fix-strncyp-fail.patch,891 bytes, patch)
2010-09-11 21:44 UTC, Radoslaw Szkodzinski
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-09-09 14:47:20 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-09-09 14:47:44 UTC
Created attachment 246605 [details]
Build log
Comment 2 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2010-09-11 20:38:05 UTC
*** Bug 336861 has been marked as a duplicate of this bug. ***
Comment 3 Radoslaw Szkodzinski 2010-09-11 21:44:16 UTC
Created attachment 246918 [details, diff]
coda-6.9.5_volutil-fix-strncyp-fail.patch

This patch fixes the specific QA issue. The whole package could use a bit more of QA touch regardless.
Don't forget to send it upstream.
Comment 4 Radoslaw Szkodzinski 2010-09-12 15:16:24 UTC
We have a bunch of more pressing issues in the whole of coda setup it seems.
After fixing the overflow, I get this while creating a filesystem with vice-setup:

*** longjmp causes uninitialized stack frame ***: /usr/sbin/rdsinit terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f49e49356b7]
/lib/libc.so.6(+0xe7a09)[0x7f49e4934a09]
/lib/libc.so.6(__longjmp_chk+0x33)[0x7f49e4934973]
/usr/lib/liblwp.so.2(+0x7be2)[0x7f49e4444be2]
/usr/lib/liblwp.so.2(lwp_swapcontext+0x34)[0x7f49e4444c24]
/usr/lib/liblwp.so.2(LWP_DispatchProcess+0x2fe)[0x7f49e4442b7e]
/usr/lib/liblwp.so.2(LWP_CreateProcess+0x6a4)[0x7f49e4443ca4]
/usr/lib/librvmlwp.so.1(+0xc6cc)[0x7f49e4bc06cc]
/usr/lib/librvmlwp.so.1(open_log+0x23d)[0x7f49e4bc19bd]
/usr/lib/librvmlwp.so.1(do_log_options+0xd5)[0x7f49e4bc1b75]
/usr/lib/librvmlwp.so.1(do_rvm_options+0x4a)[0x7f49e4bd18ea]
/usr/lib/librvmlwp.so.1(rvm_initialize+0x10b)[0x7f49e4bbac4b]
/usr/sbin/rdsinit(main+0x100)[0x7f49e5209870]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f49e486bd6d]
/usr/sbin/rdsinit(+0x12b9)[0x7f49e52092b9]
======= Memory map: ========
15000000-15008000 rw-p 15000000 00:00 0 
1500a000-15012000 rw-p 1500a000 00:00 0 
7f49e4226000-7f49e423c000 r-xp 00000000 03:01 1289788                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
7f49e423c000-7f49e443b000 ---p 00016000 03:01 1289788                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
7f49e443b000-7f49e443c000 r--p 00015000 03:01 1289788                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
7f49e443c000-7f49e443d000 rw-p 00016000 03:01 1289788                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
7f49e443d000-7f49e4447000 r-xp 00000000 03:01 1125569                    /usr/lib64/liblwp.so.2.0.9
7f49e4447000-7f49e4646000 ---p 0000a000 03:01 1125569                    /usr/lib64/liblwp.so.2.0.9
7f49e4646000-7f49e4647000 r--p 00009000 03:01 1125569                    /usr/lib64/liblwp.so.2.0.9
7f49e4647000-7f49e4648000 rw-p 0000a000 03:01 1125569                    /usr/lib64/liblwp.so.2.0.9
7f49e4648000-7f49e464a000 rw-p 7f49e4648000 00:00 0 
7f49e464a000-7f49e464c000 r-xp 00000000 03:01 1141956                    /usr/lib64/libseglwp.so.1.2.4
7f49e464c000-7f49e484b000 ---p 00002000 03:01 1141956                    /usr/lib64/libseglwp.so.1.2.4
7f49e484b000-7f49e484c000 r--p 00001000 03:01 1141956                    /usr/lib64/libseglwp.so.1.2.4
7f49e484c000-7f49e484d000 rw-p 00002000 03:01 1141956                    /usr/lib64/libseglwp.so.1.2.4
7f49e484d000-7f49e49aa000 r-xp 00000000 03:01 1352563                    /lib64/libc-2.12.1.so
7f49e49aa000-7f49e4baa000 ---p 0015d000 03:01 1352563                    /lib64/libc-2.12.1.so
7f49e4baa000-7f49e4bae000 r--p 0015d000 03:01 1352563                    /lib64/libc-2.12.1.so
7f49e4bae000-7f49e4baf000 rw-p 00161000 03:01 1352563                    /lib64/libc-2.12.1.so
7f49e4baf000-7f49e4bb4000 rw-p 7f49e4baf000 00:00 0 
7f49e4bb4000-7f49e4bdf000 r-xp 00000000 03:01 1141971                    /usr/lib64/librvmlwp.so.1.2.4
7f49e4bdf000-7f49e4ddf000 ---p 0002b000 03:01 1141971                    /usr/lib64/librvmlwp.so.1.2.4
7f49e4ddf000-7f49e4de0000 r--p 0002b000 03:01 1141971                    /usr/lib64/librvmlwp.so.1.2.4
7f49e4de0000-7f49e4de1000 rw-p 0002c000 03:01 1141971                    /usr/lib64/librvmlwp.so.1.2.4
7f49e4de1000-7f49e4de7000 r-xp 00000000 03:01 1141941                    /usr/lib64/librdslwp.so.1.2.4
7f49e4de7000-7f49e4fe6000 ---p 00006000 03:01 1141941                    /usr/lib64/librdslwp.so.1.2.4
7f49e4fe6000-7f49e4fe7000 r--p 00005000 03:01 1141941                    /usr/lib64/librdslwp.so.1.2.4
7f49e4fe7000-7f49e4fe8000 rw-p 00006000 03:01 1141941                    /usr/lib64/librdslwp.so.1.2.4
7f49e4fe8000-7f49e5006000 r-xp 00000000 03:01 1351767                    /lib64/ld-2.12.1.so
7f49e5192000-7f49e51f6000 rw-p 7f49e5192000 00:00 0 
7f49e5204000-7f49e5205000 rw-p 7f49e5204000 00:00 0 
7f49e5205000-7f49e5206000 r--p 0001d000 03:01 1351767                    /lib64/ld-2.12.1.so
7f49e5206000-7f49e5207000 rw-p 0001e000 03:01 1351767                    /lib64/ld-2.12.1.so
7f49e5207000-7f49e5208000 rw-p 7f49e5207000 00:00 0 
7f49e5208000-7f49e520c000 r-xp 00000000 03:01 1141952                    /usr/sbin/rdsinit
7f49e540b000-7f49e540c000 r--p 00003000 03:01 1141952                    /usr/sbin/rdsinit
7f49e540c000-7f49e540d000 rw-p 00004000 03:01 1141952                    /usr/sbin/rdsinit
7f49e672e000-7f49e674f000 rw-p 7f49e672e000 00:00 0                      [heap]
7fff6c60f000-7fff6c624000 rw-p 7ffffffe9000 00:00 0                      [stack]
7fff6c7ff000-7fff6c800000 r-xp 7fff6c7ff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/sbin/vice-setup-rvm: line 303: 29907 Aborted                 /usr/sbin/rdsinit -f $log $data $parms

The code is obviously a crock...
This problem is in sys-libs/lwp.
Comment 5 Kristian Kallenberg 2010-10-05 16:04:28 UTC
(In reply to comment #4)
> We have a bunch of more pressing issues in the whole of coda setup it seems.
> After fixing the overflow, I get this while creating a filesystem with
> vice-setup:
> 
> *** longjmp causes uninitialized stack frame ***: /usr/sbin/rdsinit terminated
> ======= Backtrace: =========
> /lib/libc.so.6(__fortify_fail+0x37)[0x7f49e49356b7]
> /lib/libc.so.6(+0xe7a09)[0x7f49e4934a09]
> /lib/libc.so.6(__longjmp_chk+0x33)[0x7f49e4934973]
> /usr/lib/liblwp.so.2(+0x7be2)[0x7f49e4444be2]
> /usr/lib/liblwp.so.2(lwp_swapcontext+0x34)[0x7f49e4444c24]
> /usr/lib/liblwp.so.2(LWP_DispatchProcess+0x2fe)[0x7f49e4442b7e]
> /usr/lib/liblwp.so.2(LWP_CreateProcess+0x6a4)[0x7f49e4443ca4]
> /usr/lib/librvmlwp.so.1(+0xc6cc)[0x7f49e4bc06cc]
> /usr/lib/librvmlwp.so.1(open_log+0x23d)[0x7f49e4bc19bd]
> /usr/lib/librvmlwp.so.1(do_log_options+0xd5)[0x7f49e4bc1b75]
> /usr/lib/librvmlwp.so.1(do_rvm_options+0x4a)[0x7f49e4bd18ea]
> /usr/lib/librvmlwp.so.1(rvm_initialize+0x10b)[0x7f49e4bbac4b]
> /usr/sbin/rdsinit(main+0x100)[0x7f49e5209870]
> /lib/libc.so.6(__libc_start_main+0xfd)[0x7f49e486bd6d]
> /usr/sbin/rdsinit(+0x12b9)[0x7f49e52092b9]
> ======= Memory map: ========
> 15000000-15008000 rw-p 15000000 00:00 0 
> 1500a000-15012000 rw-p 1500a000 00:00 0 
> 7f49e4226000-7f49e423c000 r-xp 00000000 03:01 1289788                   
> /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
> 7f49e423c000-7f49e443b000 ---p 00016000 03:01 1289788                   
> /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
> 7f49e443b000-7f49e443c000 r--p 00015000 03:01 1289788                   
> /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
> 7f49e443c000-7f49e443d000 rw-p 00016000 03:01 1289788                   
> /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgcc_s.so.1
> 7f49e443d000-7f49e4447000 r-xp 00000000 03:01 1125569                   
> /usr/lib64/liblwp.so.2.0.9
> 7f49e4447000-7f49e4646000 ---p 0000a000 03:01 1125569                   
> /usr/lib64/liblwp.so.2.0.9
> 7f49e4646000-7f49e4647000 r--p 00009000 03:01 1125569                   
> /usr/lib64/liblwp.so.2.0.9
> 7f49e4647000-7f49e4648000 rw-p 0000a000 03:01 1125569                   
> /usr/lib64/liblwp.so.2.0.9
> 7f49e4648000-7f49e464a000 rw-p 7f49e4648000 00:00 0 
> 7f49e464a000-7f49e464c000 r-xp 00000000 03:01 1141956                   
> /usr/lib64/libseglwp.so.1.2.4
> 7f49e464c000-7f49e484b000 ---p 00002000 03:01 1141956                   
> /usr/lib64/libseglwp.so.1.2.4
> 7f49e484b000-7f49e484c000 r--p 00001000 03:01 1141956                   
> /usr/lib64/libseglwp.so.1.2.4
> 7f49e484c000-7f49e484d000 rw-p 00002000 03:01 1141956                   
> /usr/lib64/libseglwp.so.1.2.4
> 7f49e484d000-7f49e49aa000 r-xp 00000000 03:01 1352563                   
> /lib64/libc-2.12.1.so
> 7f49e49aa000-7f49e4baa000 ---p 0015d000 03:01 1352563                   
> /lib64/libc-2.12.1.so
> 7f49e4baa000-7f49e4bae000 r--p 0015d000 03:01 1352563                   
> /lib64/libc-2.12.1.so
> 7f49e4bae000-7f49e4baf000 rw-p 00161000 03:01 1352563                   
> /lib64/libc-2.12.1.so
> 7f49e4baf000-7f49e4bb4000 rw-p 7f49e4baf000 00:00 0 
> 7f49e4bb4000-7f49e4bdf000 r-xp 00000000 03:01 1141971                   
> /usr/lib64/librvmlwp.so.1.2.4
> 7f49e4bdf000-7f49e4ddf000 ---p 0002b000 03:01 1141971                   
> /usr/lib64/librvmlwp.so.1.2.4
> 7f49e4ddf000-7f49e4de0000 r--p 0002b000 03:01 1141971                   
> /usr/lib64/librvmlwp.so.1.2.4
> 7f49e4de0000-7f49e4de1000 rw-p 0002c000 03:01 1141971                   
> /usr/lib64/librvmlwp.so.1.2.4
> 7f49e4de1000-7f49e4de7000 r-xp 00000000 03:01 1141941                   
> /usr/lib64/librdslwp.so.1.2.4
> 7f49e4de7000-7f49e4fe6000 ---p 00006000 03:01 1141941                   
> /usr/lib64/librdslwp.so.1.2.4
> 7f49e4fe6000-7f49e4fe7000 r--p 00005000 03:01 1141941                   
> /usr/lib64/librdslwp.so.1.2.4
> 7f49e4fe7000-7f49e4fe8000 rw-p 00006000 03:01 1141941                   
> /usr/lib64/librdslwp.so.1.2.4
> 7f49e4fe8000-7f49e5006000 r-xp 00000000 03:01 1351767                   
> /lib64/ld-2.12.1.so
> 7f49e5192000-7f49e51f6000 rw-p 7f49e5192000 00:00 0 
> 7f49e5204000-7f49e5205000 rw-p 7f49e5204000 00:00 0 
> 7f49e5205000-7f49e5206000 r--p 0001d000 03:01 1351767                   
> /lib64/ld-2.12.1.so
> 7f49e5206000-7f49e5207000 rw-p 0001e000 03:01 1351767                   
> /lib64/ld-2.12.1.so
> 7f49e5207000-7f49e5208000 rw-p 7f49e5207000 00:00 0 
> 7f49e5208000-7f49e520c000 r-xp 00000000 03:01 1141952                   
> /usr/sbin/rdsinit
> 7f49e540b000-7f49e540c000 r--p 00003000 03:01 1141952                   
> /usr/sbin/rdsinit
> 7f49e540c000-7f49e540d000 rw-p 00004000 03:01 1141952                   
> /usr/sbin/rdsinit
> 7f49e672e000-7f49e674f000 rw-p 7f49e672e000 00:00 0                      [heap]
> 7fff6c60f000-7fff6c624000 rw-p 7ffffffe9000 00:00 0                     
> [stack]
> 7fff6c7ff000-7fff6c800000 r-xp 7fff6c7ff000 00:00 0                      [vdso]
> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                 
> [vsyscall]
> /usr/sbin/vice-setup-rvm: line 303: 29907 Aborted                
> /usr/sbin/rdsinit -f $log $data $parms
> 
> The code is obviously a crock...
> This problem is in sys-libs/lwp.
> 

I tried to set -O0 and rebuild lpw. This way i got a bit further. I managed to complete the venus-setup script.

After this new problems arise
Comment 6 Pacho Ramos gentoo-dev 2012-03-19 11:44:48 UTC
Looks like this has no new release since 2009, has some opened bugs upstream for a long time and, after reading this, looks like have multiple problems. Maybe we should kill it :| (or try to find more co-maintainers for this)
Comment 7 Pacho Ramos gentoo-dev 2012-04-23 18:28:55 UTC
dropped