(re)starting /etc/init.d/alsasound leads to a crash. after a quick investigation I've found a problem code which is use unsafe sprintf(). attached patch would fix a problem. Reproducible: Always Steps to Reproduce: 1.execute `alsactl -I -f /var/lib/alsa/asound.state restore 0` 2. 3. Actual Results: root@gentop /home/zaufi # alsactl -I -f /var/lib/alsa/asound.state restore 0 *** buffer overflow detected ***: alsactl terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7f683c6a12e7] /lib64/libc.so.6(+0xfe3e0)[0x7f683c69f3e0] /lib64/libc.so.6(+0xfd869)[0x7f683c69e869] /lib64/libc.so.6(_IO_default_xsputn+0x89)[0x7f683c61af69] /lib64/libc.so.6(_IO_vfprintf+0x531)[0x7f683c5ea7e1] /lib64/libc.so.6(__vsprintf_chk+0x88)[0x7f683c69e8f8] /lib64/libc.so.6(__sprintf_chk+0x7d)[0x7f683c69e84d] alsactl[0x40bc34] alsactl[0x40b6ea] alsactl[0x406726] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f683c5c5c05] alsactl[0x406905] ======= Memory map: ======== 00400000-00417000 r-xp 00000000 00:0d 16999543 /usr/sbin/alsactl 00616000-00617000 r--p 00016000 00:0d 16999543 /usr/sbin/alsactl 00617000-00618000 rw-p 00017000 00:0d 16999543 /usr/sbin/alsactl 00618000-00619000 rw-p 00000000 00:00 0 01324000-01345000 rw-p 00000000 00:00 0 [heap] 7f683bf7f000-7f683bf94000 r-xp 00000000 00:0d 15321331 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/libgcc_s.so.1 7f683bf94000-7f683c193000 ---p 00015000 00:0d 15321331 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/libgcc_s.so.1 7f683c193000-7f683c194000 r--p 00014000 00:0d 15321331 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/libgcc_s.so.1 7f683c194000-7f683c195000 rw-p 00015000 00:0d 15321331 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/libgcc_s.so.1 7f683c195000-7f683c19c000 r-xp 00000000 00:0d 15337605 /lib64/librt-2.17.so 7f683c19c000-7f683c39b000 ---p 00007000 00:0d 15337605 /lib64/librt-2.17.so 7f683c39b000-7f683c39c000 r--p 00006000 00:0d 15337605 /lib64/librt-2.17.so 7f683c39c000-7f683c39d000 rw-p 00007000 00:0d 15337605 /lib64/librt-2.17.so 7f683c39d000-7f683c39f000 r-xp 00000000 00:0d 15337595 /lib64/libdl-2.17.so 7f683c39f000-7f683c59f000 ---p 00002000 00:0d 15337595 /lib64/libdl-2.17.so 7f683c59f000-7f683c5a0000 r--p 00002000 00:0d 15337595 /lib64/libdl-2.17.so 7f683c5a0000-7f683c5a1000 rw-p 00003000 00:0d 15337595 /lib64/libdl-2.17.so 7f683c5a1000-7f683c742000 r-xp 00000000 00:0d 15337617 /lib64/libc-2.17.so 7f683c742000-7f683c942000 ---p 001a1000 00:0d 15337617 /lib64/libc-2.17.so 7f683c942000-7f683c946000 r--p 001a1000 00:0d 15337617 /lib64/libc-2.17.so 7f683c946000-7f683c948000 rw-p 001a5000 00:0d 15337617 /lib64/libc-2.17.so 7f683c948000-7f683c94c000 rw-p 00000000 00:00 0 7f683c94c000-7f683c963000 r-xp 00000000 00:0d 15337599 /lib64/libpthread-2.17.so 7f683c963000-7f683cb63000 ---p 00017000 00:0d 15337599 /lib64/libpthread-2.17.so 7f683cb63000-7f683cb64000 r--p 00017000 00:0d 15337599 /lib64/libpthread-2.17.so 7f683cb64000-7f683cb65000 rw-p 00018000 00:0d 15337599 /lib64/libpthread-2.17.so 7f683cb65000-7f683cb69000 rw-p 00000000 00:00 0 7f683cb69000-7f683cc65000 r-xp 00000000 00:0d 15337594 /lib64/libm-2.17.so 7f683cc65000-7f683ce64000 ---p 000fc000 00:0d 15337594 /lib64/libm-2.17.so 7f683ce64000-7f683ce65000 r--p 000fb000 00:0d 15337594 /lib64/libm-2.17.so 7f683ce65000-7f683ce66000 rw-p 000fc000 00:0d 15337594 /lib64/libm-2.17.so 7f683ce66000-7f683cf44000 r-xp 00000000 00:0d 16999435 /usr/lib64/libasound.so.2.0.0 7f683cf44000-7f683d143000 ---p 000de000 00:0d 16999435 /usr/lib64/libasound.so.2.0.0 7f683d143000-7f683d149000 r--p 000dd000 00:0d 16999435 /usr/lib64/libasound.so.2.0.0 7f683d149000-7f683d14b000 rw-p 000e3000 00:0d 16999435 /usr/lib64/libasound.so.2.0.0 7f683d14b000-7f683d16d000 r-xp 00000000 00:0d 15337616 /lib64/ld-2.17.so 7f683d332000-7f683d337000 rw-p 00000000 00:00 0 7f683d36a000-7f683d36c000 rw-p 00000000 00:00 0 7f683d36c000-7f683d36d000 r--p 00021000 00:0d 15337616 /lib64/ld-2.17.so 7f683d36d000-7f683d36e000 rw-p 00022000 00:0d 15337616 /lib64/ld-2.17.so 7f683d36e000-7f683d36f000 rw-p 00000000 00:00 0 7fffdfc6d000-7fffdfc8f000 rw-p 00000000 00:00 0 [stack] 7fffdfd32000-7fffdfd33000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted Expected Results: successfull execution root@gentop /work # cave info Package Manager Information: Package Name paludis Package Version 1.2.0 Build Date 2013-03-26T04:57:34+0400 Built with CXX x86_64-pc-linux-gnu-g++ 4.7.2 Built with CXXFLAGS -march=native -O3 -pipe -ftree-vectorize -fmerge-all-constants -minline-stringops-dynamically -pedantic Built with LDFLAGS -Wl,-O1 -Wl,--sort-common -Wl,--as-needed Environment Information: Format paludis Config dir /etc/paludis Root / System Root / World file /var/lib/portage/world Repository gentoo: format e location /usr/portage builddir /storage/tmp/paludis cache /usr/portage/metadata/md5-cache distdir /storage/soft/gentoo/distfiles eapi_when_unknown 0 eapi_when_unspecified 0 eclassdirs /usr/portage/eclass layout traditional manifest_hashes SHA256 SHA512 WHIRLPOOL names_cache /var/cache/paludis/names newsdir /usr/portage/metadata/news profile_eapi_when_unspecified 0 profile_layout traditional profiles /usr/portage/profiles/default/linux/amd64/10.0/desktop securitydir /usr/portage/metadata/glsa setsdir /usr/portage/sets sync rsync://rsync.gentoo.org/gentoo-portage sync_options thin_manifests false use_manifest use write_cache /usr/portage/metadata/cache Package information app-shells/bash 4.2_p45 dev-java/java-config 2.1.12-r1 dev-lang/python 2.7.4 3.2.4 dev-util/ccache 3.1.9 dev-util/cmake 2.8.11_rc3 dev-util/pkgconfig 0.28 sys-apps/baselayout 2.2 sys-apps/openrc 0.11.8 sys-apps/sandbox 2.6-r1 sys-devel/autoconf 2.13 2.69 sys-devel/automake 1.11.6 1.12.6 1.13.1 1.9.6-r3 sys-devel/binutils 2.23.1 sys-devel/gcc 4.7.2-r1 4.8.0 sys-devel/gcc-config 1.8 sys-devel/libtool 2.4.2 sys-devel/make 3.82-r4 sys-freebsd/freebsd-lib (none) sys-kernel/linux-headers 3.8 sys-libs/glibc 2.17 sys-libs/uclibc (none)
Created attachment 347200 [details, diff] reserve enough space for sprintf() quick hack is to reserve enough space for sprintf() w/ amount reported by printing the value of std::numeric_limits<long>::digits10 from a sample C++ program on my machine. but better solution would be use snprintf() instead.
*** This bug has been marked as a duplicate of bug 468160 ***