After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 452604 - Fedora 7 - buffer overflow detected
Fedora 7 - buffer overflow detected
Status: RESOLVED FIXED
Product: beast
Classification: Other
Component: beast-gtk
v0.7.x
Other All
: Normal blocker
: ---
Assigned To: Beast Maintainers
Beast Maintainers
: 421851 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2007-06-30 17:07 UTC by Martin01
Modified: 2007-07-02 12:03 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Martin01 2007-06-30 17:07:54 UTC 
Please describe the problem:
buffer overflow detected

Steps to reproduce:
1. start the program beast, the crash occurs immediately


Actual results:


Expected results:


Does this happen every time?
yes

Other information:
hi,

i have tried to compile beast-0.7.1 on Fedora 7, that works
with the beast-guile.patch.
But when i start beast, a "buffer overflow" stop the program.

this is the output from gdb
(gdb) r
Starting program: /usr/bin/beast 
*** buffer overflow detected ***: /usr/bin/beast terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x7b0ce1]
/lib/libc.so.6[0x7b01a7]
/usr/bin/beast[0x8048bd8]
/usr/bin/beast[0x8048908]
/lib/libc.so.6(__libc_start_main+0xe0)[0x6e1f70]
/usr/bin/beast[0x8048631]
======= Memory map: ========
004af000-004b0000 r-xp 004af000 00:00 0          [vdso]
006a9000-006c4000 r-xp 00000000 08:01 24182793   /lib/ld-2.6.so
006c4000-006c5000 r-xp 0001a000 08:01 24182793   /lib/ld-2.6.so
006c5000-006c6000 rwxp 0001b000 08:01 24182793   /lib/ld-2.6.so
006cc000-0081a000 r-xp 00000000 08:01 24182795   /lib/libc-2.6.so
0081a000-0081c000 r-xp 0014e000 08:01 24182795   /lib/libc-2.6.so
0081c000-0081d000 rwxp 00150000 08:01 24182795   /lib/libc-2.6.so
0081d000-00820000 rwxp 0081d000 00:00 0 
00ae4000-00aef000 r-xp 00000000 08:01
24182818   /lib/libgcc_s-4.1.2-20070503.so.1
00aef000-00af0000 rwxp 0000a000 08:01
24182818   /lib/libgcc_s-4.1.2-20070503.so.1
08048000-08049000 r-xp 00000000 08:01 77040893   /usr/bin/beast
08049000-0804a000 rw-p 00000000 08:01 77040893   /usr/bin/beast
090bc000-090dd000 rw-p 090bc000 00:00 0 
b7f66000-b7f68000 rw-p b7f66000 00:00 0 
bfa4f000-bfa65000 rw-p bfa4f000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0x004af402 in __kernel_vsyscall ()
(gdb) bt

+ Trace 144894

  • #0 __kernel_vsyscall
  • #1 raise
    from /lib/libc.so.6
  • #2 abort
    from /lib/libc.so.6
  • #3 __libc_message
    from /lib/libc.so.6
  • #4 __chk_fail
    from /lib/libc.so.6
  • #5 __strcat_chk
    from /lib/libc.so.6
  • #6 custom_find_executable
    at beaststart.c line 43
  • #7 main
    at suidmain.c line 131 






Comment 1


Tim Janik





          2007-06-30 22:03:26 UTC
        



(In reply to comment #0)
> #6  0x08048bd8 in custom_find_executable (argc_p=0xbfa618a0,
> argv_p=0xbfa618a4) at beaststart.c:43
> #7  0x08048908 in main (argc=Cannot access memory at address 0x6
> ) at suidmain.c:131

thanks a lot for the report, fixed in svn:

diff -Nup .svn/text-base/beaststart.c.svn-base /tmp/svndiff.tmp
--- beaststart.c	(revision 4349)
+++ beaststart.c	(working copy)
@@ -28,7 +28,7 @@ custom_find_executable (int    *argc_p,
   const char *bindir = BINDIR;
   const char *name = "beast";
   const char *version = BIN_VERSION;
-  int l = strlen (bindir) + 1 + strlen (name) + 1 + strlen (version);
+  int l = 1 + strlen (bindir) + 1 + strlen (name) + 1 + strlen (version);
   char *string = malloc (l);
   if (!string)
     {







Comment 2


Tim Janik





          2007-07-01 15:16:53 UTC
        



there are actually two places affected, here's the second:

diff -Nup .svn/text-base/bseshstart.c.svn-base /tmp/svndiff.tmp
--- bseshstart.c	(revision 4349)
+++ bseshstart.c	(working copy)
@@ -28,7 +28,7 @@ custom_find_executable (int    *argc_p,
   const char *bindir = BINDIR;
   const char *name = "bsescm";
   const char *version = BIN_VERSION;
-  int l = strlen (bindir) + 1 + strlen (name) + 1 + strlen (version);
+  int l = 1 + strlen (bindir) + 1 + strlen (name) + 1 + strlen (version);
   char *string = malloc (l);
   if (!string)
     {







Comment 3


Tim Janik





          2007-07-02 12:03:36 UTC
        



*** Bug 421851 has been marked as a duplicate of this bug. ***