pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/45244: wish won't start on systems with "FORTIFY_SOURCE" enabled, eg. Ubuntu 11.04
>Number: 45244
>Category: pkg
>Synopsis: wish won't start on systems with "FORTIFY_SOURCE" enabled, eg.
>Ubuntu 11.04
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 12 14:25:00 +0000 2011
>Originator: Michael Droettboom
>Release: Linux 2.6.38-10-generic-pae
>Organization:
Space Telescope Science Institute
>Environment:
System: Linux giraffe 2.6.38-10-generic-pae #46-Ubuntu SMP Tue Jun 28 16:54:49
UTC 2011 i686 i686 i386 GNU/Linux
>Description:
tcl has a buffer overrun, triggered when starting the tk
interpreter "wish", which is caught by the GNU libc fortify
feature, causing the process to abort.
>How-To-Repeat:
On a system with FORTIFY_SOURCE enabled, such as Ubuntu, build
the package /x11/tk. Then run the Tk interpreter "wish". The following
backtrace is printed:
*** buffer overflow detected ***: ../../../build/bin/wish terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x50)[0xb7453df0]
/lib/i386-linux-gnu/libc.so.6(+0xe4cca)[0xb7452cca]
/lib/i386-linux-gnu/libc.so.6(__strcpy_chk+0x3f)[0xb745205f]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclTraceVariableObjCmd+0x420)[0xb7677a80]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_TraceObjCmd+0x1ae)[0xb767c64e]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(+0x4debe)[0xb7695ebe]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclCompEvalObj+0xed)[0xb769a02d]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjEx+0xb5)[0xb766bc05]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_SwitchObjCmd+0x369)[0xb767c079]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalEx+0x419)[0xb766b129]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_FSEvalFile+0x233)[0xb76b45e3]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_SourceObjCmd+0x57)[0xb7679297]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjv+0x122)[0xb766ba12]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjEx+0x1c0)[0xb766bd10]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_UplevelObjCmd+0x116)[0xb76c87b6]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(+0x4debe)[0xb7695ebe]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclCompEvalObj+0xed)[0xb769a02d]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclObjInterpProc+0x2ac)[0xb76c8e6c]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjv+0x122)[0xb766ba12]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjEx+0x1c0)[0xb766bd10]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_UplevelObjCmd+0x116)[0xb76c87b6]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(+0x4debe)[0xb7695ebe]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclCompEvalObj+0xed)[0xb769a02d]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclObjInterpProc+0x2ac)[0xb76c8e6c]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjv+0x122)[0xb766ba12]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalObjEx+0x1c0)[0xb766bd10]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_UplevelObjCmd+0x116)[0xb76c87b6]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(+0x4debe)[0xb7695ebe]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclCompEvalObj+0xed)[0xb769a02d]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclObjInterpProc+0x2ac)[0xb76c8e6c]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x419)[0xb76692d9]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(+0x4debe)[0xb7695ebe]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclCompEvalObj+0xed)[0xb769a02d]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclObjInterpProc+0x2ac)[0xb76c8e6c]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(TclEvalObjvInternal+0x37b)[0xb766923b]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_EvalEx+0x419)[0xb766b129]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1(Tcl_Eval+0x3c)[0xb766b44c]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtk84.so.1(TkpInit+0x35)[0xb77b15c5]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtk84.so.1(+0x47213)[0xb7743213]
../../../build/bin/wish(Tcl_AppInit+0x37)[0x8048797]
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtk84.so.1(Tk_MainEx+0x3c8)[0xb7732288]
../../../build/bin/wish(main+0x3a)[0x804883a]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0xb7384e37]
../../../build/bin/wish[0x80486c1]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:06 13158779
/home/mdboom/Work/builds/ur-pkgsrc/build/bin/wish8.4
08049000-0804a000 r--p 00000000 08:06 13158779
/home/mdboom/Work/builds/ur-pkgsrc/build/bin/wish8.4
0804a000-0804b000 rw-p 00001000 08:06 13158779
/home/mdboom/Work/builds/ur-pkgsrc/build/bin/wish8.4
08dee000-08e92000 rw-p 00000000 00:00 0 [heap]
b7090000-b70ca000 rw-p 00000000 00:00 0
b7112000-b712c000 r-xp 00000000 08:01 1701469
/lib/i386-linux-gnu/libgcc_s.so.1
b712c000-b712d000 r--p 00019000 08:01 1701469
/lib/i386-linux-gnu/libgcc_s.so.1
b712d000-b712e000 rw-p 0001a000 08:01 1701469
/lib/i386-linux-gnu/libgcc_s.so.1
b7148000-b7348000 r--p 00000000 08:01 2493456 /usr/lib/locale/locale-archive
b7348000-b734a000 rw-p 00000000 00:00 0
b734a000-b734e000 r-xp 00000000 08:01 2491885
/usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
b734e000-b734f000 r--p 00003000 08:01 2491885
/usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
b734f000-b7350000 rw-p 00004000 08:01 2491885
/usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
b7350000-b7352000 r-xp 00000000 08:01 2491877
/usr/lib/i386-linux-gnu/libXau.so.6.0.0
b7352000-b7353000 r--p 00001000 08:01 2491877
/usr/lib/i386-linux-gnu/libXau.so.6.0.0
b7353000-b7354000 rw-p 00002000 08:01 2491877
/usr/lib/i386-linux-gnu/libXau.so.6.0.0
b7354000-b736b000 r-xp 00000000 08:01 2492025
/usr/lib/i386-linux-gnu/libxcb.so.1.1.0
b736b000-b736c000 r--p 00016000 08:01 2492025
/usr/lib/i386-linux-gnu/libxcb.so.1.1.0
b736c000-b736d000 rw-p 00017000 08:01 2492025
/usr/lib/i386-linux-gnu/libxcb.so.1.1.0
b736d000-b736e000 rw-p 00000000 00:00 0
b736e000-b74c8000 r-xp 00000000 08:01 1701441
/lib/i386-linux-gnu/libc-2.13.so
b74c8000-b74c9000 ---p 0015a000 08:01 1701441
/lib/i386-linux-gnu/libc-2.13.so
b74c9000-b74cb000 r--p 0015a000 08:01 1701441
/lib/i386-linux-gnu/libc-2.13.so
b74cb000-b74cc000 rw-p 0015c000 08:01 1701441
/lib/i386-linux-gnu/libc-2.13.so
b74cc000-b74cf000 rw-p 00000000 00:00 0
b74cf000-b74f3000 r-xp 00000000 08:01 1701478
/lib/i386-linux-gnu/libm-2.13.so
b74f3000-b74f4000 r--p 00023000 08:01 1701478
/lib/i386-linux-gnu/libm-2.13.so
b74f4000-b74f5000 rw-p 00024000 08:01 1701478
/lib/i386-linux-gnu/libm-2.13.so
b74f5000-b74f7000 r-xp 00000000 08:01 1701451
/lib/i386-linux-gnu/libdl-2.13.so
b74f7000-b74f8000 r--p 00001000 08:01 1701451
/lib/i386-linux-gnu/libdl-2.13.so
b74f8000-b74f9000 rw-p 00002000 08:01 1701451
/lib/i386-linux-gnu/libdl-2.13.so
b74f9000-b760f000 r-xp 00000000 08:01 2491875
/usr/lib/i386-linux-gnu/libX11.so.6.3.0
b760f000-b7610000 ---p 00116000 08:01 2491875
/usr/lib/i386-linux-gnu/libX11.so.6.3.0
b7610000-b7611000 r--p 00116000 08:01 2491875
/usr/lib/i386-linux-gnu/libX11.so.6.3.0
b7611000-b7613000 rw-p 00117000 08:01 2491875
/usr/lib/i386-linux-gnu/libX11.so.6.3.0
b7613000-b7614000 rw-p 00000000 00:00 0
b7614000-b7629000 r-xp 00000000 08:01 1701506
/lib/i386-linux-gnu/libpthread-2.13.so
b7629000-b762a000 r--p 00015000 08:01 1701506
/lib/i386-linux-gnu/libpthread-2.13.so
b762a000-b762b000 rw-p 00016000 08:01 1701506
/lib/i386-linux-gnu/libpthread-2.13.so
b762b000-b762e000 rw-p 00000000 00:00 0
b7647000-b7648000 r--p 002a1000 08:01 2493456 /usr/lib/locale/locale-archive
b7648000-b76f5000 r-xp 00000000 08:06 13321115
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1.0.0
b76f5000-b76f6000 r--p 000ac000 08:06 13321115
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1.0.0
b76f6000-b76fb000 rw-p 000ad000 08:06 13321115
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtcl84.so.1.0.0
b76fb000-b76fc000 rw-p 00000000 00:00 0
b76fc000-b77d1000 r-xp 00000000 08:06 13322673
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtk84.so.1.0.0
b77d1000-b77d2000 r--p 000d4000 08:06 13322673
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtk84.so.1.0.0
b77d2000-b77de000 rw-p 000d5000 08:06 13322673
/home/mdboom/Work/builds/ur-pkgsrc/build/lib/libtk84.so.1.0.0
b77de000-b77e0000 rw-p 00000000 00:00 0
b77e0000-b77e1000 r-xp 00000000 00:00 0 [vdso]
b77e1000-b77fd000 r-xp 00000000 08:01 1701428 /lib/i386-linux-gnu/ld-2.13.so
b77fd000-b77fe000 r--p 0001b000 08:01 1701428 /lib/i386-linux-gnu/ld-2.13.so
b77fe000-b77ff000 rw-p 0001c000 08:01 1701428 /lib/i386-linux-gnu/ld-2.13.so
bf823000-bf844000 rw-p 00000000 00:00 0 [stack]
Aborted
>Fix:
The following patch to lang/tcl (from the Debian package for
tcl) resolves the issue. Even though non-FORTIFY systems may
not crash, there is still a buffer overrun, so this is a
worthwhile patch in any case.
--- generic/tclCmdMZ.c 6 Apr 2010 07:45:56 -0000 1.82.2.32
+++ generic/tclCmdMZ.c 5 Dec 2010 22:10:28 -0000
@@ -3340,7 +3340,7 @@
flags |= (TCL_TRACE_ENTER_EXEC |
TCL_TRACE_LEAVE_EXEC);
}
- strcpy(tcmdPtr->command, command);
+ memcpy(tcmdPtr->command, command, length + 1);
name = Tcl_GetString(objv[3]);
if (Tcl_TraceCommand(interp, name, flags, TraceCommandProc,
(ClientData) tcmdPtr) != TCL_OK) {
@@ -3572,7 +3572,7 @@
tcmdPtr->length = length;
tcmdPtr->refCount = 1;
flags |= TCL_TRACE_DELETE;
- strcpy(tcmdPtr->command, command);
+ memcpy(tcmdPtr->command, command, length + 1);
name = Tcl_GetString(objv[3]);
if (Tcl_TraceCommand(interp, name, flags, TraceCommandProc,
(ClientData) tcmdPtr) != TCL_OK) {
@@ -3791,7 +3791,7 @@
}
tvarPtr->length = length;
flags |= TCL_TRACE_UNSETS | TCL_TRACE_RESULT_OBJECT;
- strcpy(tvarPtr->command, command);
+ memcpy(tvarPtr->command, command, length + 1);
name = Tcl_GetString(objv[3]);
flagMask = TCL_GLOBAL_ONLY | TCL_NAMESPACE_ONLY;
varPtr = TclLookupVar(interp, name, NULL,
Home |
Main Index |
Thread Index |
Old Index