From: Garrett C. <yan...@gm...> - 2010-01-30 05:29:29
|
Hi, I've been seeing the following messages when ftest03 and ftest07 are executed on a regular basis as of late (may be due to a recent glibc upgrade): *** buffer overflow detected ***: ftest03 terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f100b0c3867] /lib/libc.so.6[0x7f100b0c1680] /lib/libc.so.6[0x7f100b0c0979] /lib/libc.so.6(_IO_default_xsputn+0x85)[0x7f100b04ef25] /lib/libc.so.6(_IO_vfprintf+0x1fed)[0x7f100b0216dd] /lib/libc.so.6(__vsprintf_chk+0x9d)[0x7f100b0c0a1d] /lib/libc.so.6(__sprintf_chk+0x80)[0x7f100b0c0960] ftest03[0x401f05] ftest03[0x402a76] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f100affba26] ftest03[0x401d59] ======= Memory map: ======== 00400000-00408000 r-xp 00000000 fd:03 74957 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest03 00608000-00609000 r--p 00008000 fd:03 74957 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest03 00609000-0060a000 rw-p 00009000 fd:03 74957 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest03 0060a000-0060f000 rw-p 00000000 00:00 0 01f91000-01fb2000 rw-p 00000000 00:00 0 [heap] 7f100adc6000-7f100addc000 r-xp 00000000 fd:03 6454 /lib64/libgcc_s.so.1 7f100addc000-7f100afdb000 ---p 00016000 fd:03 6454 /lib64/libgcc_s.so.1 7f100afdb000-7f100afdc000 r--p 00015000 fd:03 6454 /lib64/libgcc_s.so.1 7f100afdc000-7f100afdd000 rw-p 00016000 fd:03 6454 /lib64/libgcc_s.so.1 7f100afdd000-7f100b12c000 r-xp 00000000 fd:03 5882 /lib64/libc-2.10.1.so 7f100b12c000-7f100b32c000 ---p 0014f000 fd:03 5882 /lib64/libc-2.10.1.so 7f100b32c000-7f100b330000 r--p 0014f000 fd:03 5882 /lib64/libc-2.10.1.so 7f100b330000-7f100b331000 rw-p 00153000 fd:03 5882 /lib64/libc-2.10.1.so 7f100b331000-7f100b336000 rw-p 00000000 00:00 0 7f100b336000-7f100b353000 r-xp 00000000 fd:03 5871 /lib64/ld-2.10.1.so 7f100b536000-7f100b538000 rw-p 00000000 00:00 0 7f100b550000-7f100b552000 rw-p 00000000 00:00 0 7f100b552000-7f100b553000 r--p 0001c000 fd:03 5871 /lib64/ld-2.10.1.so 7f100b553000-7f100b554000 rw-p 0001d000 fd:03 5871 /lib64/ld-2.10.1.so 7fffe07b0000-7fffe07c5000 rw-p 00000000 00:00 0 [stack] 7fffe07ff000-7fffe0800000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] *** buffer overflow detected ***: ftest07 terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f8678b10867] /lib/libc.so.6[0x7f8678b0e680] /lib/libc.so.6[0x7f8678b0d979] /lib/libc.so.6(_IO_default_xsputn+0x85)[0x7f8678a9bf25] /lib/libc.so.6(_IO_vfprintf+0x1fed)[0x7f8678a6e6dd] /lib/libc.so.6(__vsprintf_chk+0x9d)[0x7f8678b0da1d] /lib/libc.so.6(__sprintf_chk+0x80)[0x7f8678b0d960] ftest07[0x401ec5] ftest07[0x402a76] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f8678a48a26] ftest07[0x401d19] ======= Memory map: ======== 00400000-00408000 r-xp 00000000 fd:03 74961 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest07 00608000-00609000 r--p 00008000 fd:03 74961 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest07 00609000-0060a000 rw-p 00009000 fd:03 74961 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest07 0060a000-0060f000 rw-p 00000000 00:00 0 01f3f000-01f60000 rw-p 00000000 00:00 0 [heap] 7f8678813000-7f8678829000 r-xp 00000000 fd:03 6454 /lib64/libgcc_s.so.1 7f8678829000-7f8678a28000 ---p 00016000 fd:03 6454 /lib64/libgcc_s.so.1 7f8678a28000-7f8678a29000 r--p 00015000 fd:03 6454 /lib64/libgcc_s.so.1 7f8678a29000-7f8678a2a000 rw-p 00016000 fd:03 6454 /lib64/libgcc_s.so.1 7f8678a2a000-7f8678b79000 r-xp 00000000 fd:03 5882 /lib64/libc-2.10.1.so 7f8678b79000-7f8678d79000 ---p 0014f000 fd:03 5882 /lib64/libc-2.10.1.so 7f8678d79000-7f8678d7d000 r--p 0014f000 fd:03 5882 /lib64/libc-2.10.1.so 7f8678d7d000-7f8678d7e000 rw-p 00153000 fd:03 5882 /lib64/libc-2.10.1.so 7f8678d7e000-7f8678d83000 rw-p 00000000 00:00 0 7f8678d83000-7f8678da0000 r-xp 00000000 fd:03 5871 /lib64/ld-2.10.1.so 7f8678f83000-7f8678f85000 rw-p 00000000 00:00 0 7f8678f9d000-7f8678f9f000 rw-p 00000000 00:00 0 7f8678f9f000-7f8678fa0000 r--p 0001c000 fd:03 5871 /lib64/ld-2.10.1.so 7f8678fa0000-7f8678fa1000 rw-p 0001d000 fd:03 5871 /lib64/ld-2.10.1.so 7fffeffa2000-7fffeffb7000 rw-p 00000000 00:00 0 [stack] 7fffeffff000-7ffff0000000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] gcooper@orangebox /scratch/ltp $ emerge --info Portage 2.1.6.13 (default/linux/amd64/10.0, gcc-4.3.4, glibc-2.10.1-r1, 2.6.31-gentoo-r6 x86_64) ================================================================= System uname: Linux-2.6.31-gentoo-r6-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q9400_@_2.66GHz-with-gentoo-1.12.13 Timestamp of tree: Sun, 24 Jan 2010 07:00:21 +0000 app-shells/bash: 4.0_p35 dev-java/java-config: 2.1.9-r2 dev-lang/python: 2.6.4 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 Figuring that ftest07.c compiled (mostly) without warnings, I thought it might be an issue common to both tests. Here's what I did and it didn't crash when I ran them, but I was wondering if others could verify whether or not they run into similar issues as well, and if so, tell me whether or not this patch functionality a) makes sense and b) resolves the issue: Index: testcases/kernel/fs/ftest/libftest.c =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/fs/ftest/libftest.c,v retrieving revision 1.1 diff -u -r1.1 libftest.c --- testcases/kernel/fs/ftest/libftest.c 18 Sep 2009 17:44:08 -0000 1.1 +++ testcases/kernel/fs/ftest/libftest.c 30 Jan 2010 05:24:42 -0000 @@ -17,6 +17,7 @@ */ #include <sys/uio.h> +#include <assert.h> #include "test.h" #include "libftest.h" @@ -61,16 +62,18 @@ /* * Dump bits string. */ -void ft_dumpbits(char *bits, int size) +void ft_dumpbits(void *bits, size_t size) { - char *buf; + void *buf; tst_resm(TINFO, "\tBits array:"); for (buf = bits; size > 0; --size, ++buf) { - if ((buf-bits) % 16 == 0) - tst_resm(TINFO, "\t%04x:\t", 8*(buf-bits)); - tst_resm(TINFO, "\t%02x ", *buf & 0xff); + if ((buf-bits) % 16 == 0) { + assert (0 < (buf-bits)); + tst_resm(TINFO, "\t%lu:\t", 8*(buf-bits)); + } + tst_resm(TINFO, "\t%02x ", *((char*) buf) & 0xff); } tst_resm(TINFO, "\t"); Index: testcases/kernel/fs/ftest/libftest.h =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/fs/ftest/libftest.h,v retrieving revision 1.1 diff -u -r1.1 libftest.h --- testcases/kernel/fs/ftest/libftest.h 18 Sep 2009 17:44:08 -0000 1.1 +++ testcases/kernel/fs/ftest/libftest.h 30 Jan 2010 05:24:42 -0000 @@ -34,7 +34,7 @@ /* * Dump bits string. */ -void ft_dumpbits(char *bits, int size); +void ft_dumpbits(void *bits, size_t size); /* * Do logical or of hold and bits (of size) I did what I did above because it's doing pointer arithmetic of virtual memory addresses, which means that that could be wreaking havoc if the value is truly rolling over / overflowing. Thanks, -Garrett |