Re: [X10-users] Managed X10: BufferOverflow at X10Launcher

[David P G. <gr...@us...>]

Jonas Posner <jon...@un...> wrote on 11/23/2016 04:20:51 AM:
>
> ==19578== Process terminating with default action of signal 6 (SIGABRT)
> ==19578==    at 0x508C428: raise (raise.c:54)
> ==19578==    by 0x508E029: abort (abort.c:89)
> ==19578==    by 0x50CE7E9: __libc_message (libc_fatal.c:175)
> ==19578==    by 0x516F56B: __fortify_fail (fortify_fail.c:37)
> ==19578==    by 0x516D56F: __chk_fail (chk_fail.c:28)
> ==19578==    by 0x516DAF3: __realpath_chk (realpath_chk.c:29)
> ==19578==    by 0x402601: realpath (stdlib.h:45)
> ==19578==    by 0x402601: Launcher::initialize(int, char**)
> (Launcher_Init.cc:184)
> ==19578==    by 0x40295D: Launcher::Setup(int, char**)
(Launcher_Init.cc:62)
> ==19578==    by 0x401D10: main (main.cc:56)
>
>
> When I unset X10_HOSTFILE, "X10Launcher Hello" has no buffer overflow.
>

Thanks, that helps.

In Launcher.h line 122 defines a fixed-size buffer that is passed into
realpath:

		char _hostfname[512]; /* host file name */

My guess is that the expansion of symbolic links in the value you are using
for X10_HOSTFILE causes it to exceed the buffer length.  There are two
possible fixes:
	(1) change the 512 to PATH_MAX in Launcher.h
	(2) change to dynamic allocation of the buffer for _hostfname by
changing the declaration to be a char*, setting it to NULL in the init
routine, passing NULL as the second argument to realpath and storing the
returned non-NULL results in _hostfname.

Would you mind trying to see if this fixes the problem?

thanks,

--dave