#1230 Errors in path_concat()
Closed: Fixed None Opened 12 years ago by sgallagh.

There is an off-by-one error when dealing with paths that have strings longer than the destination buffer.

https://bugzilla.redhat.com/show_bug.cgi?id=799347 (Fedora)

The test_path_concat_neg test from path_utils fails on s390x and ppc64 (aka
64-bit big endians) with

Running suite(s): path_utils
*** stack smashing detected ***:
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x20)[0x3fffd202574]
/lib64/libc.so.6(__fortify_fail+0x0)[0x3fffd202554]
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut[0x80003ef6]
/lib64/libcheck.so.0(srunner_run_all+0x794)[0x3fffd29a4a8]
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut[0x80001476]
/lib64/libc.so.6(__libc_start_main+0x11c)[0x3fffd10030c]
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut[0x800014e2]
======= Memory map: ========
80000000-8000a000 r-xp 00000000 fd:00 2626645
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut
8000a000-8000b000 r-xp 00009000 fd:00 2626645
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut
8000b000-8000c000 rwxp 0000a000 fd:00 2626645
/builddir/build/BUILD/ding-libs-0.1.3/.libs/lt-path_utils_ut
bd579000-bd59a000 rw-p 00000000 00:00 0                                  [heap]
3fffd0a4000-3fffd0b4000 r-xp 00000000 fd:00 2359681
/usr/lib64/libgcc_s-4.7.0-20120229.so.1
3fffd0b4000-3fffd0b5000 rwxp 00010000 fd:00 2359681
/usr/lib64/libgcc_s-4.7.0-20120229.so.1
3fffd0b9000-3fffd0bb000 rwxp 00000000 00:00 0
3fffd0bb000-3fffd0d6000 r-xp 00000000 fd:00 2360818
/usr/lib64/libpthread-2.15.so
3fffd0d6000-3fffd0d7000 r-xp 0001a000 fd:00 2360818
/usr/lib64/libpthread-2.15.so
3fffd0d7000-3fffd0d8000 rwxp 0001b000 fd:00 2360818
/usr/lib64/libpthread-2.15.so
3fffd0d8000-3fffd0dc000 rwxp 00000000 00:00 0
3fffd0dc000-3fffd285000 r-xp 00000000 fd:00 2360792
/usr/lib64/libc-2.15.so
3fffd285000-3fffd289000 r-xp 001a8000 fd:00 2360792
/usr/lib64/libc-2.15.so
3fffd289000-3fffd28b000 rwxp 001ac000 fd:00 2360792
/usr/lib64/libc-2.15.so
3fffd28b000-3fffd28f000 rwxp 00000000 00:00 0
3fffd28f000-3fffd292000 r-xp 00000000 fd:00 2626507
/builddir/build/BUILD/ding-libs-0.1.3/.libs/libpath_utils.so.1.0.0
3fffd292000-3fffd293000 r-xp 00002000 fd:00 2626507
/builddir/build/BUILD/ding-libs-0.1.3/.libs/libpath_utils.so.1.0.0
3fffd293000-3fffd294000 rwxp 00003000 fd:00 2626507
/builddir/build/BUILD/ding-libs-0.1.3/.libs/libpath_utils.so.1.0.0
3fffd294000-3fffd295000 rwxp 00000000 00:00 0
3fffd295000-3fffd29d000 r-xp 00000000 fd:00 2364406
/usr/lib64/libcheck.so.0.0.0
3fffd29d000-3fffd29e000 r-xp 00007000 fd:00 2364406
/usr/lib64/libcheck.so.0.0.0
3fffd29e000-3fffd29f000 rwxp 00008000 fd:00 2364406
/usr/lib64/libcheck.so.0.0.0
3fffd2a0000-3fffd2a1000 rwxp 00000000 00:00 0
3fffd2a1000-3fffd2a6000 rwxp 00000000 00:00 0
3fffd2a6000-3fffd2a8000 r-xp 00000000 00:00 0                            [vdso]
3fffd2a8000-3fffd2c9000 r-xp 00000000 fd:00 2360785
/usr/lib64/ld-2.15.so
3fffd2c9000-3fffd2ca000 r-xp 00020000 fd:00 2360785
/usr/lib64/ld-2.15.so
3fffd2ca000-3fffd2cb000 rwxp 00021000 fd:00 2360785
/usr/lib64/ld-2.15.so
3fffd2cb000-3fffd2cc000 rw-p 00000000 00:00 0
3ffffd13000-3ffffd28000 rw-p 00000000 00:00 0
[stack]
95%: Checks: 24, Failures: 0, Errors: 1
path_utils/path_utils_ut.c:253:E:path_utils:test_path_concat_neg:0: (after this
point) Received signal 6 (Aborted)
FAIL: path_utils_ut

This is log from s390x -
http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=609982, ppc64 only show
a failure not the backtrace -
http://ppc.koji.fedoraproject.org/koji/taskinfo?taskID=414594

Version-Release number of selected component (if applicable):
ding-libs-0.1.3-6.fc18.src.rpm

Additional information:
The crash first appeared when built with gcc 4.7. Both ppc and s390 builds
(32-bit)) are OK.

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
owner: somebody => sgallagh
patch: 0 => 1
status: new => assigned
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
owner: somebody => sgallagh
patch: 0 => 1
status: new => assigned
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
owner: somebody => sgallagh
patch: 0 => 1
status: new => assigned
tests: => 0
testsupdated: => 0
upgrade: => 0

Fixed by:
- 7b1d48d4e1cbd83a2d228e500f376c516b1c93b0
- bb90be1e23e419e92eff404208ecf175796f4eba
- 1f9961c46d1d507046e57bb08e0d2e25d77f2d82

milestone: NEEDS_TRIAGE => ding-libs 0.1.4
resolution: => fixed
status: assigned => closed

Fixed by:
- 7b1d48d4e1cbd83a2d228e500f376c516b1c93b0
- bb90be1e23e419e92eff404208ecf175796f4eba
- 1f9961c46d1d507046e57bb08e0d2e25d77f2d82

milestone: NEEDS_TRIAGE => ding-libs 0.1.4
resolution: => fixed
status: assigned => closed

Fixed by:
- 7b1d48d4e1cbd83a2d228e500f376c516b1c93b0
- bb90be1e23e419e92eff404208ecf175796f4eba
- 1f9961c46d1d507046e57bb08e0d2e25d77f2d82

milestone: NEEDS_TRIAGE => ding-libs 0.1.4
resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: ding-libs 0.1.4

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2272

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata