Your message dated Thu, 19 Apr 2012 21:18:03 +0000
with message-id <[email protected]>
and subject line Bug#669359: fixed in kdrill 6.5deb2-8
has caused the Debian Bug report #669359,
regarding kdrill: Buffer overflow in createallmulti() (multikanji.c:247)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
669359: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669359
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: kdrill
Version: 6.5deb2-7
Severity: grave
Justification: renders package unusable
Dear Maintainer,
When starting up kdrill, it terminates with the following output:
---------------------------------------8<---------------------------------------
kdrill 6.5: by Philip Brown -- [email protected]
Starting up kdrill... please wait a while.
*** buffer overflow detected ***: kdrill terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fc855c54007]
/lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7fc855c52f00]
/lib/x86_64-linux-gnu/libc.so.6(+0x107369)[0x7fc855c52369]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xdd)[0x7fc855bc6bcd]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x98d)[0x7fc855b9300d]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x94)[0x7fc855c52404]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7fc855c5234d]
kdrill[0x40ac72]
kdrill[0x40af7c]
kdrill[0x4071ca]
kdrill[0x405856]
kdrill[0x4028b5]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fc855b6c76d]
kdrill[0x4029b9]
======= Memory map: ========
00400000-00419000 r-xp 00000000 fc:01 824914
/usr/bin/kdrill
00618000-00619000 r--p 00018000 fc:01 824914
/usr/bin/kdrill
00619000-0061a000 rw-p 00019000 fc:01 824914
/usr/bin/kdrill
0061a000-009eb000 rw-p 00000000 00:00 0
020dc000-02234000 rw-p 00000000 00:00 0 [heap]
7fc8540a7000-7fc8540bc000 r-xp 00000000 fc:01 926770
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fc8540bc000-7fc8542bb000 ---p 00015000 fc:01 926770
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fc8542bb000-7fc8542bc000 r--p 00014000 fc:01 926770
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fc8542bc000-7fc8542bd000 rw-p 00015000 fc:01 926770
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fc8542bd000-7fc8542c2000 r-xp 00000000 fc:01 1138664
/usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fc8542c2000-7fc8544c1000 ---p 00005000 fc:01 1138664
/usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fc8544c1000-7fc8544c2000 r--p 00004000 fc:01 1138664
/usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fc8544c2000-7fc8544c3000 rw-p 00005000 fc:01 1138664
/usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fc8544c3000-7fc8544cc000 r-xp 00000000 fc:01 1131990
/usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fc8544cc000-7fc8546cb000 ---p 00009000 fc:01 1131990
/usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fc8546cb000-7fc8546cc000 r--p 00008000 fc:01 1131990
/usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fc8546cc000-7fc8546cd000 rw-p 00009000 fc:01 1131990
/usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fc8546cd000-7fc8546d6000 r-xp 00000000 fc:01 1069467
/usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fc8546d6000-7fc8548d5000 ---p 00009000 fc:01 1069467
/usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fc8548d5000-7fc8548d6000 r--p 00008000 fc:01 1069467
/usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fc8548d6000-7fc8548d7000 rw-p 00009000 fc:01 1069467
/usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fc8548d7000-7fc8548dc000 r-xp 00000000 fc:01 1126291
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7fc8548dc000-7fc854adb000 ---p 00005000 fc:01 1126291
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7fc854adb000-7fc854adc000 r--p 00004000 fc:01 1126291
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7fc854adc000-7fc854add000 rw-p 00005000 fc:01 1126291
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7fc854add000-7fc854adf000 r-xp 00000000 fc:01 1122733
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7fc854adf000-7fc854cde000 ---p 00002000 fc:01 1122733
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7fc854cde000-7fc854cdf000 r--p 00001000 fc:01 1122733
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7fc854cdf000-7fc854ce0000 rw-p 00002000 fc:01 1122733
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7fc854ce0000-7fc854ce4000 r-xp 00000000 fc:01 918001
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7fc854ce4000-7fc854ee3000 ---p 00004000 fc:01 918001
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7fc854ee3000-7fc854ee4000 r--p 00003000 fc:01 918001
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7fc854ee4000-7fc854ee5000 rw-p 00004000 fc:01 918001
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7fc854ee5000-7fc854ee7000 r-xp 00000000 fc:01 928289
/lib/x86_64-linux-gnu/libdl-2.15.so
7fc854ee7000-7fc8550e7000 ---p 00002000 fc:01 928289
/lib/x86_64-linux-gnu/libdl-2.15.so
7fc8550e7000-7fc8550e8000 r--p 00002000 fc:01 928289
/lib/x86_64-linux-gnu/libdl-2.15.so
7fc8550e8000-7fc8550e9000 rw-p 00003000 fc:01 928289
/lib/x86_64-linux-gnu/libdl-2.15.so
7fc8550e9000-7fc855106000 r-xp 00000000 fc:01 1129563
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7fc855106000-7fc855305000 ---p 0001d000 fc:01 1129563
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7fc855305000-7fc855306000 r--p 0001c000 fc:01 1129563
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7fc855306000-7fc855307000 rw-p 0001d000 fc:01 1129563
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7fc855307000-7fc85531d000 r-xp 00000000 fc:01 1086546
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7fc85531d000-7fc85551c000 ---p 00016000 fc:01 1086546
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7fc85551c000-7fc85551d000 r--p 00015000 fc:01 1086546
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7fc85551d000-7fc85551e000 rw-p 00016000 fc:01 1086546
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7fc85551e000-7fc855521000 rw-p 00000000 00:00 0
7fc855521000-7fc855528000 r-xp 00000000 fc:01 1086650
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7fc855528000-7fc855727000 ---p 00007000 fc:01 1086650
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7fc855727000-7fc855728000 r--p 00006000 fc:01 1086650
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7fc855728000-7fc855729000 rw-p 00007000 fc:01 1086650
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7fc855729000-7fc855739000 r-xp 00000000 fc:01 1131805
/usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7fc855739000-7fc855938000 ---p 00010000 fc:01 1131805
/usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7fc855938000-7fc855939000 r--p 0000f000 fc:01 1131805
/usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7fc855939000-7fc85593a000 rw-p 00010000 fc:01 1131805
/usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7fc85593a000-7fc85594a000 r-xp 00000000 fc:01 1087643
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7fc85594a000-7fc855b49000 ---p 00010000 fc:01 1087643
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7fc855b49000-7fc855b4a000 r--p 0000f000 fc:01 1087643
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7fc855b4a000-7fc855b4b000 rw-p 00010000 fc:01 1087643
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7fc855b4b000-7fc855cfe000 r-xp 00000000 fc:01 928273
/lib/x86_64-linux-gnu/libc-2.15.so
7fc855cfe000-7fc855efd000 ---p 001b3000 fc:01 928273
/lib/x86_64-linux-gnu/libc-2.15.so
7fc855efd000-7fc855f01000 r--p 001b2000 fc:01 928273
/lib/x86_64-linux-gnu/libc-2.15.so
7fc855f01000-7fc855f03000 rw-p 001b6000 fc:01 928273
/lib/x86_64-linux-gnu/libc-2.15.so
7fc855f03000-7fc855f08000 rw-p 00000000 00:00 0
7fc855f08000-7fc856037000 r-xp 00000000 fc:01 1130899
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7fc856037000-7fc856237000 ---p 0012f000 fc:01 1130899
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7fc856237000-7fc856238000 r--p 0012f000 fc:01 1130899
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7fc856238000-7fc85623c000 rw-p 00130000 fc:01 1130899
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7fc85623c000-7fc85629b000 r-xp 00000000 fc:01 1125886
/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
7fc85629b000-7fc85649b000 ---p 0005f000 fc:01 1125886
/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
7fc85649b000-7fc85649c000 r--p 0005f000 fc:01 1125886
/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
7fc85649c000-7fc8564a1000 rw-p 00060000 fc:01 1125886
/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
7fc8564a1000-7fc8564a2000 rw-p 00000000 00:00 0
7fc8564a2000-7fc8564b9000 r-xp 00000000 fc:01 1126383
/usr/lib/x86_64-linux-gnu/libXmu.so.6.2.0
7fc8564b9000-7fc8566b9000 ---p 00017000 fc:01 1126383
/usr/lib/x86_64-linux-gnu/libXmu.so.6.2.0
7fc8566b9000-7fc8566ba000 r--p 00017000 fc:01 1126383
/usr/lib/x86_64-linux-gnu/libXmu.so.6.2.0
7fc8566ba000-7fc8566bb000 rw-p 00018000 fc:01 1126383
/usr/lib/x86_64-linux-gnu/libXmu.so.6.2.0
7fc8566bb000-7fc856720000 r-xp 00000000 fc:01 1132198
/usr/lib/x86_64-linux-gnu/libXaw7.so.7.0.0
7fc856720000-7fc85691f000 ---p 00065000 fc:01 1132198
/usr/lib/x86_64-linux-gnu/libXaw7.so.7.0.0
7fc85691f000-7fc856920000 r--p 00064000 fc:01 1132198
/usr/lib/x86_64-linux-gnu/libXaw7.so.7.0.0
7fc856920000-7fc85692a000 rw-p 00065000 fc:01 1132198
/usr/lib/x86_64-linux-gnu/libXaw7.so.7.0.0
7fc85692a000-7fc85692b000 rw-p 00000000 00:00 0
7fc85692b000-7fc85694d000 r-xp 00000000 fc:01 926152
/lib/x86_64-linux-gnu/ld-2.15.so
7fc856b11000-7fc856b19000 rw-p 00000000 00:00 0
7fc856b49000-7fc856b4d000 rw-p 00000000 00:00 0
7fc856b4d000-7fc856b4e000 r--p 00022000 fc:01 926152
/lib/x86_64-linux-gnu/ld-2.15.so
7fc856b4e000-7fc856b50000 rw-p 00023000 fc:01 926152
/lib/x86_64-linux-gnu/ld-2.15.so
7fff6c52e000-7fff6c550000 rw-p 00000000 00:00 0 [stack]
7fff6c552000-7fff6c553000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
--------------------------------------->8---------------------------------------
gdb shows the following backtrace:
#0 0x00007faf257fd445 in __GI_raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007faf25800bab in __GI_abort () at abort.c:91
#2 0x00007faf2583ae2e in __libc_message (do_abort=2, fmt=0x7faf2594159c "***
%s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
#3 0x00007faf258d0007 in __GI___fortify_fail (msg=0x7faf25941533 "buffer
overflow detected") at fortify_fail.c:32
#4 0x00007faf258cef00 in __GI___chk_fail () at chk_fail.c:29
#5 0x00007faf258ce369 in _IO_str_chk_overflow (fp=<optimized out>,
c=<optimized out>) at vsprintf_chk.c:35
#6 0x00007faf25842bcd in _IO_default_xsputn (f=0x7fff7f6f2db0, data=<optimized
out>, n=1) at genops.c:485
#7 0x00007faf2580f00d in _IO_vfprintf_internal (s=<optimized out>,
format=<optimized out>, ap=<optimized out>) at vfprintf.c:1654
#8 0x00007faf258ce404 in ___vsprintf_chk (s=0x7fff7f6f3040 "multiU100",
flags=1, slen=10, format=0x414cc4 "multiU%x\n", args=0x7fff7f6f2ed8) at
vsprintf_chk.c:86
#9 0x00007faf258ce34d in ___sprintf_chk (s=<optimized out>, flags=<optimized
out>, slen=<optimized out>, format=<optimized out>) at sprintf_chk.c:33
#10 0x000000000040ac72 in sprintf (__fmt=0x414cc4 "multiU%x\n",
__s=0x7fff7f6f3040 "multiU100") at
/usr/include/x86_64-linux-gnu/bits/stdio2.h:34
#11 createallmulti () at multikanji.c:247
#12 0x000000000040af7c in MakeMulti () at multikanji.c:344
#13 0x00000000004071ca in MakeWidgets () at widgets.c:920
#14 0x0000000000405856 in initstuffs (argc=0x7fff7f6f316c, argv=0x7fff7f6f3258)
at init.c:369
#15 0x00000000004028b5 in main (argc=1, argv=0x7fff7f6f3258) at main.c:158
And specifically in frame 11, it looks like:
char uname[10];
sprintf(uname, "multiU%x\n", 256); /* attempts to store 11 bytes in uname */
This is caused by increase-maxmulti.diff, which bumps MAXMULTI from 200 to
1000. The sprintf() call is valid as long as MAXMULTI doesn't go past 0xff. On
the other hand, the `uname' variable is not being used anywhere else apart from
the sprintf() call, so it can be safely removed.
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise'), (400, 'precise-proposed'), (100, 'precise-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 3.3.1-hyper2 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_SG.utf8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages kdrill depends on:
ii libc6 2.15-0ubuntu9
ii libx11-6 2:1.4.99.1-0ubuntu2
ii libxaw7 2:1.0.9-3ubuntu1
ii libxmu6 2:1.1.0-3
ii libxt6 1:1.1.1-2build1
Versions of packages kdrill recommends:
ii kanadic 6.5deb2-7
ii xfonts-base 1:1.0.3
Versions of packages kdrill suggests:
pn edict <none>
pn xjdic <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: kdrill
Source-Version: 6.5deb2-8
We believe that the bug you reported is fixed in the latest version of
kdrill, which is due to be installed in the Debian FTP archive:
kanadic_6.5deb2-8_all.deb
to main/k/kdrill/kanadic_6.5deb2-8_all.deb
kdrill_6.5deb2-8.debian.tar.gz
to main/k/kdrill/kdrill_6.5deb2-8.debian.tar.gz
kdrill_6.5deb2-8.dsc
to main/k/kdrill/kdrill_6.5deb2-8.dsc
kdrill_6.5deb2-8_amd64.deb
to main/k/kdrill/kdrill_6.5deb2-8_amd64.deb
makedic_6.5deb2-8_amd64.deb
to main/k/kdrill/makedic_6.5deb2-8_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Євгеній Мещеряков <[email protected]> (supplier of updated kdrill package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 19 Apr 2012 22:20:58 +0200
Source: kdrill
Binary: kdrill makedic kanadic
Architecture: source amd64 all
Version: 6.5deb2-8
Distribution: unstable
Urgency: low
Maintainer: Євгеній Мещеряков <[email protected]>
Changed-By: Євгеній Мещеряков <[email protected]>
Description:
kanadic - katakana and hiragana drill files for KDrill
kdrill - kanji drill and dictionary program
makedic - dictionary compiler for KDrill
Closes: 669359
Changes:
kdrill (6.5deb2-8) unstable; urgency=low
.
* Fix buffer overflow. Thanks to Chow Loong Jin (Closes: #669359).
* Standards-Version 3.9.3 — no changes needed
Checksums-Sha1:
4f9ad026d9a33b2aab9061378e5f1a7016147453 1357 kdrill_6.5deb2-8.dsc
a2379bf1f42c1b168b08c872b7f7a34e335e226f 13678 kdrill_6.5deb2-8.debian.tar.gz
217bff5d220c5c88dfc9a487dcdad22a30e6304f 79380 kdrill_6.5deb2-8_amd64.deb
d72ff762a70a5bc0c1a1e8994082db6d7d8a75b5 12120 makedic_6.5deb2-8_amd64.deb
049db105861877d208d945122baa4015c11f1c50 12260 kanadic_6.5deb2-8_all.deb
Checksums-Sha256:
ed578915d00c034a34033e0a1e9bd74d62f58d40c74d359a512ed2d85a803458 1357
kdrill_6.5deb2-8.dsc
8ad2727b295485028f973c681b9e5e6054613200dab26972f935de998d7328f5 13678
kdrill_6.5deb2-8.debian.tar.gz
79f0184f0f6ce97d550ebd195a190522a01d8a2a46d9a963a583256abade541e 79380
kdrill_6.5deb2-8_amd64.deb
cd27cf596208bee8c2a994d315b00ecf7788f1f50a4e1e8dfe76f376171efa70 12120
makedic_6.5deb2-8_amd64.deb
74dce85bac30accfd2b99f6e079873e9905205970f5ff068aac84e829740dec4 12260
kanadic_6.5deb2-8_all.deb
Files:
6df1e63780f6f0856977ad86137df7b7 1357 education optional kdrill_6.5deb2-8.dsc
7498a475bb5f29daec7fefeee78a437c 13678 education optional
kdrill_6.5deb2-8.debian.tar.gz
3b54da99fbda5b6343565e38a8e753d3 79380 education optional
kdrill_6.5deb2-8_amd64.deb
2d896c46c86677f15e88112bd46235e8 12120 text optional
makedic_6.5deb2-8_amd64.deb
689aa87565d5e615fadbf9f2da1300d6 12260 education optional
kanadic_6.5deb2-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+QeuAACgkQKaC6+zmozOL13gCeO8YZYN33Nbppd93oK40gt+jK
POwAniv8H8fmPMS4RZ9FV+HjNQUqlBla
=5Yp0
-----END PGP SIGNATURE-----
--- End Message ---
