Public bug reported:
Just running rpcdebug in noble on s390x causes a segfault. In gdb we
see:
Breakpoint 1, main (argc=1, argv=0x3ffffffa498) at rpcdebug.c:57
57 cdename = malloc(strlen(basename(argv[0])));
(gdb) n
58 if (cdename == NULL) {
(gdb) n
62 strcpy(cdename, basename(argv[0]));
(gdb) n
*** buffer overflow detected ***: terminated
It's the _FORTIFY_SOURCE=3 that is catching it, but only on s390x. Looks like
an off-by-one.
From the strcpy() manpage:
strcpy()
These functions copy the string pointed to by src, into a string at the buffer
pointed to by dst. The programmer is responsible for allocating a destination
buffer large enough, that is, strlen(src) + 1. For the difference between the
two functions, see RETURN VALUE.
Patch:
--- a/tools/rpcdebug/rpcdebug.c
+++ b/tools/rpcdebug/rpcdebug.c
@@ -54,7 +54,7 @@ main(int argc, char **argv)
char * module = NULL;
int c;
- cdename = malloc(strlen(basename(argv[0])));
+ cdename = malloc(strlen(basename(argv[0])) + 1);
if (cdename == NULL) {
fprintf(stderr, "failed in malloc\n");
exit(1);
** Affects: nfs-utils (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060538
Title:
rpcdebug segfault in s390x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/2060538/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
