Moved to linux as it is a UML kernel bug.
** Summary changed:
- UML kernel built in Intrepid SEGFAULTs immediately
+ UML kernel built in Intrepid SEGFAULTs immediately with buffer overflow (UML
bug)
** Description changed:
- Binary package hint: gcc-4.3
-
Distributor ID: Ubuntu
Description: Ubuntu intrepid (development branch)
Release: 8.10
Codename: intrepid
GCC Version: 4:4.3.1-1ubuntu2
First time noticed in alpha6 in KVM, now the real system has the same
problem (both x86)
UML kernel built using Intrepid tools does not boot:
rtg$ Downloads/Linux/linux-2.6.27.1/linux mem=128M ubda=vm/UML/hardy.img
Locating the bottom of the address space ... 0x0
Locating the top of the address space ... 0xc0000000
Core dump limits :
soft - 0
hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking for tmpfs mount on /dev/shm...OK
Checking PROT_EXEC mmap in /dev/shm/...OK
Checking for the skas3 patch in the host:
- /proc/mm...not found: No such file or directory
- PTRACE_FAULTINFO...not found
- PTRACE_LDT...not found
UML running in SKAS0 mode
Adding 15499264 bytes to physical memory to account for exec-shield gap
*** buffer overflow detected ***: Downloads/Linux/linux-2.6.27.1/linux
terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f4d558]
/lib/tls/i686/cmov/libc.so.6[0xb7f4b680]
/lib/tls/i686/cmov/libc.so.6[0xb7f4af87]
/lib/tls/i686/cmov/libc.so.6(__snprintf_chk+0x34)[0xb7f4ae74]
Downloads/Linux/linux-2.6.27.1/linux[0x8063d11]
======= Memory map: ========
00000000-00001000 rwxp 00000000 00:00 0
08048000-08278000 rwxp 00000000 fe:04 4604241
/home/rtg/Downloads/Linux/linux-2.6.27.1/linux
08278000-0828d000 rwxp 08278000 00:00 0
09134000-09155000 rwxp 09134000 00:00 0 [heap]
09155000-10f10000 rwxs 0110d000 00:14 135092 /dev/shm/vm_file-bCxFhj
(deleted)
b7e3f000-b7e4c000 r-xp 00000000 fe:00 40978 /lib/libgcc_s.so.1
b7e4c000-b7e4d000 r-xp 0000c000 fe:00 40978 /lib/libgcc_s.so.1
b7e4d000-b7e4e000 rwxp 0000d000 fe:00 40978 /lib/libgcc_s.so.1
b7e4e000-b7e53000 rwxp b7e4e000 00:00 0
b7e53000-b7fab000 r-xp 00000000 fe:00 41590
/lib/tls/i686/cmov/libc-2.8.90.so
b7fab000-b7fad000 r-xp 00158000 fe:00 41590
/lib/tls/i686/cmov/libc-2.8.90.so
b7fad000-b7fae000 rwxp 0015a000 fe:00 41590
/lib/tls/i686/cmov/libc-2.8.90.so
b7fae000-b7fb1000 rwxp b7fae000 00:00 0
b7fb1000-b7fb3000 r-xp 00000000 fe:00 41610
/lib/tls/i686/cmov/libutil-2.8.90.so
b7fb3000-b7fb4000 r-xp 00001000 fe:00 41610
/lib/tls/i686/cmov/libutil-2.8.90.so
b7fb4000-b7fb5000 rwxp 00002000 fe:00 41610
/lib/tls/i686/cmov/libutil-2.8.90.so
b7fb5000-b7fb7000 rwxp b7fb5000 00:00 0
b7fb7000-b7fd1000 r-xp 00000000 fe:00 41116 /lib/ld-2.8.90.so
b7fd1000-b7fd2000 r-xp b7fd1000 00:00 0 [vdso]
b7fd2000-b7fd3000 r-xp 0001a000 fe:00 41116 /lib/ld-2.8.90.so
b7fd3000-b7fd4000 rwxp 0001b000 fe:00 41116 /lib/ld-2.8.90.so
bfabf000-bfad4000 rwxp bffeb000 00:00 0 [stack]
Segmentation fault
The same kernel built on Hardy boots properly in Hardy and Intrepid.
+
+ The reason of such crash is invalid size of array holding the socket
+ name. The structure sockaddr_un contains sun_path of 108 chars long
+ while os_create_unix_socket (called by mconsole_init) passes a file
+ argument which is 256 chars long. Buffer overflow protection fires and
+ abort()s the execution.
** Changed in: linux (Ubuntu)
Sourcepackagename: glibc => linux
--
UML kernel built in Intrepid SEGFAULTs immediately with buffer overflow (UML
bug)
https://bugs.launchpad.net/bugs/284631
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
