----- Rodolfo García Peñas <[email protected]> a écrit : > Hi, > > I am working in the debian stuff. When I ran the new package (I did some > changes in the debian folder) I got a buffer overflow. The gdb output is > attached. > > Best regards, > kix
Hi, Thanks for the gdb trace that can help understanding the issue. However I see a number of strange things inside (see below), but I will continue to investigate on my side. I may ask for your menu file later, although I am running on Debian too so I guess I should have it too. > GNU gdb (GDB) 7.4.1-debian > Copyright (C) 2012 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from /usr/lib/WindowMaker/wmaker...Reading symbols from > /usr/lib/debug/usr/lib/WindowMaker/wmaker...done. > done. > (gdb) set args --for-real > (gdb) run > Starting program: /usr/lib/WindowMaker/wmaker --for-real > > Program received signal SIGABRT, Aborted. > 0x00007ffff6a22475 in *__GI_raise (sig=<optimized out>) > at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No existe el fichero o el > directorio. > (gdb) bt > #0 0x00007ffff6a22475 in *__GI_raise (sig=<optimized out>) > at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > #1 0x00007ffff6a256f0 in *__GI_abort () at abort.c:92 > #2 0x00007ffff6a5c2fb in __libc_message (do_abort=<optimized out>, > fmt=<optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 > #3 0x00007ffff6adcf07 in *__GI___fortify_fail ( > msg=0x7ffff6b3ac20 "buffer overflow detected") at fortify_fail.c:32 > #4 0x00007ffff6adbdc0 in *__GI___chk_fail () at chk_fail.c:29 That is quite strange, from what I have seen (n < s1len) is true so this __chk_fail() should not have been triggered; furthermore s2 is supposed to be exactly __src of strncpy, so this does not look very good, but that may be optmisation on the path hiding what happened? or maybe stack overwrite which cause not-so-good stack-trace? > #5 0x00007ffff6adb085 in __strncpy_chk (s1=0x0, > s2=0x294a <Address 0x294a out of bounds>, n=6, s1len=18446744073709551615) > at strncpy_chk.c:34 > #6 0x00007ffff796a98f in strncpy (__len=<optimized out>, > __src=0x7b81a2 "wmmacros", __dest=<optimized out>) > at /usr/include/x86_64-linux-gnu/bits/string3.h:121 > #7 menu_parser_include_file (parser=0x7b7f50) at menuparser.c:491 > #8 0x00007ffff796b380 in menu_parser_get_directive (parser=0x7b7f50) > at menuparser.c:379 > #9 WMenuParserGetLine (top_parser=0x7b7f50, title=0x7fffffffe0b0, > command=0x7fffffffe0c8, parameter=0x7fffffffe0c0, shortcut=0x7fffffffe0b8) > at menuparser.c:170 > #10 0x00000000004412af in readMenuFile (scr=0x6ad3a0, > file_name=<optimized out>) at rootmenu.c:951 > #11 0x0000000000441861 in configureMenu (scr=0x6ad3a0, > definition=<optimized out>, includeGlobals=<optimized out>) > at rootmenu.c:1365 > #12 0x0000000000443253 in OpenRootMenu (scr=0x6ad3a0, x=-10000, y=-10000, > keyboard=0) at rootmenu.c:1527 > #13 0x0000000000444b37 in wScreenRestoreState (scr=0x6ad3a0) at screen.c:840 > #14 0x000000000044988d in StartUp (defaultScreenOnly=<optimized out>) > at startup.c:749 > #15 0x000000000042fd4a in real_main (argv=<optimized out>, argc=2) > at main.c:835 > #16 main (argc=2, argv=<optimized out>) at main.c:647 > (gdb) quit > A debugging session is active. > > Inferior 1 [process 10570] will be killed. > > Quit anyway? (y or n) > -- > ||// //\\// Rodolfo "kix" Garcia > ||\\// //\\ http://www.kix.es/ > > > -- > To unsubscribe, send mail to [email protected]. -- To unsubscribe, send mail to [email protected].
