[Bug 668319] New: crash in socat when accessing unix pipe
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c0 Summary: crash in socat when accessing unix pipe Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: i686 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: fcrozat@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- this is valid for both socat in 11.3 (1.7.1.2) and from network:utils (1.7.1.3) test scenario : - use i586 host (not tested on x86_84) - install virtualbox, and enable netconsole in it (in a configured VM, enable serial port COM1 and choose "Port Mode : Host pipe", check "create pipe" and fill "file path" with "/tmp/vboxpipe" - run your VM - in the host, run "socat /tmp/vboxpipe stdout" => crash after investigating a little, the crash is caused by combinaison of two compilation flags : -fomit-frame-pointer and -fstack-protector -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c1 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |fcrozat@novell.com AssignedTo|bnc-team-screening@forge.pr |meissner@novell.com |ovo.novell.com | --- Comment #1 from Marcus Meissner <meissner@novell.com> 2011-01-31 12:41:47 UTC --- do you have a backtrace? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c2 --- Comment #2 from Frederic Crozat <fcrozat@novell.com> 2011-01-31 13:39:00 UTC --- unfortunately, memory is so corrupted gdb refuses to give a backtrace itself. Here is a "partial backtrace", done with 11.3 package (1.7.1.2) : Program received signal SIGSEGV, Segmentation fault. sanitize_string (data=<value optimized out>, bytes=<value optimized out>, coded=0xc0000000 <Address 0xc0000000 out of bounds>, style=8192) at utils.c:143 143 coded += sanitize_char(c, coded, style); (gdb) bt Cannot access memory at address 0xc0000000 (gdb) up #1 0x0806d3b5 in sockaddr_unix_info (sa=0x5c305c37, salen=1546673200, buff=0x44785c30 <Address 0x44785c30 out of bounds>, blen=1165515832) at sysutils.c:218 218 nextc = (gdb) up #2 0x41785c41 in ?? () here is valgrind report : valgrind socat /tmp/vboxpipe stdout ==21458== Memcheck, a memory error detector ==21458== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==21458== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==21458== Command: socat /tmp/vboxpipe stdout ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x4027C6B: strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==21458== by 0x806D397: sockaddr_unix_info (sysutils.c:220) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x4027C77: strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==21458== by 0x806D397: sockaddr_unix_info (sysutils.c:220) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Use of uninitialised value of size 4 ==21458== at 0x806E2C0: sanitize_string (utils.c:100) ==21458== by 0x806D3B4: sockaddr_unix_info (sysutils.c:218) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x806E2CF: sanitize_string (utils.c:106) ==21458== by 0x806D3B4: sockaddr_unix_info (sysutils.c:218) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Use of uninitialised value of size 4 ==21458== at 0x806E33B: sanitize_string (utils.c:106) ==21458== by 0x806D3B4: sockaddr_unix_info (sysutils.c:218) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x806E2E3: sanitize_string (utils.c:122) ==21458== by 0x806D3B4: sockaddr_unix_info (sysutils.c:218) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x806E2F5: sanitize_string (utils.c:123) ==21458== by 0x806D3B4: sockaddr_unix_info (sysutils.c:218) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x4027DCD: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==21458== by 0x806D3C7: sockaddr_unix_info (string3.h:123) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x4028DF5: rawmemchr (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==21458== by 0x806D73B: sockaddr_info (sysutils.c:158) ==21458== by 0x8073478: Getsockname (sycls.c:973) ==21458== by 0x805CB31: _xioopen_connect (xio-socket.c:836) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) ==21458== ==21458== Conditional jump or move depends on uninitialised value(s) ==21458== at 0x806D387: sockaddr_unix_info (sysutils.c:208) ==21458== by 0x806D723: sockaddr_info (sysutils.c:156) ==21458== by 0x805CBB1: _xioopen_connect (xio-socket.c:919) ==21458== by 0x805D270: xioopen_connect (xio-socket.c:961) ==21458== by 0x805F7B7: _xioopen_unix_client (xio-unix.c:497) ==21458== by 0x8058880: xioopen_gopen (xio-gopen.c:54) ==21458== by 0x8050B77: xioopen_single (xioopen.c:575) ==21458== by 0x8050C2D: xioopen (xioopen.c:443) ==21458== by 0x804E9F7: socat (socat.c:566) ==21458== by 0x804F695: main (socat.c:313) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c Frederic Crozat <fcrozat@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|fcrozat@novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c3 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #3 from Marcus Meissner <meissner@novell.com> 2011-02-02 16:36:50 UTC --- can reproduce. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c4 --- Comment #4 from Marcus Meissner <meissner@novell.com> 2011-02-02 16:44:12 UTC --- getsockname() returns uninitialized memory for some reason and the sanitizer then overwrites the stack as it does not find the end of the string -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c5 --- Comment #5 from Marcus Meissner <meissner@novell.com> 2011-02-02 17:26:37 UTC --- getsockname() returns a siockaddr length of 2 (just sa_family valid) for anon unix sockets, which I guess stdout? or the pipe? is. This then confuses the debugozutput. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugzilla.novell.com/show_bug.cgi?id=668319#c6 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #6 from Marcus Meissner <meissner@suse.com> 2011-12-12 13:28:13 UTC --- fixed in factory (and also 12.1) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com