[Bug 582276] New: thunderbird 3.0.1 buffer overflow, terminates when starting new mail
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c0 Summary: thunderbird 3.0.1 buffer overflow, terminates when starting new mail Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: Firefox AssignedTo: bnc-team-mozilla@forge.provo.novell.com ReportedBy: tamas.visegrady@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.0) Gecko/20100115 SUSE/3.6.0-1.5 Firefox/3.6 Trying to start new mail crashes Thunderbird 3.0.1 (x86_64) with buffer overflow: ---------------- /tmp.$ rpm -qa | grep -i thunderbird MozillaThunderbird-3.0.1-1.6.x86_64 /tmp.$ rpm -qi MozillaThunderbird Name : MozillaThunderbird Relocations: (not relocatable) Version : 3.0.1 Vendor: openSUSE Release : 1.6 Build Date: Sat Feb 20 09:32:43 2010 Install Date: Tue Feb 23 09:26:50 2010 Build Host: build32 .. ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7f9f04041657] /lib64/libc.so.6(+0xe5400)[0x7f9f0403f400] /usr/lib64/thunderbird/thunderbird-bin[0xaf8e70] /usr/lib64/thunderbird/thunderbird-bin[0xaf9f4a] /usr/lib64/thunderbird/thunderbird-bin[0xafa088] /usr/lib64/thunderbird/thunderbird-bin[0xaea594] /usr/lib64/thunderbird/thunderbird-bin[0xae97d5] /usr/lib64/thunderbird/thunderbird-bin[0xae2f7b] /usr/lib64/thunderbird/thunderbird-bin[0x613db6] /usr/lib64/thunderbird/thunderbird-bin[0x614587] /usr/lib64/thunderbird/thunderbird-bin[0xae5bdb] /usr/lib64/thunderbird/thunderbird-bin[0x855839] /usr/lib64/thunderbird/libxpcom_core.so(NS_InvokeByIndex_P+0x25c)[0x7f9f0a5f6d28] /usr/lib64/thunderbird/thunderbird-bin[0x4eddcd] /usr/lib64/thunderbird/thunderbird-bin[0x4f384d] /usr/lib64/thunderbird/libmozjs.so(js_Invoke+0x640)[0x7f9f0aa97d21] /usr/lib64/thunderbird/libmozjs.so(+0x429bd)[0x7f9f0aa889bd] /usr/lib64/thunderbird/libmozjs.so(js_Invoke+0x64a)[0x7f9f0aa97d2b] /usr/lib64/thunderbird/libmozjs.so(+0x51eda)[0x7f9f0aa97eda] /usr/lib64/thunderbird/libmozjs.so(+0x5201b)[0x7f9f0aa9801b] /usr/lib64/thunderbird/libmozjs.so(+0x5e092)[0x7f9f0aaa4092] /usr/lib64/thunderbird/libmozjs.so(+0x5e19c)[0x7f9f0aaa419c] /usr/lib64/thunderbird/libmozjs.so(+0x5e7e7)[0x7f9f0aaa47e7] /usr/lib64/thunderbird/libmozjs.so(+0x49c47)[0x7f9f0aa8fc47] /usr/lib64/thunderbird/libmozjs.so(js_Invoke+0x64a)[0x7f9f0aa97d2b] /usr/lib64/thunderbird/libmozjs.so(+0x51eda)[0x7f9f0aa97eda] /usr/lib64/thunderbird/libmozjs.so(JS_CallFunctionValue+0x1a)[0x7f9f0aa61150] /usr/lib64/thunderbird/thunderbird-bin[0x7fca86] /usr/lib64/thunderbird/thunderbird-bin[0x8065c7] /usr/lib64/thunderbird/thunderbird-bin[0x80686e] /usr/lib64/thunderbird/libxpcom_core.so(+0x6cd53)[0x7f9f0a5eed53] /usr/lib64/thunderbird/libxpcom_core.so(+0x6cf06)[0x7f9f0a5eef06] /usr/lib64/thunderbird/libxpcom_core.so(+0x6a866)[0x7f9f0a5ec866] /usr/lib64/thunderbird/libxpcom_core.so(_Z21NS_ProcessNextEvent_PP9nsIThreadi+0x2b)[0x7f9f0a5c25db] /usr/lib64/thunderbird/thunderbird-bin[0x5f29b1] /usr/lib64/thunderbird/thunderbird-bin[0xaca250] /usr/lib64/thunderbird/thunderbird-bin[0x44a01a] /usr/lib64/thunderbird/thunderbird-bin[0x445be5] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7f9f03f78b7d] /usr/lib64/thunderbird/thunderbird-bin[0x4459d9] Note that /usr/lib64/thunderbird was also missing from ld.conf (i.e., /etc/ld.so.conf.d/thunderbird.conf): -------------- /tmp.# ldd /usr/lib64/thunderbird/thunderbird-bin |grep "not found" libmozjs.so => not found libxpcom.so => not found libxpcom_core.so => not found libldap60.so => not found libprldap60.so => not found libldif60.so => not found -------------- but solving that itself does not help. Reproducible: Always Steps to Reproduce: 1. start Thunderbird 2. hit Write, Ctrl-N, or File/New/Message Actual Results: crash, results in .xsession-errors Expected Results: (opened compose window) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c1 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |tamas.visegrady@gmail.com --- Comment #1 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-02-23 17:38:51 UTC --- The stacktrace doesn't really help w/o symbols. Can you probably get them installed and create it again? Thunderbird should not have / don't need a ld.so.conf entry. Nothing is used from external components. The startscript takes care of everything. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c2 Tobias Burnus <burnus@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|tamas.visegrady@gmail.com | --- Comment #2 from Tobias Burnus <burnus@gmx.de> 2010-02-26 13:47:33 UTC --- Created an attachment (id=345200) --> (http://bugzilla.novell.com/attachment.cgi?id=345200) valgrind output "Conditional jump or move depends on uninitialised value" is unrelated. strcpy_chk: buffer overflow detected ***: program terminated Happens in mozSpellChecker.cpp (see attachment for details). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c3 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wolfgang@rosenauer.org --- Comment #3 from Marcus Meissner <meissner@novell.com> 2010-02-26 13:56:45 UTC --- i fixed this bug in the "hunspell" package already and it was cheked into factory. why is Thunderbird not dynamically linking against it? -DMOZ_NATIVE_HUNSPELL= \ -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c4 --- Comment #4 from Marcus Meissner <meissner@novell.com> 2010-02-26 13:57:08 UTC --- /work//SRC/all/hunspell/hunspell-disable-fortify.patch --- src/hunspell/hashmgr.cxx +++ src/hunspell/hashmgr.cxx @@ -1,3 +1,4 @@ +#undef _FORTIFY_SOURCE /* bad use of char word; at the end of struct hentry -Marcus */ #include "license.hunspell" #include "license.myspell" -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c5 --- Comment #5 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-02-26 14:49:20 UTC --- (In reply to comment #3)
i fixed this bug in the "hunspell" package already and it was cheked into factory.
why is Thunderbird not dynamically linking against it?
-DMOZ_NATIVE_HUNSPELL= \
good question. It should and the build pptions say so. I'll check. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c6 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #6 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-02-26 16:57:48 UTC --- Grr, pure oversight that --enable-system-myspell changed to --enable-system-hunspell at some point :-( Fix on its way to Factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582276 http://bugzilla.novell.com/show_bug.cgi?id=582276#c7 Uwe Buckesfeld <u.buckesfeld@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |u.buckesfeld@gmx.de --- Comment #7 from Uwe Buckesfeld <u.buckesfeld@gmx.de> 2010-03-15 14:38:02 UTC --- Still happens with "MozillaThunderbird-translations-common-3.0.1-1.9.x86_64.rpm" dated 27-Feb-2010 11:42 here. Could somebody please verify? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=582276 https://bugzilla.novell.com/show_bug.cgi?id=582276#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> 2014-09-09 16:10:16 UTC --- openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available. Category: security (important) Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370 CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1 212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2 011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967, CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012- 5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE- 2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502 ,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567 Sources used: openSUSE 11.4 (src): MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com