* [LTP] Buffer Overflow with ftest03 and ftest07 @ 2009-09-21 23:02 K.D. Lucas 2009-09-24 12:23 ` Jiri Palecek 0 siblings, 1 reply; 6+ messages in thread From: K.D. Lucas @ 2009-09-21 23:02 UTC (permalink / raw) To: ltp-list [-- Attachment #1.1: Type: text/plain, Size: 4320 bytes --] Since I started using LTP 20090831 I've been seeing buffer overflow messages when running ftest03 and ftest07. The back trace is: *** buffer overflow detected ***: ftest03 terminated ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xa17038] /lib/tls/i686/cmov/libc.so.6[0xa15140] /lib/tls/i686/cmov/libc.so.6[0xa14838] /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x986d18] /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x95981c] /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xa148e4] /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xa1482d] ftest03[0x804a7d9] ftest03[0x804a884] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x92f7a5] ftest03[0x8049461] ======= Memory map: ======== 00919000-00a75000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 00a75000-00a76000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 00a76000-00a78000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 00a78000-00a79000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 00a79000-00a7c000 rw-p 00000000 00:00 0 00a8c000-00aa8000 r-xp 00000000 08:01 367 /lib/ld-2.9.so 00aa8000-00aa9000 r--p 0001b000 08:01 367 /lib/ld-2.9.so 00aa9000-00aaa000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so 00c91000-00cbb000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 00cbb000-00cbc000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 00cbc000-00cbd000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 00cce000-00ccf000 r-xp 00000000 00:00 0 [vdso] 08048000-08050000 r-xp 00000000 08:01 231138 /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 08050000-08051000 r--p 00007000 08:01 231138 /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 08051000-08052000 rw-p 00008000 08:01 231138 /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 08052000-08056000 rw-p 00000000 00:00 0 09ead000-09ece000 rw-p 00000000 00:00 0 [heap] b7f8d000-b7f8e000 rw-p 00000000 00:00 0 b7f9b000-b7f9d000 rw-p 00000000 00:00 0 bff91000-bffa6000 rw-p 00000000 00:00 0 [stack] *** buffer overflow detected ***: ftest07 terminated ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x20e038] /lib/tls/i686/cmov/libc.so.6[0x20c140] /lib/tls/i686/cmov/libc.so.6[0x20b838] /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x17dd18] /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x15081c] /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0x20b8e4] /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x20b82d] ftest07[0x804a9d1] ftest07[0x804aa74] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x1267a5] ftest07[0x8049421] ======= Memory map: ======== 00110000-0026c000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 0026c000-0026d000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 0026d000-0026f000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 0026f000-00270000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ libc-2.9.so 00270000-00273000 rw-p 00000000 00:00 0 00642000-0066c000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 0066c000-0066d000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 0066d000-0066e000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 00d7c000-00d7d000 r-xp 00000000 00:00 0 [vdso] 00dfe000-00e1a000 r-xp 00000000 08:01 367 /lib/ld-2.9.so 00e1a000-00e1b000 r--p 0001b000 08:01 367 /lib/ld-2.9.so 00e1b000-00e1c000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so 08048000-08050000 r-xp 00000000 08:01 231142 /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 08050000-08051000 r--p 00007000 08:01 231142 /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 08051000-08052000 rw-p 00008000 08:01 231142 /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 08052000-08057000 rw-p 00000000 00:00 0 09fce000-09fef000 rw-p 00000000 00:00 0 [heap] b802f000-b8030000 rw-p 00000000 00:00 0 b803d000-b803f000 rw-p 00000000 00:00 0 bfdfb000-bfe10000 rw-p 00000000 00:00 0 [stack] This is running against an Ubuntu Karmic Alpha netbook remix. I don't see this issue when testing on dapper or hardy distros. I saw some other posts about this, but no one has offered any suggestions or solutions yet. The kernel is 2.6.30-8-generic, i686 arch. kdl [-- Attachment #1.2: Type: text/html, Size: 5083 bytes --] [-- Attachment #2: Type: text/plain, Size: 401 bytes --] ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf [-- Attachment #3: Type: text/plain, Size: 155 bytes --] _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] Buffer Overflow with ftest03 and ftest07 2009-09-21 23:02 [LTP] Buffer Overflow with ftest03 and ftest07 K.D. Lucas @ 2009-09-24 12:23 ` Jiri Palecek 2009-09-24 18:55 ` K.D. Lucas 0 siblings, 1 reply; 6+ messages in thread From: Jiri Palecek @ 2009-09-24 12:23 UTC (permalink / raw) To: K.D. Lucas; +Cc: ltp-list [-- Attachment #1: Type: text/plain, Size: 4922 bytes --] Hi, On Tuesday 22 September 2009 01:02:29 K.D. Lucas wrote: > Since I started using LTP 20090831 I've been seeing buffer overflow messages > when running ftest03 and ftest07. The back trace is: > > *** buffer overflow detected ***: ftest03 terminated > ======= Backtrace: ========= > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xa17038] > /lib/tls/i686/cmov/libc.so.6[0xa15140] > /lib/tls/i686/cmov/libc.so.6[0xa14838] > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x986d18] > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x95981c] > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xa148e4] > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xa1482d] > ftest03[0x804a7d9] > ftest03[0x804a884] > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x92f7a5] > ftest03[0x8049461] > ======= Memory map: ======== > 00919000-00a75000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 00a75000-00a76000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 00a76000-00a78000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 00a78000-00a79000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 00a79000-00a7c000 rw-p 00000000 00:00 0 > 00a8c000-00aa8000 r-xp 00000000 08:01 367 /lib/ld-2.9.so > 00aa8000-00aa9000 r--p 0001b000 08:01 367 /lib/ld-2.9.so > 00aa9000-00aaa000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so > 00c91000-00cbb000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 > 00cbb000-00cbc000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 > 00cbc000-00cbd000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 > 00cce000-00ccf000 r-xp 00000000 00:00 0 [vdso] > 08048000-08050000 r-xp 00000000 08:01 231138 > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 > 08050000-08051000 r--p 00007000 08:01 231138 > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 > 08051000-08052000 rw-p 00008000 08:01 231138 > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 > 08052000-08056000 rw-p 00000000 00:00 0 > 09ead000-09ece000 rw-p 00000000 00:00 0 [heap] > b7f8d000-b7f8e000 rw-p 00000000 00:00 0 > b7f9b000-b7f9d000 rw-p 00000000 00:00 0 > bff91000-bffa6000 rw-p 00000000 00:00 0 [stack] > *** buffer overflow detected ***: ftest07 terminated > ======= Backtrace: ========= > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x20e038] > /lib/tls/i686/cmov/libc.so.6[0x20c140] > /lib/tls/i686/cmov/libc.so.6[0x20b838] > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x17dd18] > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x15081c] > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0x20b8e4] > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x20b82d] > ftest07[0x804a9d1] > ftest07[0x804aa74] > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x1267a5] > ftest07[0x8049421] > ======= Memory map: ======== > 00110000-0026c000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 0026c000-0026d000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 0026d000-0026f000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 0026f000-00270000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ > libc-2.9.so > 00270000-00273000 rw-p 00000000 00:00 0 > 00642000-0066c000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 > 0066c000-0066d000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 > 0066d000-0066e000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 > 00d7c000-00d7d000 r-xp 00000000 00:00 0 [vdso] > 00dfe000-00e1a000 r-xp 00000000 08:01 367 /lib/ld-2.9.so > 00e1a000-00e1b000 r--p 0001b000 08:01 367 /lib/ld-2.9.so > 00e1b000-00e1c000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so > 08048000-08050000 r-xp 00000000 08:01 231142 > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 > 08050000-08051000 r--p 00007000 08:01 231142 > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 > 08051000-08052000 rw-p 00008000 08:01 231142 > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 > 08052000-08057000 rw-p 00000000 00:00 0 > 09fce000-09fef000 rw-p 00000000 00:00 0 [heap] > b802f000-b8030000 rw-p 00000000 00:00 0 > b803d000-b803f000 rw-p 00000000 00:00 0 > bfdfb000-bfe10000 rw-p 00000000 00:00 0 [stack] > > > This is running against an Ubuntu Karmic Alpha netbook remix. I don't see > this issue when testing on dapper or hardy distros. I saw some other posts > about this, but no one has offered any suggestions or solutions yet. It seems the problem is with some sprintf() call, and indeed, there is one in the code. I propose deleting it (with other code) altogether, because it was needed just for creation of a temporary directory and we have tst_tmpdir() for that. See the attachment and please report whether it works and whether such solution is acceptable. Note that the code was not tested in any way. Regards Jiri Palecek [-- Attachment #2: test-patch.diff --] [-- Type: text/x-patch, Size: 10677 bytes --] commit 74c9729d10fcf866eff93ae830005fb13b464e16 Author: Jiri Palecek <jirka@debian.(none)> Date: Thu Sep 24 13:18:25 2009 +0200 Remove fuss from ftest testcases The testcases contained logic for creating their temporary directories. IMHO, this was superseded with the introduction of tst_tmpdir, and the code might invoke buffer overflow errors, so it's better deleted. diff --git a/testcases/kernel/fs/ftest/ftest01.c b/testcases/kernel/fs/ftest/ftest01.c index 8bbbdce..ecdc0ab 100644 --- a/testcases/kernel/fs/ftest/ftest01.c +++ b/testcases/kernel/fs/ftest/ftest01.c @@ -95,9 +95,6 @@ int pidlist[MAXCHILD]; char test_name[2]; /* childs test directory name */ char *prog; -char fuss[40] = ""; /* directory to do this in */ -char homedir[200]= ""; /* where we started */ - int local_flag; /*--------------------------------------------------------------*/ @@ -143,18 +140,8 @@ setup() * Save starting directory. */ tst_tmpdir(); - getcwd(homedir, sizeof( homedir)); parent_pid = getpid(); - if (!fuss[0]) - sprintf(fuss, "./ftest1.%d", getpid()); - - mkdir(fuss, 0755); - - if (chdir(fuss) < 0) { - tst_brkm(TBROK,0,"Can't chdir(%s): %s", fuss, strerror(errno)); - } - /* * Default values for run conditions. */ @@ -166,8 +153,7 @@ setup() misc_intvl = 10; if ((sigset(SIGTERM, (void (*)())term)) == SIG_ERR) { - tst_resm(TBROK,"sigset failed: %s", strerror(errno)); - tst_exit(); + tst_brkm(TBROK, cleanup, "sigset failed: %s", strerror(errno)); } local_flag = PASSED; @@ -189,7 +175,7 @@ int runtest() test_name[1] = '\0'; fd = open(test_name, O_RDWR|O_CREAT|O_TRUNC, 0666); if (fd < 0) { - tst_brkm(TBROK,0, "Can't creating %s/%s: %s", fuss, test_name, strerror(errno)); + tst_brkm(TBROK,0, "Can't creating %s: %s", test_name, strerror(errno)); } if ((child = fork()) == 0) { /* child */ dotest(nchild, i, fd); /* do it! */ @@ -216,7 +202,7 @@ int runtest() { if ((child = wait(&status)) >= 0) { if (status) { - tst_resm(TFAIL,0, "Test{%d} failed, expected 0 exit", child); + tst_resm(TFAIL, "Test{%d} failed, expected 0 exit", child); local_flag = FAILED; } ++count; @@ -243,27 +229,6 @@ int runtest() tst_resm(TFAIL, "Test failed in fork and wait."); } - chdir(homedir); - pid = fork(); - if (pid < 0) { - - tst_resm(TINFO, "System resource may be too low, fork() malloc()" - " etc are likely to fail."); - - tst_resm(TBROK, "Can not remove '%s' due to inability of fork.",fuss); - sync(); - tst_exit(); - } - if (pid == 0) { - execl("/bin/rm", "rm", "-rf", fuss, NULL); - tst_exit(); - } - - wait(&status); - if (status) { - tst_resm(TINFO, "CAUTION - ftest1, '%s' may not be removed", fuss); - } - sync(); /* safeness */ return 0; } diff --git a/testcases/kernel/fs/ftest/ftest03.c b/testcases/kernel/fs/ftest/ftest03.c index 35d4328..a031f72 100644 --- a/testcases/kernel/fs/ftest/ftest03.c +++ b/testcases/kernel/fs/ftest/ftest03.c @@ -72,6 +72,7 @@ extern int Tst_count; #define FAILED 0 void setup(); +static void cleanup(void); int runtest(); int dotest(int, int, int); int domisc(int, int, char*); @@ -98,10 +99,7 @@ int fd; /* file descriptor used by child */ int parent_pid; int pidlist[MAXCHILD]; char test_name[2]; /* childs test directory name */ -char *prog, *getcwd() ; - -char fuss[40] = ""; /* directory to do this in */ -char homedir[200]= ""; /* where we started */ +char *prog; int local_flag; /*--------------------------------------------------------------*/ @@ -135,9 +133,8 @@ int main (ac, av) tst_resm(TFAIL, "Test failed."); } - tst_rmdir(); - tst_exit(); } /* end for */ + cleanup(); return 0; } /*--------------------------------------------------------------*/ @@ -153,24 +150,8 @@ setup() * Save starting directory. */ tst_tmpdir(); - if ( (cwd = getcwd(homedir, sizeof( homedir))) == NULL ) { - tst_resm(TBROK, "pwd") ; - tst_exit() ; - } - parent_pid = getpid(); - if (!fuss[0]) - sprintf(fuss, "%s/ftest03.%d", getcwd(wdbuf, sizeof( wdbuf)), getpid()); - - mkdir(fuss, 0755); - - if (chdir(fuss) < 0) { - tst_resm(TBROK,"\tCan't chdir(%s), error %d.", fuss, errno); - tst_exit() ; - } - - /* * Default values for run conditions. */ @@ -182,13 +163,16 @@ setup() misc_intvl = 10; if (sigset(SIGTERM, (void (*)())term) == SIG_ERR) { - perror("sigset failed"); - tst_resm(TBROK, " sigset failed: signo = 15") ; - tst_exit() ; + tst_brkm(TBROK|TERRNO, cleanup, " sigset failed: signo = 15") ; } } +static void cleanup(void) +{ + tst_rmdir(); + tst_exit(); +} int runtest() { @@ -205,8 +189,7 @@ int runtest() test_name[1] = '\0'; fd = open(test_name, O_RDWR|O_CREAT|O_TRUNC, 0666); if (fd < 0) { - tst_resm(TBROK, "\tError %d creating %s/%s.", errno, fuss, test_name); - tst_exit(); + tst_brkm(TBROK, cleanup, "\tError %d creating %s.", errno, test_name); } if ((child = fork()) == 0) { /* child */ dotest(nchild, i, fd); /* do it! */ @@ -258,28 +241,6 @@ int runtest() local_flag = FAILED; } - chdir(homedir); - - pid = fork(); - if (pid < 0) { - tst_resm(TINFO, "System resource may be too low, fork() malloc()" - " etc are likely to fail."); - tst_resm(TBROK, "Test broken due to inability of fork."); - sync(); /* safeness */ - tst_exit(); - } - - if (pid == 0) { - execl("/bin/rm", "rm", "-rf", fuss, NULL); - tst_exit(); - } else - wait(&status); - if (status) { - tst_resm(TINFO, "CAUTION - ftest03, '%s' may not be removed", fuss); - tst_resm(TINFO, "CAUTION - ftest03, '%s' may not be removed", - fuss); - } - sync(); /* safeness */ return 0; } diff --git a/testcases/kernel/fs/ftest/ftest05.c b/testcases/kernel/fs/ftest/ftest05.c index 24fac1d..5fe16ad 100644 --- a/testcases/kernel/fs/ftest/ftest05.c +++ b/testcases/kernel/fs/ftest/ftest05.c @@ -98,9 +98,6 @@ int pidlist[MAXCHILD]; char test_name[2]; /* childs test directory name */ char *prog; -char fuss[40] = ""; /* directory to do this in */ -char homedir[200]= ""; /* where we started */ - int local_flag; /*--------------------------------------------------------------*/ @@ -147,20 +144,8 @@ setup() * Save starting directory. */ tst_tmpdir(); - getcwd(homedir, sizeof( homedir)); parent_pid = getpid(); - if (!fuss[0]) - sprintf(fuss, "./ftest05.%d", getpid()); - - mkdir(fuss, 0755); - - if (chdir(fuss) < 0) { - tst_resm(TBROK,"\tCan't chdir(%s), error %d.", fuss, errno); - tst_exit(); - } - - /* * Default values for run conditions. */ @@ -195,8 +180,7 @@ int runtest() test_name[1] = '\0'; fd = open(test_name, O_RDWR|O_CREAT|O_TRUNC, 0666); if (fd < 0) { - tst_resm(TBROK, "\tError %d creating %s/%s.", errno, fuss, test_name); - tst_exit(); + tst_brkm(TBROK|TERRNO, cleanup, "Error creating %s.", test_name); } if ((child = fork()) == 0) { /* child */ dotest(nchild, i, fd); /* do it! */ @@ -206,8 +190,7 @@ int runtest() if (child < 0) { tst_resm(TINFO, "System resource may be too low, fork() malloc()" " etc are likely to fail."); - tst_resm(TBROK, "Test broken due to inability of fork."); - tst_exit(); + tst_brkm(TBROK, cleanup, "Test broken due to inability of fork."); } else { pidlist[i] = child; nwait++; @@ -245,26 +228,6 @@ int runtest() local_flag = FAILED; } - - chdir(homedir); - pid = fork(); - if (pid < 0) { - tst_resm(TINFO, "System resource may be too low, fork() malloc()" - " etc are likely to fail."); - tst_resm(TBROK, "Test broken due to inability of fork."); - sync(); - tst_exit(); - } - if (pid == 0) { - execl("/bin/rm", "rm", "-rf", fuss, NULL); - tst_exit(); - } - - wait(&status); - if (status) { - tst_resm(TINFO,"CAUTION - ftest05, '%s' may not be removed", fuss); - } - sync(); /* safeness */ return 0; } diff --git a/testcases/kernel/fs/ftest/ftest07.c b/testcases/kernel/fs/ftest/ftest07.c index 2b2aa7c..e1d22c5 100644 --- a/testcases/kernel/fs/ftest/ftest07.c +++ b/testcases/kernel/fs/ftest/ftest07.c @@ -84,6 +84,7 @@ extern int Tst_count; #define MAXIOVCNT 16 void setup(); +static void cleanup(void); int runtest(); int dotest(int, int, int); int domisc(int, int, char*); @@ -103,10 +104,7 @@ int fd; /* file descriptor used by child */ int parent_pid; int pidlist[MAXCHILD]; char test_name[2]; /* childs test directory name */ -char *prog, *getcwd() ; - -char fuss[40] = ""; /* directory to do this in */ -char homedir[200]= ""; /* where we started */ +char *prog; int local_flag; @@ -141,10 +139,8 @@ int main (ac, av) tst_resm(TFAIL, "Test failed."); } - tst_rmdir(); - tst_exit(); - } /* end for */ + cleanup(); return 0; } /*--------------------------------------------------------------*/ @@ -154,27 +150,8 @@ void setup() char wdbuf[MAXPATHLEN], *cwd ; int term(); - /* - * Make a directory to do this in; ignore error if already exists. - * Save starting directory. - */ - - if ( (cwd = getcwd(homedir, sizeof( homedir))) == NULL ) { - tst_resm(TBROK,"Failed to get corrent directory") ; - tst_exit() ; - } - parent_pid = getpid(); tst_tmpdir(); - if (!fuss[0]) - sprintf(fuss, "%s/ftest07.%d", getcwd(wdbuf, sizeof( wdbuf)), getpid()); - - mkdir(fuss, 0755); - - if (chdir(fuss) < 0) { - tst_resm(TBROK,"\tCan't chdir(%s), error %d.", fuss, errno); - tst_exit() ; - } /* * Default values for run conditions. @@ -187,12 +164,17 @@ void setup() misc_intvl = 10; if (sigset(SIGTERM, (void (*)())term) == SIG_ERR) { - tst_resm(TBROK, " sigset failed: signo = 15") ; - tst_exit() ; + tst_brkm(TBROK, cleanup, " sigset failed: signo = 15") ; } } +static void cleanup(void) +{ + tst_rmdir(); + tst_exit(); +} + int runtest() { register int i; @@ -259,25 +241,6 @@ int runtest() local_flag = FAILED; } - chdir(homedir); - - pid = fork(); - if (pid < 0) { - tst_resm(TINFO, "System resource may be too low, fork() malloc()" - " etc are likely to fail."); - tst_resm(TBROK, "Test broken due to inability of fork."); - tst_exit(); - } - - if (pid == 0) { - execl("/bin/rm", "rm", "-rf", fuss, NULL); - exit(1); - } else - wait(&status); - if (status) { - tst_resm(TINFO, "CAUTION - ftest07, '%s' may not be removed", fuss); - } - sync(); /* safeness */ return 0; } [-- Attachment #3: Type: text/plain, Size: 401 bytes --] ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf [-- Attachment #4: Type: text/plain, Size: 155 bytes --] _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [LTP] Buffer Overflow with ftest03 and ftest07 2009-09-24 12:23 ` Jiri Palecek @ 2009-09-24 18:55 ` K.D. Lucas 2009-09-24 21:30 ` Garrett Cooper ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: K.D. Lucas @ 2009-09-24 18:55 UTC (permalink / raw) To: Jiri Palecek; +Cc: ltp-list [-- Attachment #1.1: Type: text/plain, Size: 5745 bytes --] Ok, I applied your patch, and it didn't compile initially so I had to clean up a few things. They were mostly minor like casting a few vars to integers, or changing the format specifiers from %XL to %ld, etc, and adding the variable char fuss[40] back into ftest07.c. After that I tested them. Both ftest03.c and ftest07.c passes when run from the command line. But when executed by runltp, they fail with return code 11. This is identical to the behavior without your patch. Thanks for attempting to fix this. Any other ideas? Kelly 2009/9/24 Jiri Palecek <jpalecek@web.de> > Hi, > > On Tuesday 22 September 2009 01:02:29 K.D. Lucas wrote: > > Since I started using LTP 20090831 I've been seeing buffer overflow > messages > > when running ftest03 and ftest07. The back trace is: > > > > *** buffer overflow detected ***: ftest03 terminated > > ======= Backtrace: ========= > > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xa17038] > > /lib/tls/i686/cmov/libc.so.6[0xa15140] > > /lib/tls/i686/cmov/libc.so.6[0xa14838] > > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x986d18] > > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x95981c] > > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xa148e4] > > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xa1482d] > > ftest03[0x804a7d9] > > ftest03[0x804a884] > > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x92f7a5] > > ftest03[0x8049461] > > ======= Memory map: ======== > > 00919000-00a75000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 00a75000-00a76000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 00a76000-00a78000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 00a78000-00a79000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 00a79000-00a7c000 rw-p 00000000 00:00 0 > > 00a8c000-00aa8000 r-xp 00000000 08:01 367 /lib/ld-2.9.so > > 00aa8000-00aa9000 r--p 0001b000 08:01 367 /lib/ld-2.9.so > > 00aa9000-00aaa000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so > > 00c91000-00cbb000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 > > 00cbb000-00cbc000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 > > 00cbc000-00cbd000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 > > 00cce000-00ccf000 r-xp 00000000 00:00 0 [vdso] > > 08048000-08050000 r-xp 00000000 08:01 231138 > > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 > > 08050000-08051000 r--p 00007000 08:01 231138 > > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 > > 08051000-08052000 rw-p 00008000 08:01 231138 > > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 > > 08052000-08056000 rw-p 00000000 00:00 0 > > 09ead000-09ece000 rw-p 00000000 00:00 0 [heap] > > b7f8d000-b7f8e000 rw-p 00000000 00:00 0 > > b7f9b000-b7f9d000 rw-p 00000000 00:00 0 > > bff91000-bffa6000 rw-p 00000000 00:00 0 [stack] > > *** buffer overflow detected ***: ftest07 terminated > > ======= Backtrace: ========= > > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x20e038] > > /lib/tls/i686/cmov/libc.so.6[0x20c140] > > /lib/tls/i686/cmov/libc.so.6[0x20b838] > > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x17dd18] > > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x15081c] > > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0x20b8e4] > > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x20b82d] > > ftest07[0x804a9d1] > > ftest07[0x804aa74] > > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x1267a5] > > ftest07[0x8049421] > > ======= Memory map: ======== > > 00110000-0026c000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 0026c000-0026d000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 0026d000-0026f000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 0026f000-00270000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ > > libc-2.9.so > > 00270000-00273000 rw-p 00000000 00:00 0 > > 00642000-0066c000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 > > 0066c000-0066d000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 > > 0066d000-0066e000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 > > 00d7c000-00d7d000 r-xp 00000000 00:00 0 [vdso] > > 00dfe000-00e1a000 r-xp 00000000 08:01 367 /lib/ld-2.9.so > > 00e1a000-00e1b000 r--p 0001b000 08:01 367 /lib/ld-2.9.so > > 00e1b000-00e1c000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so > > 08048000-08050000 r-xp 00000000 08:01 231142 > > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 > > 08050000-08051000 r--p 00007000 08:01 231142 > > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 > > 08051000-08052000 rw-p 00008000 08:01 231142 > > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 > > 08052000-08057000 rw-p 00000000 00:00 0 > > 09fce000-09fef000 rw-p 00000000 00:00 0 [heap] > > b802f000-b8030000 rw-p 00000000 00:00 0 > > b803d000-b803f000 rw-p 00000000 00:00 0 > > bfdfb000-bfe10000 rw-p 00000000 00:00 0 [stack] > > > > > > This is running against an Ubuntu Karmic Alpha netbook remix. I don't see > > this issue when testing on dapper or hardy distros. I saw some other > posts > > about this, but no one has offered any suggestions or solutions yet. > > It seems the problem is with some sprintf() call, and indeed, there is one > in the code. I propose deleting it (with other code) altogether, because it > was needed just for creation of a temporary directory and we have > tst_tmpdir() for that. See the attachment and please report whether it works > and whether such solution is acceptable. > > Note that the code was not tested in any way. > > Regards > Jiri Palecek > -- K.D. Lucas kdlucas@gmail.com [-- Attachment #1.2: Type: text/html, Size: 7409 bytes --] [-- Attachment #2: Type: text/plain, Size: 401 bytes --] ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf [-- Attachment #3: Type: text/plain, Size: 155 bytes --] _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] Buffer Overflow with ftest03 and ftest07 2009-09-24 18:55 ` K.D. Lucas @ 2009-09-24 21:30 ` Garrett Cooper 2009-09-24 21:42 ` Jiří Paleček 2010-03-25 18:22 ` Cyril Hrubis 2 siblings, 0 replies; 6+ messages in thread From: Garrett Cooper @ 2009-09-24 21:30 UTC (permalink / raw) To: K.D. Lucas; +Cc: Jiri Palecek, ltp-list On Thu, Sep 24, 2009 at 11:55 AM, K.D. Lucas <kdlucas@gmail.com> wrote: > Ok, I applied your patch, and it didn't compile initially so I had to clean > up a few things. They were mostly minor like casting a few vars to integers, > or changing the format specifiers from %XL to %ld, etc, and adding the > variable char fuss[40] back into ftest07.c. > > After that I tested them. Both ftest03.c and ftest07.c passes when run from > the command line. But when executed by runltp, they fail with return code > 11. This is identical to the behavior without your patch. > > Thanks for attempting to fix this. Any other ideas? > > Kelly > > 2009/9/24 Jiri Palecek <jpalecek@web.de> >> >> Hi, >> >> On Tuesday 22 September 2009 01:02:29 K.D. Lucas wrote: >> > Since I started using LTP 20090831 I've been seeing buffer overflow >> > messages >> > when running ftest03 and ftest07. The back trace is: >> > >> > *** buffer overflow detected ***: ftest03 terminated >> > ======= Backtrace: ========= >> > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xa17038] >> > /lib/tls/i686/cmov/libc.so.6[0xa15140] >> > /lib/tls/i686/cmov/libc.so.6[0xa14838] >> > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x986d18] >> > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x95981c] >> > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xa148e4] >> > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xa1482d] >> > ftest03[0x804a7d9] >> > ftest03[0x804a884] >> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x92f7a5] >> > ftest03[0x8049461] >> > ======= Memory map: ======== >> > 00919000-00a75000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a75000-00a76000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a76000-00a78000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a78000-00a79000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a79000-00a7c000 rw-p 00000000 00:00 0 >> > 00a8c000-00aa8000 r-xp 00000000 08:01 367 /lib/ld-2.9.so >> > 00aa8000-00aa9000 r--p 0001b000 08:01 367 /lib/ld-2.9.so >> > 00aa9000-00aaa000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so >> > 00c91000-00cbb000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 >> > 00cbb000-00cbc000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 >> > 00cbc000-00cbd000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 >> > 00cce000-00ccf000 r-xp 00000000 00:00 0 [vdso] >> > 08048000-08050000 r-xp 00000000 08:01 231138 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 >> > 08050000-08051000 r--p 00007000 08:01 231138 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 >> > 08051000-08052000 rw-p 00008000 08:01 231138 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 >> > 08052000-08056000 rw-p 00000000 00:00 0 >> > 09ead000-09ece000 rw-p 00000000 00:00 0 [heap] >> > b7f8d000-b7f8e000 rw-p 00000000 00:00 0 >> > b7f9b000-b7f9d000 rw-p 00000000 00:00 0 >> > bff91000-bffa6000 rw-p 00000000 00:00 0 [stack] >> > *** buffer overflow detected ***: ftest07 terminated >> > ======= Backtrace: ========= >> > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x20e038] >> > /lib/tls/i686/cmov/libc.so.6[0x20c140] >> > /lib/tls/i686/cmov/libc.so.6[0x20b838] >> > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x17dd18] >> > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x15081c] >> > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0x20b8e4] >> > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x20b82d] >> > ftest07[0x804a9d1] >> > ftest07[0x804aa74] >> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x1267a5] >> > ftest07[0x8049421] >> > ======= Memory map: ======== >> > 00110000-0026c000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 0026c000-0026d000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 0026d000-0026f000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 0026f000-00270000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00270000-00273000 rw-p 00000000 00:00 0 >> > 00642000-0066c000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 >> > 0066c000-0066d000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 >> > 0066d000-0066e000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 >> > 00d7c000-00d7d000 r-xp 00000000 00:00 0 [vdso] >> > 00dfe000-00e1a000 r-xp 00000000 08:01 367 /lib/ld-2.9.so >> > 00e1a000-00e1b000 r--p 0001b000 08:01 367 /lib/ld-2.9.so >> > 00e1b000-00e1c000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so >> > 08048000-08050000 r-xp 00000000 08:01 231142 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 >> > 08050000-08051000 r--p 00007000 08:01 231142 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 >> > 08051000-08052000 rw-p 00008000 08:01 231142 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 >> > 08052000-08057000 rw-p 00000000 00:00 0 >> > 09fce000-09fef000 rw-p 00000000 00:00 0 [heap] >> > b802f000-b8030000 rw-p 00000000 00:00 0 >> > b803d000-b803f000 rw-p 00000000 00:00 0 >> > bfdfb000-bfe10000 rw-p 00000000 00:00 0 [stack] >> > >> > >> > This is running against an Ubuntu Karmic Alpha netbook remix. I don't >> > see >> > this issue when testing on dapper or hardy distros. I saw some other >> > posts >> > about this, but no one has offered any suggestions or solutions yet. >> >> It seems the problem is with some sprintf() call, and indeed, there is one >> in the code. I propose deleting it (with other code) altogether, because it >> was needed just for creation of a temporary directory and we have >> tst_tmpdir() for that. See the attachment and please report whether it works >> and whether such solution is acceptable. >> >> Note that the code was not tested in any way. Compile with -g and run with gdb to see where it crashes? -Garrett ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] Buffer Overflow with ftest03 and ftest07 2009-09-24 18:55 ` K.D. Lucas 2009-09-24 21:30 ` Garrett Cooper @ 2009-09-24 21:42 ` Jiří Paleček 2010-03-25 18:22 ` Cyril Hrubis 2 siblings, 0 replies; 6+ messages in thread From: Jiří Paleček @ 2009-09-24 21:42 UTC (permalink / raw) To: K.D. Lucas; +Cc: ltp-list On Thu, 24 Sep 2009 20:55:57 +0200, K.D. Lucas <kdlucas@gmail.com> wrote: > Ok, I applied your patch, and it didn't compile initially so I had to > clean > up a few things. They were mostly minor like casting a few vars to > integers, > or changing the format specifiers from %XL to %ld, etc, and adding the > variable char fuss[40] back into ftest07.c. > > After that I tested them. Both ftest03.c and ftest07.c passes when run > from > the command line. But when executed by runltp, they fail with return code > 11. This is identical to the behavior without your patch. > > Thanks for attempting to fix this. Any other ideas? OK. Could you build with debugging symbols and get a backtrace with them, or send a backtrace with the binary that produced it? Jiri > Kelly > > 2009/9/24 Jiri Palecek <jpalecek@web.de> > >> Hi, >> >> On Tuesday 22 September 2009 01:02:29 K.D. Lucas wrote: >> > Since I started using LTP 20090831 I've been seeing buffer overflow >> messages >> > when running ftest03 and ftest07. The back trace is: >> > >> > *** buffer overflow detected ***: ftest03 terminated >> > ======= Backtrace: ========= >> > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xa17038] >> > /lib/tls/i686/cmov/libc.so.6[0xa15140] >> > /lib/tls/i686/cmov/libc.so.6[0xa14838] >> > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x986d18] >> > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x95981c] >> > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xa148e4] >> > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xa1482d] >> > ftest03[0x804a7d9] >> > ftest03[0x804a884] >> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x92f7a5] >> > ftest03[0x8049461] >> > ======= Memory map: ======== >> > 00919000-00a75000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a75000-00a76000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a76000-00a78000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a78000-00a79000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00a79000-00a7c000 rw-p 00000000 00:00 0 >> > 00a8c000-00aa8000 r-xp 00000000 08:01 367 /lib/ld-2.9.so >> > 00aa8000-00aa9000 r--p 0001b000 08:01 367 /lib/ld-2.9.so >> > 00aa9000-00aaa000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so >> > 00c91000-00cbb000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 >> > 00cbb000-00cbc000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 >> > 00cbc000-00cbd000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 >> > 00cce000-00ccf000 r-xp 00000000 00:00 0 [vdso] >> > 08048000-08050000 r-xp 00000000 08:01 231138 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 >> > 08050000-08051000 r--p 00007000 08:01 231138 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 >> > 08051000-08052000 rw-p 00008000 08:01 231138 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest03 >> > 08052000-08056000 rw-p 00000000 00:00 0 >> > 09ead000-09ece000 rw-p 00000000 00:00 0 [heap] >> > b7f8d000-b7f8e000 rw-p 00000000 00:00 0 >> > b7f9b000-b7f9d000 rw-p 00000000 00:00 0 >> > bff91000-bffa6000 rw-p 00000000 00:00 0 [stack] >> > *** buffer overflow detected ***: ftest07 terminated >> > ======= Backtrace: ========= >> > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x20e038] >> > /lib/tls/i686/cmov/libc.so.6[0x20c140] >> > /lib/tls/i686/cmov/libc.so.6[0x20b838] >> > /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0x17dd18] >> > /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4c)[0x15081c] >> > /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0x20b8e4] >> > /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x20b82d] >> > ftest07[0x804a9d1] >> > ftest07[0x804aa74] >> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x1267a5] >> > ftest07[0x8049421] >> > ======= Memory map: ======== >> > 00110000-0026c000 r-xp 00000000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 0026c000-0026d000 ---p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 0026d000-0026f000 r--p 0015c000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 0026f000-00270000 rw-p 0015e000 08:01 132417 /lib/tls/i686/cmov/ >> > libc-2.9.so >> > 00270000-00273000 rw-p 00000000 00:00 0 >> > 00642000-0066c000 r-xp 00000000 08:01 409 /lib/libgcc_s.so.1 >> > 0066c000-0066d000 r--p 00029000 08:01 409 /lib/libgcc_s.so.1 >> > 0066d000-0066e000 rw-p 0002a000 08:01 409 /lib/libgcc_s.so.1 >> > 00d7c000-00d7d000 r-xp 00000000 00:00 0 [vdso] >> > 00dfe000-00e1a000 r-xp 00000000 08:01 367 /lib/ld-2.9.so >> > 00e1a000-00e1b000 r--p 0001b000 08:01 367 /lib/ld-2.9.so >> > 00e1b000-00e1c000 rw-p 0001c000 08:01 367 /lib/ld-2.9.so >> > 08048000-08050000 r-xp 00000000 08:01 231142 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 >> > 08050000-08051000 r--p 00007000 08:01 231142 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 >> > 08051000-08052000 rw-p 00008000 08:01 231142 >> > /var/tmp/tests/ltp-full-20090831/testcases/bin/ftest07 >> > 08052000-08057000 rw-p 00000000 00:00 0 >> > 09fce000-09fef000 rw-p 00000000 00:00 0 [heap] >> > b802f000-b8030000 rw-p 00000000 00:00 0 >> > b803d000-b803f000 rw-p 00000000 00:00 0 >> > bfdfb000-bfe10000 rw-p 00000000 00:00 0 [stack] >> > >> > >> > This is running against an Ubuntu Karmic Alpha netbook remix. I don't >> see >> > this issue when testing on dapper or hardy distros. I saw some other >> posts >> > about this, but no one has offered any suggestions or solutions yet. >> >> It seems the problem is with some sprintf() call, and indeed, there is >> one >> in the code. I propose deleting it (with other code) altogether, >> because it >> was needed just for creation of a temporary directory and we have >> tst_tmpdir() for that. See the attachment and please report whether it >> works >> and whether such solution is acceptable. >> >> Note that the code was not tested in any way. >> >> Regards >> Jiri Palecek >> > > > -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] Buffer Overflow with ftest03 and ftest07 2009-09-24 18:55 ` K.D. Lucas 2009-09-24 21:30 ` Garrett Cooper 2009-09-24 21:42 ` Jiří Paleček @ 2010-03-25 18:22 ` Cyril Hrubis 2 siblings, 0 replies; 6+ messages in thread From: Cyril Hrubis @ 2010-03-25 18:22 UTC (permalink / raw) To: K.D. Lucas; +Cc: Jiri Palecek, ltp-list Hi! > After that I tested them. Both ftest03.c and ftest07.c passes when run from > the command line. But when executed by runltp, they fail with return code > 11. This is identical to the behavior without your patch. Well, they PASS every time when executed by hand, because TDIRECTORY defaults to plain "/tmp/" in this case. When executing tests with runltp TDIRECTORY is se to something like "/tmp/ltp-qnZVs21494/" and then fuss[] is sometimes not big enough to hold the string and this causes the segfault. Try for yourself: TDIRECTORY="/tmp/this_name_is_just_too_long" ./ftest03 However deleting the code that creates temporary directories works for me, at least for ftest03.c. I'll test Jiri's patch asap and try to fix the remaining corner cases. -- Cyril Hrubis chrubis@suse.cz ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-03-25 18:18 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-09-21 23:02 [LTP] Buffer Overflow with ftest03 and ftest07 K.D. Lucas 2009-09-24 12:23 ` Jiri Palecek 2009-09-24 18:55 ` K.D. Lucas 2009-09-24 21:30 ` Garrett Cooper 2009-09-24 21:42 ` Jiří Paleček 2010-03-25 18:22 ` Cyril Hrubis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox