Kjartan is seeing a nasty crash with ck-get-x11-display-device that busts his session. 1. [kmaraas@nc6400 ~]$ /usr/libexec/ck-get-x11-display-device 2. *** buffer overflow detected ***: /usr/libexec/ck-get-x11-display-device terminated 3. ======= Backtrace: ========= 4. /lib/libc.so.6(__fortify_fail+0x4d)[0xad119d] 5. /lib/libc.so.6[0xacf26a] 6. /lib/libc.so.6(__strncpy_chk+0x176)[0xace856] 7. /usr/libexec/ck-get-x11-display-device[0x804a6d0] 8. /usr/libexec/ck-get-x11-display-device[0x804aad5] 9. /usr/libexec/ck-get-x11-display-device[0x8049151] 10. /lib/libc.so.6(__libc_start_main+0xe6)[0x9efb26] 11. /usr/libexec/ck-get-x11-display-device[0x8048fc1] 12. ======= Memory map: ======== 13. 00101000-0011d000 r-xp 00000000 08:03 385913 /usr/lib/libxcb.so.1.1.0 14. 0011d000-0011e000 rw-p 0001c000 08:03 385913 /usr/lib/libxcb.so.1.1.0 15. 0035a000-00384000 r-xp 00000000 08:03 311647 /lib/libgcc_s-4.4.0-20090717.so.1 16. 00384000-00385000 rw-p 0002a000 08:03 311647 /lib/libgcc_s-4.4.0-20090717.so.1 17. 007f9000-007fa000 r-xp 00000000 00:00 0 [vdso] 18. 009b5000-009d5000 r-xp 00000000 08:03 318060 /lib/ld-2.10.90.so 19. 009d5000-009d6000 r--p 0001f000 08:03 318060 /lib/ld-2.10.90.so 20. 009d6000-009d7000 rw-p 00020000 08:03 318060 /lib/ld-2.10.90.so 21. 009d9000-00b4e000 r-xp 00000000 08:03 318061 /lib/libc-2.10.90.so 22. 00b4e000-00b4f000 ---p 00175000 08:03 318061 /lib/libc-2.10.90.so 23. 00b4f000-00b51000 r--p 00175000 08:03 318061 /lib/libc-2.10.90.so 24. 00b51000-00b52000 rw-p 00177000 08:03 318061 /lib/libc-2.10.90.so 25. 00b52000-00b55000 rw-p 00000000 00:00 0 26. 00b83000-00b86000 r-xp 00000000 08:03 318065 /lib/libdl-2.10.90.so 27. 00b86000-00b87000 r--p 00002000 08:03 318065 /lib/libdl-2.10.90.so 28. 00b87000-00b88000 rw-p 00003000 08:03 318065 /lib/libdl-2.10.90.so 29. 00be9000-00cd1000 r-xp 00000000 08:03 320237 /lib/libglib-2.0.so.0.2104.0 30. 00cd1000-00cd2000 rw-p 000e8000 08:03 320237 /lib/libglib-2.0.so.0.2104.0 31. 00d0d000-00d0f000 r-xp 00000000 08:03 6555524 /usr/lib/libXau.so.6.0.0 32. 00d0f000-00d10000 rw-p 00001000 08:03 6555524 /usr/lib/libXau.so.6.0.0 33. 06205000-06338000 r-xp 00000000 08:03 385914 /usr/lib/libX11.so.6.2.0 34. 06338000-0633b000 rw-p 00133000 08:03 385914 /usr/lib/libX11.so.6.2.0 35. 0633b000-0633c000 rw-p 00000000 00:00 0 36. 08048000-0804c000 r-xp 00000000 08:03 388002 /usr/libexec/ck-get-x11-display-device 37. 0804c000-0804d000 rw-p 00003000 08:03 388002 /usr/libexec/ck-get-x11-display-device 38. 08d09000-08d2a000 rw-p 00000000 00:00 0 [heap] 39. b809b000-b809e000 rw-p 00000000 00:00 0 40. b80c4000-b80cb000 r--s 00000000 08:03 52165 /usr/lib/gconv/gconv-modules.cache 41. bfc00000-bfc15000 rw-p 00000000 00:00 0 [stack] 42. Avbrutt (SIGABRT)
There is only one place in the code that does strncpy: load_drivers (void) ... strncpy (tmn->name, p, len); name is a fixed size 16 byte buffer, p is path pulled from /proc/tty/drivers.
Kjartan's /proc/tty/drivers is: [kmaraas@nc6400 ~]$ cat /proc/tty/drivers /dev/tty /dev/tty 5 0 system:/dev/tty /dev/console /dev/console 5 1 system:console /dev/ptmx /dev/ptmx 5 2 system /dev/vc/0 /dev/vc/0 4 0 system:vtmaster serial /dev/ttyS 4 64-95 serial pty_slave /dev/pts 136 0-1048575 pty:slave pty_master /dev/ptm 128 0-1048575 pty:master unknown /dev/tty 4 1-63 console Which is the same as mine, so it's not immediately clear to me why it would be triggering an overflow from him and not for me. Also, not of the filenames in the second column are more than 16 bytes.
This was actually a transient gcc bug. See: http://gcc.gnu.org/ml/gcc-patches/2009-06/msg01130.html and https://bugzilla.redhat.com/show_bug.cgi?id=506099
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.