Ubuntu
heimdall-flash package

Buffer overflow when flashing

Bug #1182505 reported by Marius B. Kotsbak
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
heimdall-flash (Ubuntu)
Expired
Undecided
Unassigned
libusb-1.0 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

*** buffer overflow detected ***: heimdall terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f18085bb5cc]
/lib/x86_64-linux-gnu/libc.so.6(+0x110560)[0x7f18085ba560]
/lib/x86_64-linux-gnu/libc.so.6(__fread_chk+0x143)[0x7f18085bac63]
heimdall[0x411741]
heimdall[0x4021fc]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f18084cbea5]
heimdall[0x402255]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:05 3023686 /usr/bin/heimdall
0061f000-00620000 r--p 0001f000 08:05 3023686 /usr/bin/heimdall
00620000-00621000 rw-p 00020000 08:05 3023686 /usr/bin/heimdall
01be2000-01c03000 rw-p 00000000 00:00 0 [heap]
7f1807d80000-7f1807e83000 r-xp 00000000 08:05 9311430 /lib/x86_64-linux-gnu/libm-2.17.so
7f1807e83000-7f1808083000 ---p 00103000 08:05 9311430 /lib/x86_64-linux-gnu/libm-2.17.so
7f1808083000-7f1808084000 r--p 00103000 08:05 9311430 /lib/x86_64-linux-gnu/libm-2.17.so
7f1808084000-7f1808085000 rw-p 00104000 08:05 9311430 /lib/x86_64-linux-gnu/libm-2.17.so
7f1808085000-7f180808c000 r-xp 00000000 08:05 9311502 /lib/x86_64-linux-gnu/librt-2.17.so
7f180808c000-7f180828b000 ---p 00007000 08:05 9311502 /lib/x86_64-linux-gnu/librt-2.17.so
7f180828b000-7f180828c000 r--p 00006000 08:05 9311502 /lib/x86_64-linux-gnu/librt-2.17.so
7f180828c000-7f180828d000 rw-p 00007000 08:05 9311502 /lib/x86_64-linux-gnu/librt-2.17.so
7f180828d000-7f18082a5000 r-xp 00000000 08:05 9311494 /lib/x86_64-linux-gnu/libpthread-2.17.so
7f18082a5000-7f18084a4000 ---p 00018000 08:05 9311494 /lib/x86_64-linux-gnu/libpthread-2.17.so
7f18084a4000-7f18084a5000 r--p 00017000 08:05 9311494 /lib/x86_64-linux-gnu/libpthread-2.17.so
7f18084a5000-7f18084a6000 rw-p 00018000 08:05 9311494 /lib/x86_64-linux-gnu/libpthread-2.17.so
7f18084a6000-7f18084aa000 rw-p 00000000 00:00 0
7f18084aa000-7f1808668000 r-xp 00000000 08:05 9311382 /lib/x86_64-linux-gnu/libc-2.17.so
7f1808668000-7f1808867000 ---p 001be000 08:05 9311382 /lib/x86_64-linux-gnu/libc-2.17.so
7f1808867000-7f180886b000 r--p 001bd000 08:05 9311382 /lib/x86_64-linux-gnu/libc-2.17.so
7f180886b000-7f180886d000 rw-p 001c1000 08:05 9311382 /lib/x86_64-linux-gnu/libc-2.17.so
7f180886d000-7f1808872000 rw-p 00000000 00:00 0
7f1808872000-7f1808886000 r-xp 00000000 08:05 9311407 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f1808886000-7f1808a86000 ---p 00014000 08:05 9311407 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f1808a86000-7f1808a87000 r--p 00014000 08:05 9311407 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f1808a87000-7f1808a88000 rw-p 00015000 08:05 9311407 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f1808a88000-7f1808b6d000 r-xp 00000000 08:05 3219422 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7f1808b6d000-7f1808d6c000 ---p 000e5000 08:05 3219422 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7f1808d6c000-7f1808d74000 r--p 000e4000 08:05 3219422 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7f1808d74000-7f1808d76000 rw-p 000ec000 08:05 3219422 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7f1808d76000-7f1808d8b000 rw-p 00000000 00:00 0
7f1808d8b000-7f1808d9c000 r-xp 00000000 08:05 9311526 /lib/x86_64-linux-gnu/libusb-1.0.so.0.1.0
7f1808d9c000-7f1808f9b000 ---p 00011000 08:05 9311526 /lib/x86_64-linux-gnu/libusb-1.0.so.0.1.0
7f1808f9b000-7f1808f9c000 r--p 00010000 08:05 9311526 /lib/x86_64-linux-gnu/libusb-1.0.so.0.1.0
7f1808f9c000-7f1808f9d000 rw-p 00011000 08:05 9311526 /lib/x86_64-linux-gnu/libusb-1.0.so.0.1.0
7f1808f9d000-7f1808fc0000 r-xp 00000000 08:05 9311358 /lib/x86_64-linux-gnu/ld-2.17.so
7f1809194000-7f180919a000 rw-p 00000000 00:00 0
7f18091b9000-7f18091bf000 rw-p 00000000 00:00 0
7f18091bf000-7f18091c0000 r--p 00022000 08:05 9311358 /lib/x86_64-linux-gnu/ld-2.17.so
7f18091c0000-7f18091c2000 rw-p 00023000 08:05 9311358 /lib/x86_64-linux-gnu/ld-2.17.so
7fffd9743000-7fffd9764000 rw-p 00000000 00:00 0 [stack]
7fffd976d000-7fffd976f000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: heimdall-flash 1.4~rc1+dfsg-1
ProcVersionSignature: Ubuntu 3.8.0-21.32-generic 3.8.8
Uname: Linux 3.8.0-21-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Tue May 21 16:48:21 2013
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-05-02 (18 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MarkForUpload: True
SourcePackage: heimdall-flash
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Marius B. Kotsbak (mariusko) wrote :
summary: - buffer overflow
+ Buffer overflow when flashing
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in heimdall-flash (Ubuntu):
status: New → Confirmed
Changed in libusb-1.0 (Ubuntu):
status: New → Confirmed
Steve Langasek (vorlon)
Changed in libusb-1.0 (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Steve Langasek (vorlon) wrote :

This is not reproducible for me, and this format of backtrace is not useful for debugging. Please capture a core file under gdb, or a full backtrace under gdb with the heimdall-flash-dbgsym ddeb package installed.

Also, what commandline did you invoke heimdall with, against what kind of device?

Changed in heimdall-flash (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for heimdall-flash (Ubuntu) because there has been no activity for 60 days.]

Changed in heimdall-flash (Ubuntu):
status: Incomplete → Expired
Revision history for this message
hello (argh) wrote :
Download full text (6.2 KiB)

Bug is still there!!!
How do I capture a core file. I can see how to do it if it is running but it dies almost straight away so this is not practical.

Trying to flash MJ5 bootloader to N7105 samsung galaxy note 2 international version.

sudo heimdall flash --pit note2.pit --BOOTLOADER sboot.bin --PARAM param.bin --TZSW tz.img
Heimdall v1.4 RC1

Copyright (c) 2010-2012, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/

This software is provided free of charge. Copying and redistribution is
encouraged.

If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/

Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...

Checking if protocol is initialised...
Protocol is not initialised.

Initialising protocol...
Protocol initialisation successful.

Beginning session...
Session begun.

*** buffer overflow detected ***: heimdall terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7ff16027c08c]
/lib/x86_64-linux-gnu/libc.so.6(+0x111020)[0x7ff16027b020]
/lib/x86_64-linux-gnu/libc.so.6(__fread_chk+0x143)[0x7ff16027b723]
heimdall[0x411741]
heimdall[0x4021fc]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7ff16018bde5]
heimdall[0x402255]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:15 55804 /usr/bin/heimdall
0061f000-00620000 r--p 0001f000 08:15 55804 /usr/bin/heimdall
00620000-00621000 rw-p 00020000 08:15 55804 /usr/bin/heimdall
00b1c000-00b3d000 rw-p 00000000 00:00 0 [heap]
7ff15f02f000-7ff15f030000 ---p 00000000 00:00 0
7ff15f030000-7ff15f830000 rw-p 00000000 00:00 0 [stack:2513]
7ff15f830000-7ff15f837000 r-xp 00000000 08:15 398282 /lib/x86_64-linux-gnu/librt-2.17.so
7ff15f837000-7ff15fa36000 ---p 00007000 08:15 398282 /lib/x86_64-linux-gnu/librt-2.17.so
7ff15fa36000-7ff15fa37000 r--p 00006000 08:15 398282 /lib/x86_64-linux-gnu/librt-2.17.so
7ff15fa37000-7ff15fa38000 rw-p 00007000 08:15 398282 /lib/x86_64-linux-gnu/librt-2.17.so
7ff15fa38000-7ff15fb3b000 r-xp 00000000 08:15 398210 /lib/x86_64-linux-gnu/libm-2.17.so
7ff15fb3b000-7ff15fd3a000 ---p 00103000 08:15 398210 /lib/x86_64-linux-gnu/libm-2.17.so
7ff15fd3a000-7ff15fd3b000 r--p 00102000 08:15 398210 /lib/x86_64-linux-gnu/libm-2.17.so
7ff15fd3b000-7ff15fd3c000 rw-p 00103000 08:15 398210 /lib/x86_64-linux-gnu/libm-2.17.so
7ff15fd3c000-7ff15fd4c000 r-xp 00000000 08:15 398302 /lib/x86_64-linux-gnu/libudev.so.1.3.5
7ff15fd4c000-7ff15ff4b000 ---p 00010000 08:15 398302 /lib/x86_64-linux-gnu/libudev.so.1.3.5
7ff15ff4b000-7ff15ff4c000 r--p 0000f000 08:15 398302 /lib/x86_64-linux-gnu/libudev.so.1.3.5
7ff15ff4c000-7ff15ff4d000 rw-p 00010000 08:15 398302 /li...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.