Ubuntu
socat package

Segmentation fault of socat on 9.10 i386, installed from ubuntu repository

Bug #481776 reported by Igor
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
socat (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: socat

socat 1.7.1.0-1 installed from packages (apt-get install socat) crashed issued "socat ./serial stdin,echo=0,raw" where "serial" is socket (serial port) created by guest vmware machine (I use it to connect to serial port of guest).
However, same socat version compiled from sources (apt-get sources socat) is working correct. Looks like there is some problem in compilation environment.

I decided to open a bug because same crash was reproduced on few more servers running Ubuntu 9.10 i386, upgraded and installed from scratch.

This is not relevant to x86_64 - socat working correct in Ubuntu 9.10 x86_64.

Back trace from core file from "socat ./serial stdin,echo=0,raw" (not debug version)

Core was generated by `CxACxACxACxACxACxACxA'.
Program terminated with signal 11, Segmentation fault.
#0 0xb767b4b1 in _IO_vfprintf_internal (s=0xbfc29c70,
    format=0x80864bb "%s[%d] ", ap=0xbfc29d50 "\356\272¿\301:")
    at vfprintf.c:1601
1601 vfprintf.c: No such file or directory.
 in vfprintf.c
(gdb) bt
#0 0xb767b4b1 in _IO_vfprintf_internal (s=0xbfc29c70,
    format=0x80864bb "%s[%d] ", ap=0xbfc29d50 "\356\272¿\301:")
    at vfprintf.c:1601
#1 0xb771a60d in ___vsprintf_chk (s=0xbfc29d90 "", flags=1, slen=4294967295,
    format=0x80864bb "%s[%d] ", args=0xbfc29d50 "\356\272¿\301:")
    at vsprintf_chk.c:89
#2 0xb771a54d in ___sprintf_chk (s=0xbfc29d90 "", flags=1, slen=4294967295,
    format=0x80864bb "%s[%d] ") at sprintf_chk.c:33
#3 0x0806ca4a in ?? ()
#4 0x0804c022 in ?? ()
#5 <signal handler called>
#6 0x0806e688 in ?? ()
#7 0x0806dcd4 in ?? ()
#8 0x40785c45 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

See original description
Igor (xrevolver)
description: updated
Chris Taylor (ctaylor)
Changed in socat (Ubuntu):
assignee: nobody → Chris Taylor (ctaylor)
Revision history for this message
maf (maf-tkrat) wrote :

I have a similar problem, that is socat is crashing. But I am not sure it is the same. I got a different stack trace:
#0 sanitize_string (
    data=0xbfffee6e "\\0\\0\\0\\0\\02.6.31-20-generic-pae\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0#57-Ubuntu SMP Mon Feb 8 10:23:59 UTC 2010\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\"..., bytes=3086233586,
    coded=0xc0000000 <Address 0xc0000000 out of bounds>, style=8192)
    at utils.c:143
#1 0x0806d8d4 in sockaddr_unix_info (sa=0x30785c35, salen=813194308,
    buff=0xbfffec12 "\\xAE.\\0\\0\\0\\xA8\\xDE\\xEE\\xAED\\n\\a\\b\\0\\0\\0\\0Cs\\b\\b\\0\\0\\0\\0h\\xE2\\xEE\\xAE\\x03\\0\\0\\0\\x03\\0\\0\\0\\xA8\\xE1\\xEE\\xAE\\x91\\xE7\\x04\\be\\xE4\\xEE\\xAE\\x7E\\xE4\\xEE\\xAE\\x02\\0\\0\\0\\x7E\\xE4\\xEE\\xAE\\x8D\\xE0\\xEE\\xAE\\x10\\xE1\\x"..., blen=1546664312)
    at sysutils.c:211
#2 0x39785c45 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

I traced this to an uninitialized variable and fixed it with the following patch:
--- xio-gopen.c.orig 2010-03-11 11:28:10.513848890 +0100
+++ xio-gopen.c 2010-03-11 11:27:53.171782205 +0100
@@ -46,7 +46,7 @@
    if (exists && S_ISSOCK(st_mode)) {
 #if WITH_UNIX
       union sockaddr_union us;
- socklen_t uslen;
+ socklen_t uslen = sizeof(us);
       char infobuff[256];

       Info1("\"%s\" is a socket, connecting to it", filename);

I have reported this issue to the upstream socat source as well.

Revision history for this message
Dave Walker (davewalker) wrote :

@maf, Please can you confirm if you patch was accepted upstream. As they don't seem to provide a public version control system, I have been unable to check.

Thanks.

Changed in socat (Ubuntu):
status: New → Confirmed
assignee: Chris Taylor (ctaylor) → nobody
importance: Undecided → Medium
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

They do have a public git repository, and the patch has been applied as-is in it.

Changed in socat (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package socat - 1.7.1.3-1.4ubuntu1

---------------
socat (1.7.1.3-1.4ubuntu1) quantal; urgency=low

  * d/patches/socat-opensslcompress*.patch: Add OpenSSL compression
    patches from upstream. (LP: #745603) These are included in 2.0 so
    these patches can be dropped when it is synced from Debian.
  * d/patches/fix-segfault-xio-gopen.patch: Applying patch to prevent
    segfaults. (LP: #481776) This is also included in socat 2.0.
 -- Clint Byrum <email address hidden> Fri, 20 Jul 2012 16:55:38 -0700

Changed in socat (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.