Ubuntu
eglibc package

rpcgen: segfault when generating interfaces with argumentnames longer than 17bytes

Bug #776192 reported by Torsten Schmutzler
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Steps to reproduce:

$ cat crashing_interface.x
program CRASHING_PROGRAM
{
  version CRASHING_PROGRAM_VERSION
  {
    int api1(string looooooongArgument<>) = 1;
  } = 1;
} = 0x20003ED7;

$ /usr/bin/rpcgen -h crashing_interface.x
/*
 * Please do not edit this file.
 * It was generated using rpcgen.
 */

#ifndef _CRASHING_INTERFACE_H_RPCGEN
#define _CRASHING_INTERFACE_H_RPCGEN
#include <rpc/rpc.h>

#ifdef __cplusplus
extern "C" {
#endif

Segmentation fault

$ dpkg -S /usr/bin/rpcgen
libc-dev-bin: /usr/bin/rpcgen

If I make make the argument one byte shorter the segfault does not occur.
Probably a buffer overflow when parsing the definition file.

This problem appeared after the upgrade from maverick to natty.

$ apt-cache show libc-dev-bin
Package: libc-dev-bin
Priority: optional
Section: libdevel
Installed-Size: 384
Maintainer: Ubuntu Core developers <email address hidden>
Original-Maintainer: GNU Libc Maintainers <email address hidden>
Architecture: amd64
Source: eglibc
Version: 2.13-0ubuntu13
Replaces: libc0.1-dev, libc0.3-dev, libc6-dev, libc6.1-dev
Depends: libc6 (>> 2.13~), libc6 (<< 2.14)
Recommends: manpages-dev
Filename: pool/main/e/eglibc/libc-dev-bin_2.13-0ubuntu13_amd64.deb
Size: 89290
MD5sum: e4422d30f15aa30c747de1d5c641058c
SHA1: 1b550b8e0b7b1c768403366ebd55d3c7ecb2fe3a
SHA256: f91f92aba556d06ef49ae549e569fc3532e67ea936d8b94a3fa7fa1960284c84
Description: Embedded GNU C Library: Development binaries
 This package contains utility programs related to the GNU C Library
 development package.
Multi-Arch: foreign
Homepage: http://www.eglibc.org
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Build-Essential: yes
Origin: Ubuntu
Supported: 18m
Task: ubuntu-desktop, ubuntu-uec-live, edubuntu-desktop, edubuntu-uec-live, xubuntu-desktop, mythbuntu-backend-master, mythbuntu-backend-master, mythbuntu-backend-slave, mythbuntu-desktop, mythbuntu-frontend, ubuntu-netbook

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: libc-dev-bin 2.13-0ubuntu13
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: openafs nvidia
Architecture: amd64
Date: Tue May 3 09:29:41 2011
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_US.UTF-8
 LANGUAGE=en_US:en
SourcePackage: eglibc
UpgradeStatus: Upgraded to natty on 2011-05-02 (0 days ago)

Revision history for this message
Torsten Schmutzler (lp-theblacksun) wrote :
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Triaged -> Trivial reproducer attached.

Reproduced on quantal in libc-dev-bin 2.15-0ubuntu17

Changed in eglibc (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
dino99 (9d9) wrote :

This is no more a supported version now

Changed in eglibc (Ubuntu):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.