QEMU

stack smashing in or after recvmsg system call in aarch64 user mode

Bug #1701808 reported by Bruno Haible on 2017-07-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

A program that invokes recvmsg aborts with "*** stack smashing detected ***" when run in qemu-aarch64 (user mode), but works fine when running on native aarch64 hardware.

How to reproduce:
$ aarch64-linux-gnu-gcc-5 -O -Wall /media/develdata/devel/qemu-bug/testpassfd.c -static -DEXTRA_SPACE=0
$ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 ./a.out
*** stack smashing detected ***: ./a.out terminated
qemu: uncaught target signal 6 (Aborted) - core dumped

On native aarch64 hardware:
$ ./a.out
$ echo $?
0

The parameter EXTRA_SPACE can be used to add additional space to the array that receives the recvmsg data. With -DEXTRA_SPACE=9 (or larger), the program runs fine. Which suggests that recvmsg is storing up to 9 bytes more than allowed in memory.

Revision history for this message

Bruno Haible (bruno-clisp) wrote on 2017-07-01:

Test program Edit (6.0 KiB, text/x-csrc)

Revision history for this message

Bruno Haible (bruno-clisp) wrote on 2017-07-01:

Statically compiled test program for aarch64 Edit (611.3 KiB, application/octet-stream)

Revision history for this message

Bruno Haible (bruno-clisp) wrote on 2017-07-01:

Statically compiled test program for arm Edit (442.7 KiB, application/octet-stream)

Likewise for 32-bit arm:
$ ~/inst-qemu/2.9.0/bin/qemu-arm ./a.arm
*** stack smashing detected ***: ./a.arm terminated
qemu: uncaught target signal 6 (Aborted) - core dumped