rpcgen: segfault when generating interfaces with argumentnames longer than 17bytes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
Steps to reproduce:
$ cat crashing_
program CRASHING_PROGRAM
{
version CRASHING_
{
int api1(string looooooongArgum
} = 1;
} = 0x20003ED7;
$ /usr/bin/rpcgen -h crashing_
/*
* Please do not edit this file.
* It was generated using rpcgen.
*/
#ifndef _CRASHING_
#define _CRASHING_
#include <rpc/rpc.h>
#ifdef __cplusplus
extern "C" {
#endif
Segmentation fault
$ dpkg -S /usr/bin/rpcgen
libc-dev-bin: /usr/bin/rpcgen
If I make make the argument one byte shorter the segfault does not occur.
Probably a buffer overflow when parsing the definition file.
This problem appeared after the upgrade from maverick to natty.
$ apt-cache show libc-dev-bin
Package: libc-dev-bin
Priority: optional
Section: libdevel
Installed-Size: 384
Maintainer: Ubuntu Core developers <email address hidden>
Original-
Architecture: amd64
Source: eglibc
Version: 2.13-0ubuntu13
Replaces: libc0.1-dev, libc0.3-dev, libc6-dev, libc6.1-dev
Depends: libc6 (>> 2.13~), libc6 (<< 2.14)
Recommends: manpages-dev
Filename: pool/main/
Size: 89290
MD5sum: e4422d30f15aa30
SHA1: 1b550b8e0b7b1c7
SHA256: f91f92aba556d06
Description: Embedded GNU C Library: Development binaries
This package contains utility programs related to the GNU C Library
development package.
Multi-Arch: foreign
Homepage: http://
Bugs: https:/
Build-Essential: yes
Origin: Ubuntu
Supported: 18m
Task: ubuntu-desktop, ubuntu-uec-live, edubuntu-desktop, edubuntu-uec-live, xubuntu-desktop, mythbuntu-
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: libc-dev-bin 2.13-0ubuntu13
ProcVersionSign
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Tue May 3 09:29:41 2011
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, user)
LANG=en_US.UTF-8
LANGUAGE=en_US:en
SourcePackage: eglibc
UpgradeStatus: Upgraded to natty on 2011-05-02 (0 days ago)
Triaged -> Trivial reproducer attached.
Reproduced on quantal in libc-dev-bin 2.15-0ubuntu17