Ubuntu
hal package

  1. Bug #530569
  2. Comment #6

Comment 6 for bug 530569

Revision history for this message
Daniel J Blueman (danielblueman) wrote :

Debugging this, we see the addresses of the source ad destination path buffers passed gets trashed, here 0x62cc:

Program received signal SIGABRT, Aborted.
0x00007ffff7144a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
 in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) where
#0 0x00007ffff7144a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff71485c0 in *__GI_abort () at abort.c:92
#2 0x00007ffff717e4fb in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x00007ffff72101e7 in *__GI___fortify_fail (msg=0x7ffff725880d "buffer overflow detected") at fortify_fail.c:32
#4 0x00007ffff720f0a0 in *__GI___chk_fail () at chk_fail.c:29
#5 0x00007ffff720f6fb in __realpath_chk (buf=0x62cc <Address 0x62cc out of bounds>,
    resolved=0x62cc <Address 0x62cc out of bounds>, resolvedlen=6) at realpath_chk.c:30
#6 0x0000000000401687 in realpath (argc=<value optimized out>, argv=<value optimized out>) at /usr/include/bits/stdlib.h:46
#7 main (argc=<value optimized out>, argv=<value optimized out>) at hal-disable-polling.c:194

Further more, building with optimisation disabled, the crash is not experienced:

$ apt-get source hal
$ cd hal-*
$ debuild -rfakeroot -us -uc
$ cd tools

$ gcc -DHAVE_CONFIG_H -I. -I.. -DPACKAGE_LIBEXEC_DIR=\""/usr/lib/hal"\" -DPACKAGE_SYSCONF_DIR=\""/etc"\" -DPACKAGE_DATA_DIR=\""/usr/share"\" -DPACKAGE_BIN_DIR=\""/usr/bin"\" -DPACKAGE_LOCALSTATEDIR=\""/var"\" -DPACKAGE_SCRIPT_DIR=\""/usr/lib/hal/scripts"\" -DPACKAGE_LOCALE_DIR=\""/usr/share/locale"\" -I.. -I../libhal -I../libhal-storage -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -c hal-disable-polling.c -O0
$ gcc -Wl,--as-needed -Wl,-Bsymbolic-functions -o hal-disable-polling hal-disable-polling.o -pthread -L/lib -ldbus-glib-1 /usr/lib/libgobject-2.0.so /usr/lib/libgthread-2.0.so /usr/lib/libglib-2.0.so -ldbus-1 -lpthread -lrt ../libhal/.libs/libhal.so -pthread
$ sudo ./hal-disable-polling --device /dev/foo
Cannot find device /dev/foo.

$ gcc -DHAVE_CONFIG_H -I. -I.. -DPACKAGE_LIBEXEC_DIR=\""/usr/lib/hal"\" -DPACKAGE_SYSCONF_DIR=\""/etc"\" -DPACKAGE_DATA_DIR=\""/usr/share"\" -DPACKAGE_BIN_DIR=\""/usr/bin"\" -DPACKAGE_LOCALSTATEDIR=\""/var"\" -DPACKAGE_SCRIPT_DIR=\""/usr/lib/hal/scripts"\" -DPACKAGE_LOCALE_DIR=\""/usr/share/locale"\" -I.. -I../libhal -I../libhal-storage -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -c hal-disable-polling.c -O1
$ gcc -Wl,--as-needed -Wl,-Bsymbolic-functions -o hal-disable-polling hal-disable-polling.o -pthread -L/lib -ldbus-glib-1 /usr/lib/libgobject-2.0.so /usr/lib/libgthread-2.0.so /usr/lib/libglib-2.0.so -ldbus-1 -lpthread -lrt ../libhal/.libs/libhal.so -pthread
$ sudo ./hal-disable-polling --device /dev/foo
*** buffer overflow detected ***: ./hal-disable-polling terminated