iozone3 segfaults always

Bug #320615 reported by hawkes on 2009-01-23
36
This bug affects 4 people
Affects Status Importance Assigned to Milestone
iozone3 (Ubuntu)
High
Unassigned
Jaunty
High
Unassigned

Bug Description

christoph@ela:~$ apt-cache policy iozone3
iozone3:
  Installiert: 308-1
  Kandidat: 308-1
  Versions-Tabelle:
 *** 308-1 0
        500 http://de.archive.ubuntu.com jaunty/multiverse Packages
        100 /var/lib/dpkg/status

christoph@ela:~$ iozone
*** buffer overflow detected ***: iozone terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f88d38]
/lib/tls/i686/cmov/libc.so.6[0xb7f86e40]
/lib/tls/i686/cmov/libc.so.6[0xb7f88594]
iozone[0x80841ca]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7ea1775]
iozone[0x8049b51]
======= Memory map: ========
08048000-08093000 r-xp 00000000 08:01 2724513 /usr/bin/iozone
08093000-08094000 r--p 0004a000 08:01 2724513 /usr/bin/iozone
08094000-08095000 rw-p 0004b000 08:01 2724513 /usr/bin/iozone
08095000-08239000 rw-p 08095000 00:00 0
0a054000-0a075000 rw-p 0a054000 00:00 0 [heap]
b7e7b000-b7e88000 r-xp 00000000 08:01 1261595 /lib/libgcc_s.so.1
b7e88000-b7e89000 r--p 0000c000 08:01 1261595 /lib/libgcc_s.so.1
b7e89000-b7e8a000 rw-p 0000d000 08:01 1261595 /lib/libgcc_s.so.1
b7e8a000-b7e8b000 rw-p b7e8a000 00:00 0
b7e8b000-b7fe7000 r-xp 00000000 08:01 1261827 /lib/tls/i686/cmov/libc-2.9.so
b7fe7000-b7fe9000 r--p 0015b000 08:01 1261827 /lib/tls/i686/cmov/libc-2.9.so
b7fe9000-b7fea000 rw-p 0015d000 08:01 1261827 /lib/tls/i686/cmov/libc-2.9.so
b7fea000-b7fee000 rw-p b7fea000 00:00 0
b7fee000-b7ff5000 r-xp 00000000 08:01 1261867 /lib/tls/i686/cmov/librt-2.9.so
b7ff5000-b7ff6000 r--p 00006000 08:01 1261867 /lib/tls/i686/cmov/librt-2.9.so
b7ff6000-b7ff7000 rw-p 00007000 08:01 1261867 /lib/tls/i686/cmov/librt-2.9.so
b7ff7000-b800c000 r-xp 00000000 08:01 1261849 /lib/tls/i686/cmov/libpthread-2.9.so
b800c000-b800d000 r--p 00014000 08:01 1261849 /lib/tls/i686/cmov/libpthread-2.9.so
b800d000-b800e000 rw-p 00015000 08:01 1261849 /lib/tls/i686/cmov/libpthread-2.9.so
b800e000-b8010000 rw-p b800e000 00:00 0
b8027000-b8029000 rw-p b8027000 00:00 0
b8029000-b802a000 r-xp b8029000 00:00 0 [vdso]
b802a000-b8046000 r-xp 00000000 08:01 1261654 /lib/ld-2.9.so
b8046000-b8047000 r--p 0001b000 08:01 1261654 /lib/ld-2.9.so
b8047000-b8048000 rw-p 0001c000 08:01 1261654 /lib/ld-2.9.so
bfc33000-bfc48000 rw-p bffeb000 00:00 0 [stack]
Aborted (core dumped)

TESTCASE
1. install iozone3
2. run 'iozone -h' and see a backtrace like above
3. install proposed version
4. running 'iozone -h' should display the extensive command line argument options for iozone.

This is very little potential for regression here as iozone3 does not work at all in jaunty.

Related branches

Gavin B (gavin-brebner-orange) wrote :

Updating to a recent (e.g. 318) version appears to eliminate this problem.

Architecture: i386
Dependencies:
 libgcc1 1:4.3.3-5ubuntu4
 gcc-4.3-base 4.3.3-5ubuntu4
 findutils 4.4.0-2ubuntu4
 libc6 2.9-4ubuntu6
DistroRelease: Ubuntu 9.04
Package: iozone3 308-1
PackageArchitecture: i386
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.UTF-8
Uname: Linux 2.6.28-11-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Steve Beattie (sbeattie) wrote :

Confirmed, was looking for iozone -h to work. Attaching package information.

Changed in iozone3 (Ubuntu):
importance: Undecided → High
Steve Beattie (sbeattie) on 2009-04-15
Changed in iozone3 (Ubuntu):
status: New → Confirmed
Andrea Righi (arighi) wrote :

The fix for iozone-308 is very simple anyway. There's a potential buffer overflow when the hostname is saved into the string controlling_host_name by gethostname(), using a wrong length for the string. See the attachment.

Steve Beattie (sbeattie) wrote :

Thanks Andrea. Based on inspection and testing a package built in my ppa (https://launchpad.net/~sbeattie/+archive/ppa) with the patch applied, I can confirm this fixes the issue. Attached is a debdiff

description: updated
Siegfried Gevatter (rainct) wrote :

I can confirm that this patch fixes the test case. Uploaded after changing the version number to -1ubuntu0.1.

Thanks for contributing to Ubuntu.

Steve Beattie (sbeattie) on 2009-04-25
Changed in iozone3 (Ubuntu Jaunty):
importance: Undecided → High
status: New → Confirmed
Martin Pitt (pitti) wrote :

Is this fixed upstream? (Comment 1 seems to indicate that).

Changed in iozone3 (Ubuntu Jaunty):
status: Confirmed → Fix Committed
tags: added: verification-needed
Martin Pitt (pitti) wrote :

Accepted iozone3 into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

gfx (oce) wrote :

Tried the proposed version and this on behaves much better, haven't figured out all the command-line switches but the auto tests show results.
Thanks.

Martin Pitt (pitti) on 2009-04-28
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iozone3 - 308-1ubuntu0.1

---------------
iozone3 (308-1ubuntu0.1) jaunty-proposed; urgency=low

  * debian/patches/fix-buffer-overflow-in-gethostname.patch: fix buffer
    overflow in call to gethostname()
    (thanks to Andrea Righi <email address hidden>) LP: #320615

 -- Steve Beattie <email address hidden> Sat, 25 Apr 2009 07:52:20 -0700

Changed in iozone3 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

copied to karmic

Changed in iozone3 (Ubuntu):
status: Confirmed → Fix Released
tags: added: iso-testing
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers