iozone3 segfaults always

Bug #320615 reported by hawkes
36
This bug affects 4 people
Affects Status Importance Assigned to Milestone
iozone3 (Ubuntu)
Fix Released
High
Unassigned
Jaunty
Fix Released
High
Unassigned

Bug Description

christoph@ela:~$ apt-cache policy iozone3
iozone3:
  Installiert: 308-1
  Kandidat: 308-1
  Versions-Tabelle:
 *** 308-1 0
        500 http://de.archive.ubuntu.com jaunty/multiverse Packages
        100 /var/lib/dpkg/status

christoph@ela:~$ iozone
*** buffer overflow detected ***: iozone terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f88d38]
/lib/tls/i686/cmov/libc.so.6[0xb7f86e40]
/lib/tls/i686/cmov/libc.so.6[0xb7f88594]
iozone[0x80841ca]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7ea1775]
iozone[0x8049b51]
======= Memory map: ========
08048000-08093000 r-xp 00000000 08:01 2724513 /usr/bin/iozone
08093000-08094000 r--p 0004a000 08:01 2724513 /usr/bin/iozone
08094000-08095000 rw-p 0004b000 08:01 2724513 /usr/bin/iozone
08095000-08239000 rw-p 08095000 00:00 0
0a054000-0a075000 rw-p 0a054000 00:00 0 [heap]
b7e7b000-b7e88000 r-xp 00000000 08:01 1261595 /lib/libgcc_s.so.1
b7e88000-b7e89000 r--p 0000c000 08:01 1261595 /lib/libgcc_s.so.1
b7e89000-b7e8a000 rw-p 0000d000 08:01 1261595 /lib/libgcc_s.so.1
b7e8a000-b7e8b000 rw-p b7e8a000 00:00 0
b7e8b000-b7fe7000 r-xp 00000000 08:01 1261827 /lib/tls/i686/cmov/libc-2.9.so
b7fe7000-b7fe9000 r--p 0015b000 08:01 1261827 /lib/tls/i686/cmov/libc-2.9.so
b7fe9000-b7fea000 rw-p 0015d000 08:01 1261827 /lib/tls/i686/cmov/libc-2.9.so
b7fea000-b7fee000 rw-p b7fea000 00:00 0
b7fee000-b7ff5000 r-xp 00000000 08:01 1261867 /lib/tls/i686/cmov/librt-2.9.so
b7ff5000-b7ff6000 r--p 00006000 08:01 1261867 /lib/tls/i686/cmov/librt-2.9.so
b7ff6000-b7ff7000 rw-p 00007000 08:01 1261867 /lib/tls/i686/cmov/librt-2.9.so
b7ff7000-b800c000 r-xp 00000000 08:01 1261849 /lib/tls/i686/cmov/libpthread-2.9.so
b800c000-b800d000 r--p 00014000 08:01 1261849 /lib/tls/i686/cmov/libpthread-2.9.so
b800d000-b800e000 rw-p 00015000 08:01 1261849 /lib/tls/i686/cmov/libpthread-2.9.so
b800e000-b8010000 rw-p b800e000 00:00 0
b8027000-b8029000 rw-p b8027000 00:00 0
b8029000-b802a000 r-xp b8029000 00:00 0 [vdso]
b802a000-b8046000 r-xp 00000000 08:01 1261654 /lib/ld-2.9.so
b8046000-b8047000 r--p 0001b000 08:01 1261654 /lib/ld-2.9.so
b8047000-b8048000 rw-p 0001c000 08:01 1261654 /lib/ld-2.9.so
bfc33000-bfc48000 rw-p bffeb000 00:00 0 [stack]
Aborted (core dumped)

TESTCASE
1. install iozone3
2. run 'iozone -h' and see a backtrace like above
3. install proposed version
4. running 'iozone -h' should display the extensive command line argument options for iozone.

This is very little potential for regression here as iozone3 does not work at all in jaunty.

Related branches

Revision history for this message
Gavin B (gavin-brebner-orange) wrote :

Updating to a recent (e.g. 318) version appears to eliminate this problem.

Revision history for this message
Steve Beattie (sbeattie) wrote : apport-collect data

Architecture: i386
Dependencies:
 libgcc1 1:4.3.3-5ubuntu4
 gcc-4.3-base 4.3.3-5ubuntu4
 findutils 4.4.0-2ubuntu4
 libc6 2.9-4ubuntu6
DistroRelease: Ubuntu 9.04
Package: iozone3 308-1
PackageArchitecture: i386
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.UTF-8
Uname: Linux 2.6.28-11-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
Steve Beattie (sbeattie) wrote :

Confirmed, was looking for iozone -h to work. Attaching package information.

Changed in iozone3 (Ubuntu):
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in iozone3 (Ubuntu):
status: New → Confirmed
Revision history for this message
Andrea Righi (arighi) wrote :

The fix for iozone-308 is very simple anyway. There's a potential buffer overflow when the hostname is saved into the string controlling_host_name by gethostname(), using a wrong length for the string. See the attachment.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks Andrea. Based on inspection and testing a package built in my ppa (https://launchpad.net/~sbeattie/+archive/ppa) with the patch applied, I can confirm this fixes the issue. Attached is a debdiff

description: updated
Revision history for this message
Siegfried Gevatter (rainct) wrote :

I can confirm that this patch fixes the test case. Uploaded after changing the version number to -1ubuntu0.1.

Thanks for contributing to Ubuntu.

Steve Beattie (sbeattie)
Changed in iozone3 (Ubuntu Jaunty):
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Is this fixed upstream? (Comment 1 seems to indicate that).

Changed in iozone3 (Ubuntu Jaunty):
status: Confirmed → Fix Committed
tags: added: verification-needed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted iozone3 into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
gfx (oce) wrote :

Tried the proposed version and this on behaves much better, haven't figured out all the command-line switches but the auto tests show results.
Thanks.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iozone3 - 308-1ubuntu0.1

---------------
iozone3 (308-1ubuntu0.1) jaunty-proposed; urgency=low

  * debian/patches/fix-buffer-overflow-in-gethostname.patch: fix buffer
    overflow in call to gethostname()
    (thanks to Andrea Righi <email address hidden>) LP: #320615

 -- Steve Beattie <email address hidden> Sat, 25 Apr 2009 07:52:20 -0700

Changed in iozone3 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

copied to karmic

Changed in iozone3 (Ubuntu):
status: Confirmed → Fix Released
tags: added: iso-testing
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.