Ubuntu
lprof package

buffer overflow detected

Bug #501212 reported by mungewell
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
lprof (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: lprof

simon@treadstone:~/lprof-1.11.4.dfsg+1.11.4.1/src/liblprof$ lsb_release -rd
Description: Ubuntu 9.10
Release: 9.10
simon@treadstone:~/lprof-1.11.4.dfsg+1.11.4.1/src/liblprof$ dpkg --list| grep lprof
ii lprof 1.11.4.dfsg+1.11.4.1-5build1 Hardware Color Profiler

Seems it does not like the image I am trying to calibrate from... buffer overflow does not occur if I build with 'noopt'
Mungewell.

---

*** buffer overflow detected ***: /usr/bin/lprof terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xdc8de8]
/lib/tls/i686/cmov/libc.so.6[0xdc7e20]
/lib/tls/i686/cmov/libc.so.6(__strcpy_chk+0x44)[0xdc7194]
/usr/bin/lprof[0x80c0adb]
/usr/bin/lprof[0x80bd808]
/usr/bin/lprof[0x80a0d99]
/usr/bin/lprof[0x8065883]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x16a)[0x7b735a]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEi+0x88)[0x7b9328]
/usr/lib/libqt-mt.so.3(_ZN7QButton7clickedEv+0x2c)[0xb1d7ac]
/usr/lib/libqt-mt.so.3(_ZN7QButton17mouseReleaseEventEP11QMouseEvent+0x110)[0x852540]
/usr/lib/libqt-mt.so.3(_ZN7QWidget5eventEP6QEvent+0x141)[0x7f0f41]
/usr/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjectP6QEvent+0xc7)[0x7524b7]
/usr/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x235)[0x7535d5]
/usr/lib/libqt-mt.so.3(_ZN12QApplication20sendSpontaneousEventEP7QObjectP6QEvent+0x3e)[0x6ec62e]
/usr/lib/libqt-mt.so.3(_ZN9QETWidget19translateMouseEventEPK7_XEvent+0xb49)[0x6e9399]
/usr/lib/libqt-mt.so.3(_ZN12QApplication15x11ProcessEventEP7_XEvent+0xbe7)[0x6e8197]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0x244)[0x6fc7a4]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0x50)[0x76b4b0]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x26)[0x76b356]
/usr/lib/libqt-mt.so.3(_ZN12QApplication4execEv+0x1f)[0x752b0f]
/usr/bin/lprof[0x80b1beb]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xcfeb56]
/usr/bin/lprof[0x8058431]
======= Memory map: ========
00110000-0023a000 r-xp 00000000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023a000-0023b000 ---p 0012a000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023b000-0023c000 r--p 0012a000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023c000-0023e000 rw-p 0012b000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023e000-0023f000 rw-p 00000000 00:00 0
0023f000-0028f000 r-xp 00000000 08:02 123771 /usr/lib/libvigraimpex.so.2.0.150
0028f000-00290000 r--p 00050000 08:02 123771 /usr/lib/libvigraimpex.so.2.0.150
00290000-00291000 rw-p 00051000 08:02 123771 /usr/lib/libvigraimpex.so.2.0.150
00291000-002b5000 r-xp 00000000 08:02 1316 /lib/tls/i686/cmov/libm-2.10.1.so
002b5000-002b6000 r--p 00023000 08:02 1316 /lib/tls/i686/cmov/libm-2.10.1.so
002b6000-002b7000 rw-p 00024000 08:02 1316 /lib/tls/i686/cmov/libm-2.10.1.so
002b7000-002cb000 r-xp 00000000 08:02 1380 /lib/libz.so.1.2.3.3
002cb000-002cc000 r--p 00013000 08:02 1380 /lib/libz.so.1.2.3.3
002cc000-002cd000 rw-p 00014000 08:02 1380 /lib/libz.so.1.2.3.3
002cd000-002ce000 r-xp 00000000 00:00 0 [vdso]
002ce000-002ea000 r-xp 00000000 08:02 4354 /lib/libgcc_s.so.1
002ea000-002eb000 r--p 0001b000 08:02 4354 /lib/libgcc_s.so.1
002eb000-002ec000 rw-p 0001c000 08:02 4354 /lib/libgcc_s.so.1
002ec000-00301000 r-xp 00000000 08:02 5383 /lib/tls/i686/cmov/libpthread-2.10.1.so
00301000-00302000 r--p 00014000 08:02 5383 /lib/tls/i686/cmov/libpthread-2.10.1.so
00302000-00303000 rw-p 00015000 08:02 5383 /lib/tls/i686/cmov/libpthread-2.10.1.so
00303000-00305000 rw-p 00000000 00:00 0
00305000-00327000 r-xp 00000000 08:02 8335 /usr/lib/libjpeg.so.62.0.0
00327000-00328000 r--p 00021000 08:02 8335 /usr/lib/libjpeg.so.62.0.0
00328000-00329000 rw-p 00022000 08:02 8335 /usr/lib/libjpeg.so.62.0.0
00329000-0032b000 r-xp 00000000 08:02 7779 /usr/lib/libXau.so.6.0.0
0032b000-0032c000 r--p 00001000 08:02 7779 /usr/lib/libXau.so.6.0.0
0032c000-0032d000 rw-p 00002000 08:02 7779 /usr/lib/libXau.so.6.0.0
0032d000-0032f000 r-xp 00000000 08:02 1308 /lib/tls/i686/cmov/libdl-2.10.1.so
0032f000-00330000 r--p 00001000 08:02 1308 /lib/tls/i686/cmov/libdl-2.10.1.so
00330000-00331000 rw-p 00002000 08:02 1308 /lib/tls/i686/cmov/libdl-2.10.1.so
00331000-00339000 r-xp 00000000 08:02 38923 /usr/lib/libXrender.so.1.3.0
00339000-0033a000 r--p 00007000 08:02 38923 /usr/lib/libXrender.so.1.3.0
0033a000-0033b000 rw-p 00008000 08:02 38923 /usr/lib/libXrender.so.1.3.0
0033b000-00342000 r-xp 00000000 08:02 7812 /usr/lib/libXrandr.so.2.2.0
00342000-00343000 r--p 00006000 08:02 7812 /usr/lib/libXrandr.so.2.2.0
00343000-00344000 rw-p 00007000 08:02 7812 /usr/lib/libXrandr.so.2.2.0
00344000-00346000 r-xp 00000000 08:02 7802 /usr/lib/libXinerama.so.1.0.0
00346000-00347000 rw-p 00001000 08:02 7802 /usr/lib/libXinerama.so.1.0.0
00347000-0039d000 r-xp 00000000 08:02 8652 /usr/lib/libtiff.so.4.2.1
0039d000-0039f000 r--p 00055000 08:02 8652 /usr/lib/libtiff.so.4.2.1
0039f000-003a0000 rw-p 00057000 08:02 8652 /usr/lib/libtiff.so.4.2.1
003a0000-00486000 r-xp 00000000 08:02 9768 /usr/lib/libstdc++.so.6.0.13
00486000-0048a000 r--p 000e6000 08:02 9768 /usr/lib/libstdc++.so.6.0.13
0048a000-0048b000 rw-p 000ea000 08:02 9768 /usr/lib/libstdc++.so.6.0.13
0048b000-00492000 rw-p 00000000 00:00 0
00492000-004ae000 r-xp 00000000 08:02 8721 /usr/lib/libxcb.so.1.1.0
004ae000-004af000 r--p 0001c000 08:02 8721 /usr/lib/libxcb.so.1.1.0
004af000-004b0000 rw-p 0001d000 08:02 8721 /usr/lib/libxcb.so.1.1.0
004b0000-004db000 r-xp 00000000 08:02 8032 /usr/lib/libfontconfig.so.1.3.0
004db000-004dc000 r--p 0002a000 08:02 8032 /usr/lib/libfontconfig.so.1.3.0
004dc000-004dd000 rw-p 0002b000 08:02 8032 /usr/lib/libfontconfig.so.1.3.0
004dd000-004f5000 r-xp 00000000 08:02 117747 /usr/lib/libaudio.so.2.4
004f5000-004f6000 r--p 00017000 08:02 117747 /usr/lib/libaudio.so.2.4
004f6000-004f7000 rw-p 00018000 08:02 117747 /usr/lib/libaudio.so.2.4
004f7000-00500000 r-xp 00000000 08:02 7786 /usr/lib/libXcursor.so.1.0.2
00500000-00501000 r--p 00008000 08:02 7786 /usr/lib/libXcursor.so.1.0.2
00501000-00502000 rw-p 00009000 08:02 7786 /usr/lib/libXcursor.so.1.0.2
00502000-00506000 r-xp 00000000 08:02 7790 /usr/lib/libXdmcp.so.6.0.0
00506000-00507000 rw-p 00003000 08:02 7790 /usr/lib/libXdmcp.so.6.0.0
00509000-00517000 r-xp 00000000 08:02 29739 /usr/lib/libXext.so.6.4.0
00517000-00518000 r--p 0000d000 08:02 29739 /usr/lib/libXext.so.6.4.0
00518000-00519000 rw-p 0000e000 08:02 29739 /usr/lib/libXext.so.6.4.0
00519000-00c06000 r-xp 00000000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c06000-00c07000 ---p 006ed000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c07000-00c3f000 r--p 006ed000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c3f000-00c47000 rw-p 00725000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c47000-00c4b000 rw-p 00000000 00:00 0
00c4b000-00c9a000 r-xp 00000000 08:02 7818 /usr/lib/libXt.so.6.0.0
00c9a000-00c9b000 r--p 0004f000 08:02 7818 /usr/lib/libXt.so.6.0.0
00c9b000-00c9e000 rw-p 00050000 08:02 7818 /usr/lib/libXt.so.6.0.0
00c9e000-00cb0000 r-xp 00000000 08:02 7798 /usr/lib/libXft.so.2.1.13
00cb0000-00cb1000 r--p 00011000 08:02 7798 /usr/lib/libXft.so.2.1.13
00cb1000-00cb2000 rw-p 00012000 08:02 7798 /usr/lib/libXft.so.2.1.13
00cb4000-00ce4000 r-xp 00000000 08:02 8351 /usr/lib/liblcms.so.1.0.18
00ce4000-00ce5000 r--p 0002f000 08:02 8351 /usr/lib/liblcms.so.1.0.18
00ce5000-00ce6000 rw-p 00030000 08:02 8351 /usr/lib/liblcms.so.1.0.18
00ce6000-00ce8000 rw-p 00000000 00:00 0
00ce8000-00e26000 r-xp 00000000 08:02 1300 /lib/tls/i686/cmov/libc-2.10.1.so
00e26000-00e28000 r--p 0013e000 08:02 1300 /lib/tls/i686/cmov/libc-2.10.1.so
00e28000-00e29000 rw-p 00140000 08:02 1300 /lib/tls/i686/cmov/libc-2.10.1.so
00e29000-00e2c000 rw-p 00000000 00:00 0
00e2c000-00e52000 r-xp 00000000 08:02 8497 /usr/lib/libpng12.so.0.37.0
00e52000-00e53000 r--p 00025000 08:02 8497 /usr/lib/libpng12.so.0.37.0
00e53000-00e54000 rw-p 00026000 08:02 8497 /usr/lib/libpng12.so.0.37.0
00e54000-00e5b000 r-xp 00000000 08:02 7770 /usr/lib/libSM.so.6.0.0
Program received signal SIGABRT, Aborted.
0x002cd422 in __kernel_vsyscall ()
(gdb) backtrace
#0 0x002cd422 in __kernel_vsyscall ()
#1 0x00d124d1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0x00d15932 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x00d48ee5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0x00dc8de8 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
#5 0x00dc7e20 in __chk_fail () from /lib/tls/i686/cmov/libc.so.6
#6 0x00dc7194 in __strcpy_chk () from /lib/tls/i686/cmov/libc.so.6
#7 0x080c0adb in strcpy (hdr=0x819a920) at /usr/include/bits/string3.h:106
#8 cmsxChoosePCS (hdr=0x819a920) at src/liblprof/cmsprf.c:743
#9 0x080bd808 in cmsxScannerProfilerDo (sys=0x819a920) at src/liblprof/cmsscn.c:984
#10 0x080a0d99 in lprofMain::DoScannerProfile (this=0xbfffef48)
    at src/lprofqt/lprofmain.cpp:1582
#11 0x08065883 in lprofMainBase::qt_invoke (this=0xbfffef48, _id=56, _o=0xbfffe788)
    at build/linux/lprofqt/moc_lprofmainbase.cc:121
#12 0x007b735a in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/lib/libqt-mt.so.3
#13 0x007b9328 in QObject::activate_signal(int) () from /usr/lib/libqt-mt.so.3
#14 0x00b1d7ac in QButton::clicked() () from /usr/lib/libqt-mt.so.3
#15 0x00852540 in QButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libqt-mt.so.3
#16 0x007f0f41 in QWidget::event(QEvent*) () from /usr/lib/libqt-mt.so.3
#17 0x007524b7 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/lib/libqt-mt.so.3
#18 0x007535d5 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3
#19 0x006ec62e in QApplication::sendSpontaneousEvent(QObject*, QEvent*) ()
   from /usr/lib/libqt-mt.so.3
#20 0x006e9399 in QETWidget::translateMouseEvent(_XEvent const*) ()
   from /usr/lib/libqt-mt.so.3
#21 0x006e8197 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libqt-mt.so.3
#22 0x006fc7a4 in QEventLoop::processEvents(unsigned int) () from /usr/lib/libqt-mt.so.3
#23 0x0076b4b0 in QEventLoop::enterLoop() () from /usr/lib/libqt-mt.so.3
#24 0x0076b356 in QEventLoop::exec() () from /usr/lib/libqt-mt.so.3
#25 0x00752b0f in QApplication::exec() () from /usr/lib/libqt-mt.so.3
#26 0x080b1beb in main (argc=1, argv=0xbffff494) at src/lprofqt/main.cpp:142
(gdb) up
#1 0x00d124d1 in raise () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#2 0x00d15932 in abort () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#3 0x00d48ee5 in ?? () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#4 0x00dc8de8 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#5 0x00dc7e20 in __chk_fail () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#6 0x00dc7194 in __strcpy_chk () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#7 0x080c0adb in strcpy (hdr=0x819a920) at /usr/include/bits/string3.h:106
106 return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
Current language: auto
The current source language is "auto; currently c".
(gdb) up
#8 cmsxChoosePCS (hdr=0x819a920) at src/liblprof/cmsprf.c:743
743 strcpy(temp2, strtok(NULL, ")"));
(gdb) print Buffer
$1 = "Unknown\000white\000point\000(X:5.1e-308, Y:6.7e-318, Z:2.1e-307", '\000' <repeats 200 times>
(gdb) print hdr->WhitePoint
$2 = {X = 5.1468732899162896e-308, Y = 6.7390652905875197e-318, Z = 2.1344184302048677e-307}
(gdb)

Revision history for this message
mungewell (simon-mungewell) wrote :

Arrggghhh!

temp2 is only 30 characters long.
Line 669:
--
char temp2[30];
--

And, yes, something else is screwed to give such a wacky whitepoint. But that's the next problem.
Mungewell.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lprof (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.