Ubuntu
nfs-utils package

rpcdebug segfault in s390x

Bug #2060538 reported by Andreas Hasenack
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nfs-utils (Ubuntu)
New
Undecided
Unassigned

Bug Description

Just running rpcdebug in noble on s390x causes a segfault. In gdb we see:

Breakpoint 1, main (argc=1, argv=0x3ffffffa498) at rpcdebug.c:57
57 cdename = malloc(strlen(basename(argv[0])));
(gdb) n
58 if (cdename == NULL) {
(gdb) n
62 strcpy(cdename, basename(argv[0]));
(gdb) n
*** buffer overflow detected ***: terminated

It's the _FORTIFY_SOURCE=3 that is catching it, but only on s390x. Looks like an off-by-one.

From the strcpy() manpage:

strcpy()
These functions copy the string pointed to by src, into a string at the buffer pointed to by dst. The programmer is responsible for allocating a destination buffer large enough, that is, strlen(src) + 1. For the difference between the two functions, see RETURN VALUE.

Patch:

--- a/tools/rpcdebug/rpcdebug.c
+++ b/tools/rpcdebug/rpcdebug.c
@@ -54,7 +54,7 @@ main(int argc, char **argv)
  char * module = NULL;
  int c;

- cdename = malloc(strlen(basename(argv[0])));
+ cdename = malloc(strlen(basename(argv[0])) + 1);
  if (cdename == NULL) {
    fprintf(stderr, "failed in malloc\n");
    exit(1);

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.