** Description changed: Binary package hint: tspc - The gw6c daemon will crash on start. When I rebuild the gw6c package - with debug symbols, I no longer get a crash. However, doing this also - turned compiler optimizations off. - $ lsb_release -rd - Description: Ubuntu karmic (development branch) + Description: Ubuntu 9.10 Release: 9.10 $ apt-cache policy gw6c gw6c: - Installé : 6.0.1dfsg.1-3 - Candidat : 6.0.1dfsg.1-3 - Table de version : - *** 6.0.1dfsg.1-3 0 - 500 http://archive.ubuntu.com karmic/universe Packages - 100 /var/lib/dpkg/status + Installé : 6.0.1dfsg.1-3 + Candidat : 6.0.1dfsg.1-3 + Table de version : + *** 6.0.1dfsg.1-3 0 + 500 http://archive.ubuntu.com karmic/universe Packages + 100 /var/lib/dpkg/status - $ sudo /usr/sbin/gw6c - *** buffer overflow detected ***: /usr/sbin/gw6c terminated - ======= Backtrace: ========= - /lib/libc.so.6(__fortify_fail+0x37)[0x7f5cb2207437] - /lib/libc.so.6[0x7f5cb22063e0] - /usr/sbin/gw6c[0x421496] - /usr/sbin/gw6c[0x41d1d3] - /usr/sbin/gw6c[0x41815a] - /usr/sbin/gw6c[0x405bc4] - /usr/sbin/gw6c[0x405fb0] - /usr/sbin/gw6c[0x410d27] - /lib/libc.so.6(__libc_start_main+0xfd)[0x7f5cb212eacd] - /usr/sbin/gw6c[0x404ea9] - ======= Memory map: ======== - 00400000-00430000 r-xp 00000000 fc:00 86668 /usr/sbin/gw6c - 0062f000-00630000 r--p 0002f000 fc:00 86668 /usr/sbin/gw6c - 00630000-00632000 rw-p 00030000 fc:00 86668 /usr/sbin/gw6c - 00632000-00647000 rw-p 00000000 00:00 0 - 01c80000-01ca1000 rw-p 00000000 00:00 0 [heap] - 7f5cb1a70000-7f5cb1af2000 r-xp 00000000 fc:00 3145761 /lib/libm-2.10.1.so - 7f5cb1af2000-7f5cb1cf2000 ---p 00082000 fc:00 3145761 /lib/libm-2.10.1.so - 7f5cb1cf2000-7f5cb1cf3000 r--p 00082000 fc:00 3145761 /lib/libm-2.10.1.so - 7f5cb1cf3000-7f5cb1cf4000 rw-p 00083000 fc:00 3145761 /lib/libm-2.10.1.so - 7f5cb1cf4000-7f5cb1d0a000 r-xp 00000000 fc:00 3145774 /lib/libz.so.1.2.3.3 - 7f5cb1d0a000-7f5cb1f0a000 ---p 00016000 fc:00 3145774 /lib/libz.so.1.2.3.3 - 7f5cb1f0a000-7f5cb1f0b000 r--p 00016000 fc:00 3145774 /lib/libz.so.1.2.3.3 - 7f5cb1f0b000-7f5cb1f0c000 rw-p 00017000 fc:00 3145774 /lib/libz.so.1.2.3.3 - 7f5cb1f0c000-7f5cb1f0e000 r-xp 00000000 fc:00 3145760 /lib/libdl-2.10.1.so - 7f5cb1f0e000-7f5cb210e000 ---p 00002000 fc:00 3145760 /lib/libdl-2.10.1.so - 7f5cb210e000-7f5cb210f000 r--p 00002000 fc:00 3145760 /lib/libdl-2.10.1.so - 7f5cb210f000-7f5cb2110000 rw-p 00003000 fc:00 3145760 /lib/libdl-2.10.1.so - 7f5cb2110000-7f5cb2276000 r-xp 00000000 fc:00 3145746 /lib/libc-2.10.1.so - 7f5cb2276000-7f5cb2475000 ---p 00166000 fc:00 3145746 /lib/libc-2.10.1.so - 7f5cb2475000-7f5cb2479000 r--p 00165000 fc:00 3145746 /lib/libc-2.10.1.so - 7f5cb2479000-7f5cb247a000 rw-p 00169000 fc:00 3145746 /lib/libc-2.10.1.so - 7f5cb247a000-7f5cb247f000 rw-p 00000000 00:00 0 - 7f5cb247f000-7f5cb2499000 r-xp 00000000 fc:00 229630 /lib/libgcc_s.so.1 - 7f5cb2499000-7f5cb2698000 ---p 0001a000 fc:00 229630 /lib/libgcc_s.so.1 - 7f5cb2698000-7f5cb2699000 r--p 00019000 fc:00 229630 /lib/libgcc_s.so.1 - 7f5cb2699000-7f5cb269a000 rw-p 0001a000 fc:00 229630 /lib/libgcc_s.so.1 - 7f5cb269a000-7f5cb278a000 r-xp 00000000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 - 7f5cb278a000-7f5cb298a000 ---p 000f0000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 - 7f5cb298a000-7f5cb2991000 r--p 000f0000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 - 7f5cb2991000-7f5cb2993000 rw-p 000f7000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 - 7f5cb2993000-7f5cb29a8000 rw-p 00000000 00:00 0 - 7f5cb29a8000-7f5cb29bf000 r-xp 00000000 fc:00 3145772 /lib/libpthread-2.10.1.so - 7f5cb29bf000-7f5cb2bbe000 ---p 00017000 fc:00 3145772 /lib/libpthread-2.10.1.so - 7f5cb2bbe000-7f5cb2bbf000 r--p 00016000 fc:00 3145772 /lib/libpthread-2.10.1.so - 7f5cb2bbf000-7f5cb2bc0000 rw-p 00017000 fc:00 3145772 /lib/libpthread-2.10.1.so - 7f5cb2bc0000-7f5cb2bc4000 rw-p 00000000 00:00 0 - 7f5cb2bc4000-7f5cb2d24000 r-xp 00000000 fc:00 3145863 /lib/libcrypto.so.0.9.8 - 7f5cb2d24000-7f5cb2f24000 ---p 00160000 fc:00 3145863 /lib/libcrypto.so.0.9.8 - 7f5cb2f24000-7f5cb2f31000 r--p 00160000 fc:00 3145863 /lib/libcrypto.so.0.9.8 - 7f5cb2f31000-7f5cb2f47000 rw-p 0016d000 fc:00 3145863 /lib/libcrypto.so.0.9.8 - 7f5cb2f47000-7f5cb2f4b000 rw-p 00000000 00:00 0 - 7f5cb2f4b000-7f5cb2f6a000 r-xp 00000000 fc:00 3145737 /lib/ld-2.10.1.so - 7f5cb3135000-7f5cb313a000 rw-p 00000000 00:00 0 - 7f5cb3166000-7f5cb3169000 rw-p 00000000 00:00 0 - 7f5cb3169000-7f5cb316a000 r--p 0001e000 fc:00 3145737 /lib/ld-2.10.1.so - 7f5cb316a000-7f5cb316b000 rw-p 0001f000 fc:00 3145737 /lib/ld-2.10.1.so - 7fff6ff62000-7fff6ff77000 rw-p 00000000 00:00 0 [stack] - 7fff6ffff000-7fff70000000 r-xp 00000000 00:00 0 [vdso] - ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] + How to reproduce: + 0. Run Ubuntu on a 64-bit architecture. + 1. Edit the configuration in /etc/gw6c/gw6c.conf by setting the "client_v4" parameter to an IP address. + 2. Restart the gw6c daemon. + 3. Check that the gw6c daemon is running. + + The gw6c daemon crashes when started if the client_v4 is set to an IP + address instead of the default value of "auto". The reason is a buffer + overflow caused by a memcpy from an integer with a length that is + dependent of the architecture to an inet_addr(3) structure that is + always 32-bit long.
** Description changed: Binary package hint: tspc $ lsb_release -rd Description: Ubuntu 9.10 Release: 9.10 $ apt-cache policy gw6c gw6c: Installé : 6.0.1dfsg.1-3 Candidat : 6.0.1dfsg.1-3 Table de version : *** 6.0.1dfsg.1-3 0 500 http://archive.ubuntu.com karmic/universe Packages 100 /var/lib/dpkg/status How to reproduce: 0. Run Ubuntu on a 64-bit architecture. 1. Edit the configuration in /etc/gw6c/gw6c.conf by setting the "client_v4" parameter to an IP address. 2. Restart the gw6c daemon. 3. Check that the gw6c daemon is running. The gw6c daemon crashes when started if the client_v4 is set to an IP address instead of the default value of "auto". The reason is a buffer overflow caused by a memcpy from an integer with a length that is - dependent of the architecture to an inet_addr(3) structure that is - always 32-bit long. + dependent of the architecture to an inet_addr_t structure that is always + 32-bit long. -- gw6c crashes with buffer overflow on start https://bugs.launchpad.net/bugs/418176 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs