[Bug 776192] Re: rpcgen: segfault when generating interfaces with argumentnames longer than 17bytes

Dave Gilbert ubuntu at treblig.org
Sun Aug 19 14:59:11 UTC 2012 

Triaged -> Trivial reproducer attached.

Reproduced on quantal in libc-dev-bin 2.15-0ubuntu17

** Changed in: eglibc (Ubuntu)
   Importance: Undecided => Medium

** Changed in: eglibc (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/776192

Title:
  rpcgen: segfault when generating interfaces with argumentnames longer
  than 17bytes

Status in “eglibc” package in Ubuntu:
  Triaged

Bug description:
  Steps to reproduce:

  $ cat crashing_interface.x 
  program CRASHING_PROGRAM
  {
    version CRASHING_PROGRAM_VERSION
    {
      int api1(string looooooongArgument<>) = 1;
    } = 1;
  } = 0x20003ED7;

  $ /usr/bin/rpcgen -h crashing_interface.x 
  /*
   * Please do not edit this file.
   * It was generated using rpcgen.
   */

  #ifndef _CRASHING_INTERFACE_H_RPCGEN
  #define _CRASHING_INTERFACE_H_RPCGEN
  #include <rpc/rpc.h>

  
  #ifdef __cplusplus
  extern "C" {
  #endif

  Segmentation fault

  $ dpkg -S /usr/bin/rpcgen
  libc-dev-bin: /usr/bin/rpcgen

  If I make make the argument one byte shorter the segfault does not occur.
  Probably a buffer overflow when parsing the definition file.

  This problem appeared after the upgrade from maverick to natty.

  $ apt-cache show libc-dev-bin
  Package: libc-dev-bin
  Priority: optional
  Section: libdevel
  Installed-Size: 384
  Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Original-Maintainer: GNU Libc Maintainers <debian-glibc at lists.debian.org>
  Architecture: amd64
  Source: eglibc
  Version: 2.13-0ubuntu13
  Replaces: libc0.1-dev, libc0.3-dev, libc6-dev, libc6.1-dev
  Depends: libc6 (>> 2.13~), libc6 (<< 2.14)
  Recommends: manpages-dev
  Filename: pool/main/e/eglibc/libc-dev-bin_2.13-0ubuntu13_amd64.deb
  Size: 89290
  MD5sum: e4422d30f15aa30c747de1d5c641058c
  SHA1: 1b550b8e0b7b1c768403366ebd55d3c7ecb2fe3a
  SHA256: f91f92aba556d06ef49ae549e569fc3532e67ea936d8b94a3fa7fa1960284c84
  Description: Embedded GNU C Library: Development binaries
   This package contains utility programs related to the GNU C Library
   development package.
  Multi-Arch: foreign
  Homepage: http://www.eglibc.org
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Build-Essential: yes
  Origin: Ubuntu
  Supported: 18m
  Task: ubuntu-desktop, ubuntu-uec-live, edubuntu-desktop, edubuntu-uec-live, xubuntu-desktop, mythbuntu-backend-master, mythbuntu-backend-master, mythbuntu-backend-slave, mythbuntu-desktop, mythbuntu-frontend, ubuntu-netbook

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: libc-dev-bin 2.13-0ubuntu13
  ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
  Uname: Linux 2.6.38-8-generic x86_64
  NonfreeKernelModules: openafs nvidia
  Architecture: amd64
  Date: Tue May  3 09:29:41 2011
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, user)
   LANG=en_US.UTF-8
   LANGUAGE=en_US:en
  SourcePackage: eglibc
  UpgradeStatus: Upgraded to natty on 2011-05-02 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/776192/+subscriptions

More information about the foundations-bugs mailing list