[Bug 501212] [NEW] buffer overflow detected
mungewell
simon at mungewell.org
Tue Dec 29 05:33:49 UTC 2009
Public bug reported:
Binary package hint: lprof
simon at treadstone:~/lprof-1.11.4.dfsg+1.11.4.1/src/liblprof$ lsb_release -rd
Description: Ubuntu 9.10
Release: 9.10
simon at treadstone:~/lprof-1.11.4.dfsg+1.11.4.1/src/liblprof$ dpkg --list| grep lprof
ii lprof 1.11.4.dfsg+1.11.4.1-5build1 Hardware Color Profiler
Seems it does not like the image I am trying to calibrate from... buffer overflow does not occur if I build with 'noopt'
Mungewell.
---
*** buffer overflow detected ***: /usr/bin/lprof terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xdc8de8]
/lib/tls/i686/cmov/libc.so.6[0xdc7e20]
/lib/tls/i686/cmov/libc.so.6(__strcpy_chk+0x44)[0xdc7194]
/usr/bin/lprof[0x80c0adb]
/usr/bin/lprof[0x80bd808]
/usr/bin/lprof[0x80a0d99]
/usr/bin/lprof[0x8065883]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x16a)[0x7b735a]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEi+0x88)[0x7b9328]
/usr/lib/libqt-mt.so.3(_ZN7QButton7clickedEv+0x2c)[0xb1d7ac]
/usr/lib/libqt-mt.so.3(_ZN7QButton17mouseReleaseEventEP11QMouseEvent+0x110)[0x852540]
/usr/lib/libqt-mt.so.3(_ZN7QWidget5eventEP6QEvent+0x141)[0x7f0f41]
/usr/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjectP6QEvent+0xc7)[0x7524b7]
/usr/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x235)[0x7535d5]
/usr/lib/libqt-mt.so.3(_ZN12QApplication20sendSpontaneousEventEP7QObjectP6QEvent+0x3e)[0x6ec62e]
/usr/lib/libqt-mt.so.3(_ZN9QETWidget19translateMouseEventEPK7_XEvent+0xb49)[0x6e9399]
/usr/lib/libqt-mt.so.3(_ZN12QApplication15x11ProcessEventEP7_XEvent+0xbe7)[0x6e8197]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0x244)[0x6fc7a4]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0x50)[0x76b4b0]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x26)[0x76b356]
/usr/lib/libqt-mt.so.3(_ZN12QApplication4execEv+0x1f)[0x752b0f]
/usr/bin/lprof[0x80b1beb]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xcfeb56]
/usr/bin/lprof[0x8058431]
======= Memory map: ========
00110000-0023a000 r-xp 00000000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023a000-0023b000 ---p 0012a000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023b000-0023c000 r--p 0012a000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023c000-0023e000 rw-p 0012b000 08:02 7773 /usr/lib/libX11.so.6.2.0
0023e000-0023f000 rw-p 00000000 00:00 0
0023f000-0028f000 r-xp 00000000 08:02 123771 /usr/lib/libvigraimpex.so.2.0.150
0028f000-00290000 r--p 00050000 08:02 123771 /usr/lib/libvigraimpex.so.2.0.150
00290000-00291000 rw-p 00051000 08:02 123771 /usr/lib/libvigraimpex.so.2.0.150
00291000-002b5000 r-xp 00000000 08:02 1316 /lib/tls/i686/cmov/libm-2.10.1.so
002b5000-002b6000 r--p 00023000 08:02 1316 /lib/tls/i686/cmov/libm-2.10.1.so
002b6000-002b7000 rw-p 00024000 08:02 1316 /lib/tls/i686/cmov/libm-2.10.1.so
002b7000-002cb000 r-xp 00000000 08:02 1380 /lib/libz.so.1.2.3.3
002cb000-002cc000 r--p 00013000 08:02 1380 /lib/libz.so.1.2.3.3
002cc000-002cd000 rw-p 00014000 08:02 1380 /lib/libz.so.1.2.3.3
002cd000-002ce000 r-xp 00000000 00:00 0 [vdso]
002ce000-002ea000 r-xp 00000000 08:02 4354 /lib/libgcc_s.so.1
002ea000-002eb000 r--p 0001b000 08:02 4354 /lib/libgcc_s.so.1
002eb000-002ec000 rw-p 0001c000 08:02 4354 /lib/libgcc_s.so.1
002ec000-00301000 r-xp 00000000 08:02 5383 /lib/tls/i686/cmov/libpthread-2.10.1.so
00301000-00302000 r--p 00014000 08:02 5383 /lib/tls/i686/cmov/libpthread-2.10.1.so
00302000-00303000 rw-p 00015000 08:02 5383 /lib/tls/i686/cmov/libpthread-2.10.1.so
00303000-00305000 rw-p 00000000 00:00 0
00305000-00327000 r-xp 00000000 08:02 8335 /usr/lib/libjpeg.so.62.0.0
00327000-00328000 r--p 00021000 08:02 8335 /usr/lib/libjpeg.so.62.0.0
00328000-00329000 rw-p 00022000 08:02 8335 /usr/lib/libjpeg.so.62.0.0
00329000-0032b000 r-xp 00000000 08:02 7779 /usr/lib/libXau.so.6.0.0
0032b000-0032c000 r--p 00001000 08:02 7779 /usr/lib/libXau.so.6.0.0
0032c000-0032d000 rw-p 00002000 08:02 7779 /usr/lib/libXau.so.6.0.0
0032d000-0032f000 r-xp 00000000 08:02 1308 /lib/tls/i686/cmov/libdl-2.10.1.so
0032f000-00330000 r--p 00001000 08:02 1308 /lib/tls/i686/cmov/libdl-2.10.1.so
00330000-00331000 rw-p 00002000 08:02 1308 /lib/tls/i686/cmov/libdl-2.10.1.so
00331000-00339000 r-xp 00000000 08:02 38923 /usr/lib/libXrender.so.1.3.0
00339000-0033a000 r--p 00007000 08:02 38923 /usr/lib/libXrender.so.1.3.0
0033a000-0033b000 rw-p 00008000 08:02 38923 /usr/lib/libXrender.so.1.3.0
0033b000-00342000 r-xp 00000000 08:02 7812 /usr/lib/libXrandr.so.2.2.0
00342000-00343000 r--p 00006000 08:02 7812 /usr/lib/libXrandr.so.2.2.0
00343000-00344000 rw-p 00007000 08:02 7812 /usr/lib/libXrandr.so.2.2.0
00344000-00346000 r-xp 00000000 08:02 7802 /usr/lib/libXinerama.so.1.0.0
00346000-00347000 rw-p 00001000 08:02 7802 /usr/lib/libXinerama.so.1.0.0
00347000-0039d000 r-xp 00000000 08:02 8652 /usr/lib/libtiff.so.4.2.1
0039d000-0039f000 r--p 00055000 08:02 8652 /usr/lib/libtiff.so.4.2.1
0039f000-003a0000 rw-p 00057000 08:02 8652 /usr/lib/libtiff.so.4.2.1
003a0000-00486000 r-xp 00000000 08:02 9768 /usr/lib/libstdc++.so.6.0.13
00486000-0048a000 r--p 000e6000 08:02 9768 /usr/lib/libstdc++.so.6.0.13
0048a000-0048b000 rw-p 000ea000 08:02 9768 /usr/lib/libstdc++.so.6.0.13
0048b000-00492000 rw-p 00000000 00:00 0
00492000-004ae000 r-xp 00000000 08:02 8721 /usr/lib/libxcb.so.1.1.0
004ae000-004af000 r--p 0001c000 08:02 8721 /usr/lib/libxcb.so.1.1.0
004af000-004b0000 rw-p 0001d000 08:02 8721 /usr/lib/libxcb.so.1.1.0
004b0000-004db000 r-xp 00000000 08:02 8032 /usr/lib/libfontconfig.so.1.3.0
004db000-004dc000 r--p 0002a000 08:02 8032 /usr/lib/libfontconfig.so.1.3.0
004dc000-004dd000 rw-p 0002b000 08:02 8032 /usr/lib/libfontconfig.so.1.3.0
004dd000-004f5000 r-xp 00000000 08:02 117747 /usr/lib/libaudio.so.2.4
004f5000-004f6000 r--p 00017000 08:02 117747 /usr/lib/libaudio.so.2.4
004f6000-004f7000 rw-p 00018000 08:02 117747 /usr/lib/libaudio.so.2.4
004f7000-00500000 r-xp 00000000 08:02 7786 /usr/lib/libXcursor.so.1.0.2
00500000-00501000 r--p 00008000 08:02 7786 /usr/lib/libXcursor.so.1.0.2
00501000-00502000 rw-p 00009000 08:02 7786 /usr/lib/libXcursor.so.1.0.2
00502000-00506000 r-xp 00000000 08:02 7790 /usr/lib/libXdmcp.so.6.0.0
00506000-00507000 rw-p 00003000 08:02 7790 /usr/lib/libXdmcp.so.6.0.0
00509000-00517000 r-xp 00000000 08:02 29739 /usr/lib/libXext.so.6.4.0
00517000-00518000 r--p 0000d000 08:02 29739 /usr/lib/libXext.so.6.4.0
00518000-00519000 rw-p 0000e000 08:02 29739 /usr/lib/libXext.so.6.4.0
00519000-00c06000 r-xp 00000000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c06000-00c07000 ---p 006ed000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c07000-00c3f000 r--p 006ed000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c3f000-00c47000 rw-p 00725000 08:02 83770 /usr/lib/libqt-mt.so.3.3.8
00c47000-00c4b000 rw-p 00000000 00:00 0
00c4b000-00c9a000 r-xp 00000000 08:02 7818 /usr/lib/libXt.so.6.0.0
00c9a000-00c9b000 r--p 0004f000 08:02 7818 /usr/lib/libXt.so.6.0.0
00c9b000-00c9e000 rw-p 00050000 08:02 7818 /usr/lib/libXt.so.6.0.0
00c9e000-00cb0000 r-xp 00000000 08:02 7798 /usr/lib/libXft.so.2.1.13
00cb0000-00cb1000 r--p 00011000 08:02 7798 /usr/lib/libXft.so.2.1.13
00cb1000-00cb2000 rw-p 00012000 08:02 7798 /usr/lib/libXft.so.2.1.13
00cb4000-00ce4000 r-xp 00000000 08:02 8351 /usr/lib/liblcms.so.1.0.18
00ce4000-00ce5000 r--p 0002f000 08:02 8351 /usr/lib/liblcms.so.1.0.18
00ce5000-00ce6000 rw-p 00030000 08:02 8351 /usr/lib/liblcms.so.1.0.18
00ce6000-00ce8000 rw-p 00000000 00:00 0
00ce8000-00e26000 r-xp 00000000 08:02 1300 /lib/tls/i686/cmov/libc-2.10.1.so
00e26000-00e28000 r--p 0013e000 08:02 1300 /lib/tls/i686/cmov/libc-2.10.1.so
00e28000-00e29000 rw-p 00140000 08:02 1300 /lib/tls/i686/cmov/libc-2.10.1.so
00e29000-00e2c000 rw-p 00000000 00:00 0
00e2c000-00e52000 r-xp 00000000 08:02 8497 /usr/lib/libpng12.so.0.37.0
00e52000-00e53000 r--p 00025000 08:02 8497 /usr/lib/libpng12.so.0.37.0
00e53000-00e54000 rw-p 00026000 08:02 8497 /usr/lib/libpng12.so.0.37.0
00e54000-00e5b000 r-xp 00000000 08:02 7770 /usr/lib/libSM.so.6.0.0
Program received signal SIGABRT, Aborted.
0x002cd422 in __kernel_vsyscall ()
(gdb) backtrace
#0 0x002cd422 in __kernel_vsyscall ()
#1 0x00d124d1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0x00d15932 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x00d48ee5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0x00dc8de8 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
#5 0x00dc7e20 in __chk_fail () from /lib/tls/i686/cmov/libc.so.6
#6 0x00dc7194 in __strcpy_chk () from /lib/tls/i686/cmov/libc.so.6
#7 0x080c0adb in strcpy (hdr=0x819a920) at /usr/include/bits/string3.h:106
#8 cmsxChoosePCS (hdr=0x819a920) at src/liblprof/cmsprf.c:743
#9 0x080bd808 in cmsxScannerProfilerDo (sys=0x819a920) at src/liblprof/cmsscn.c:984
#10 0x080a0d99 in lprofMain::DoScannerProfile (this=0xbfffef48)
at src/lprofqt/lprofmain.cpp:1582
#11 0x08065883 in lprofMainBase::qt_invoke (this=0xbfffef48, _id=56, _o=0xbfffe788)
at build/linux/lprofqt/moc_lprofmainbase.cc:121
#12 0x007b735a in QObject::activate_signal(QConnectionList*, QUObject*) ()
from /usr/lib/libqt-mt.so.3
#13 0x007b9328 in QObject::activate_signal(int) () from /usr/lib/libqt-mt.so.3
#14 0x00b1d7ac in QButton::clicked() () from /usr/lib/libqt-mt.so.3
#15 0x00852540 in QButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libqt-mt.so.3
#16 0x007f0f41 in QWidget::event(QEvent*) () from /usr/lib/libqt-mt.so.3
#17 0x007524b7 in QApplication::internalNotify(QObject*, QEvent*) ()
from /usr/lib/libqt-mt.so.3
#18 0x007535d5 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3
#19 0x006ec62e in QApplication::sendSpontaneousEvent(QObject*, QEvent*) ()
from /usr/lib/libqt-mt.so.3
#20 0x006e9399 in QETWidget::translateMouseEvent(_XEvent const*) ()
from /usr/lib/libqt-mt.so.3
#21 0x006e8197 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libqt-mt.so.3
#22 0x006fc7a4 in QEventLoop::processEvents(unsigned int) () from /usr/lib/libqt-mt.so.3
#23 0x0076b4b0 in QEventLoop::enterLoop() () from /usr/lib/libqt-mt.so.3
#24 0x0076b356 in QEventLoop::exec() () from /usr/lib/libqt-mt.so.3
#25 0x00752b0f in QApplication::exec() () from /usr/lib/libqt-mt.so.3
#26 0x080b1beb in main (argc=1, argv=0xbffff494) at src/lprofqt/main.cpp:142
(gdb) up
#1 0x00d124d1 in raise () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#2 0x00d15932 in abort () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#3 0x00d48ee5 in ?? () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#4 0x00dc8de8 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#5 0x00dc7e20 in __chk_fail () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#6 0x00dc7194 in __strcpy_chk () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#7 0x080c0adb in strcpy (hdr=0x819a920) at /usr/include/bits/string3.h:106
106 return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
Current language: auto
The current source language is "auto; currently c".
(gdb) up
#8 cmsxChoosePCS (hdr=0x819a920) at src/liblprof/cmsprf.c:743
743 strcpy(temp2, strtok(NULL, ")"));
(gdb) print Buffer
$1 = "Unknown\000white\000point\000(X:5.1e-308, Y:6.7e-318, Z:2.1e-307", '\000' <repeats 200 times>
(gdb) print hdr->WhitePoint
$2 = {X = 5.1468732899162896e-308, Y = 6.7390652905875197e-318, Z = 2.1344184302048677e-307}
(gdb)
** Affects: lprof (Ubuntu)
Importance: Undecided
Status: New
--
buffer overflow detected
https://bugs.launchpad.net/bugs/501212
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list