Public bug reported:
Binary package hint: xfstt
Version is 1.7-5 AMD64.
xfstt fails to run and reports buffer overflow:
corrupt font database!
opening TTF database failed, while reading "/usr/share/fonts/truetype" to build it.
*** buffer overflow detected ***: xfstt terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fa1c2f87747]
/lib/libc.so.6[0x7fa1c2f86660]
/lib/libc.so.6[0x7fa1c2f8588d]
xfstt[0x403162]
xfstt[0x4057de]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7fa1c2eaa606]
xfstt(__gxx_personality_v0+0xf9)[0x402539]
======= Memory map: ========
00400000-0041a000 r-xp 00000000 08:03 577863 /usr/bin/xfstt
00619000-0061a000 r--p 00019000 08:03 577863 /usr/bin/xfstt
0061a000-0061b000 rw-p 0001a000 08:03 577863 /usr/bin/xfstt
0061b000-00628000 rw-p 00000000 00:00 0
01591000-015b2000 rw-p 00000000 00:00 0 [heap]
7fa1c2e8c000-7fa1c2ff2000 r-xp 00000000 08:03 516128 /lib/libc-2.9.so
7fa1c2ff2000-7fa1c31f1000 ---p 00166000 08:03 516128 /lib/libc-2.9.so
7fa1c31f1000-7fa1c31f5000 r--p 00165000 08:03 516128 /lib/libc-2.9.so
7fa1c31f5000-7fa1c31f6000 rw-p 00169000 08:03 516128 /lib/libc-2.9.so
7fa1c31f6000-7fa1c31fb000 rw-p 00000000 00:00 0
7fa1c31fb000-7fa1c3215000 r-xp 00000000 08:03 716778 /lib/libgcc_s.so.1
7fa1c3215000-7fa1c3414000 ---p 0001a000 08:03 716778 /lib/libgcc_s.so.1
7fa1c3414000-7fa1c3415000 r--p 00019000 08:03 716778 /lib/libgcc_s.so.1
7fa1c3415000-7fa1c3416000 rw-p 0001a000 08:03 716778 /lib/libgcc_s.so.1
7fa1c3416000-7fa1c3499000 r-xp 00000000 08:03 516140 /lib/libm-2.9.so
7fa1c3499000-7fa1c3699000 ---p 00083000 08:03 516140 /lib/libm-2.9.so
7fa1c3699000-7fa1c369a000 r--p 00083000 08:03 516140 /lib/libm-2.9.so
7fa1c369a000-7fa1c369b000 rw-p 00084000 08:03 516140 /lib/libm-2.9.so
7fa1c369b000-7fa1c378b000 r-xp 00000000 08:03 1386284 /usr/lib/libstdc++.so.6.0.12
7fa1c378b000-7fa1c398b000 ---p 000f0000 08:03 1386284 /usr/lib/libstdc++.so.6.0.12
7fa1c398b000-7fa1c3992000 r--p 000f0000 08:03 1386284 /usr/lib/libstdc++.so.6.0.12
7fa1c3992000-7fa1c3994000 rw-p 000f7000 08:03 1386284 /usr/lib/libstdc++.so.6.0.12
7fa1c3994000-7fa1c39a9000 rw-p 00000000 00:00 0
7fa1c39a9000-7fa1c39c9000 r-xp 00000000 08:03 511931 /lib/ld-2.9.so
7fa1c3a65000-7fa1c3aa4000 r--p 00000000 08:03 24562 /usr/lib/locale/en_US.utf8/LC_CTYPE
7fa1c3aa4000-7fa1c3b91000 r--p 00000000 08:03 392251 /usr/lib/locale/en_US.utf8/LC_COLLATE
7fa1c3b91000-7fa1c3b94000 rw-p 00000000 00:00 0
7fa1c3bb4000-7fa1c3bb5000 r--p 00000000 08:03 11616 /usr/lib/locale/en_US.utf8/LC_NUMERIC
7fa1c3bb5000-7fa1c3bb6000 r--p 00000000 08:03 347498 /usr/lib/locale/en_US.utf8/LC_TIME
7fa1c3bb6000-7fa1c3bb7000 r--p 00000000 08:03 347499 /usr/lib/locale/en_US.utf8/LC_MONETARY
7fa1c3bb7000-7fa1c3bb8000 r--p 00000000 08:03 11594 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
7fa1c3bb8000-7fa1c3bb9000 r--p 00000000 08:03 11591 /usr/lib/locale/en_US.utf8/LC_PAPER
7fa1c3bb9000-7fa1c3bba000 r--p 00000000 08:03 11589 /usr/lib/locale/en_US.utf8/LC_NAME
7fa1c3bba000-7fa1c3bbb000 r--p 00000000 08:03 347500 /usr/lib/locale/en_US.utf8/LC_ADDRESS
7fa1c3bbb000-7fa1c3bbc000 r--p 00000000 08:03 347501 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
7fa1c3bbc000-7fa1c3bbd000 r--p 00000000 08:03 347502 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
7fa1c3bbd000-7fa1c3bc4000 r--s 00000000 08:03 306943 /usr/lib/gconv/gconv-modules.cache
7fa1c3bc4000-7fa1c3bc5000 r--p 00000000 08:03 347505 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7fa1c3bc5000-7fa1c3bc8000 rw-p 00000000 00:00 0
7fa1c3bc8000-7fa1c3bc9000 r--p 0001f000 08:03 511931 /lib/ld-2.9.so
7fa1c3bc9000-7fa1c3bca000 rw-p 00020000 08:03 511931 /lib/ld-2.9.so
7fff94450000-7fff94465000 rw-p 00000000 00:00 0 [stack]
7fff945ee000-7fff945ef000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)
On building xfstt from source, it gives the following warning:
In file included from /usr/include/string.h:428,
from xfstt.cc:55:
In function ‘char* strncpy(char*, const char*, size_t)’,
inlined from ‘int ttSyncAll(int)’ at xfstt.cc:316:
/usr/include/bits/string3.h:122: warning: call to char* __builtin___strncpy_chk(char*, const char*, long unsigned int, long unsigned int) will always overflow destination buffer
The issue is quite obvious.
In src/xfstt.cc line 316, we have
strncpy(info.magic, "TTFNINFO", 8);
but in src/xfstt.h line 53, we have
char magic[4]; // == TTFN
It cores on strncpy'ing 8 into 4. Not sure if we have other systems
that can do it, but it won't work on mine.
Version of libc6-dev is 2.9-20ubuntu2 (AMD64).
I may still have other issues in building the font database, but xfstt
cores is the first obstacle.
Regards,
P. C.
** Affects: xfstt (Ubuntu)
Importance: Undecided
Status: New
--
xfstt cores on startup
https://bugs.launchpad.net/bugs/403074
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs