[Vm-dev] Re: [Pharo-dev] Buffer overflow in VM?

btc at openinworld.com btc at openinworld.com
Tue Mar 18 00:30:02 UTC 2014


Forwarded to VM list.

Jan Vrany wrote:
> Hi guys,
>
> when validating fix from Ben, I found another interesting thing:
>
> 1) Create quite a deeply nested directory, in my case full path was:
>
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf 
>
>
> (yes, it's that crazy, nevertheless perfectly valid. 248 bytes in
> total.
>
> 2) Download last pharo to the inner-most directory:
>   wget -O- get.pharo.org/30+vm | bash
>
> 3) run it:
>    ./pharo-ui Pharo.image
>
> VM crashes, producing following on stdout/err:
>
> *** buffer overflow detected ***: 
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo 
> terminated
> ======= Backtrace: =========
> /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x65)[0xf763ded5]
> /lib/i386-linux-gnu/libc.so.6(+0x103c8a)[0xf763cc8a]
> /lib/i386-linux-gnu/libc.so.6(+0x1032e8)[0xf763c2e8]
> /lib/i386-linux-gnu/libc.so.6(_IO_default_xsputn+0x91)[0xf75ac501]
> /lib/i386-linux-gnu/libc.so.6(_IO_vfprintf+0x2352)[0xf757de02]
> /lib/i386-linux-gnu/libc.so.6(__vsprintf_chk+0xc9)[0xf763c3b9]
> /lib/i386-linux-gnu/libc.so.6(__sprintf_chk+0x2f)[0xf763c2cf]
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo[0x8098763] 
>
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo(ioLoadModule+0x172)[0x8098a72] 
>
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo(queryLoadModule+0x123)[0x809a393] 
>
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo(queryModule+0x1f)[0x809a47f] 
>
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo(main+0x4e9)[0x805b519] 
>
> /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xf75524d3]
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo[0x805b5f1] 
>
> ======= Memory map: ========
> 08048000-0812c000 r-xp 00000000 fc:00 5779868
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo 
>
> 0812c000-0812d000 r--p 000e3000 fc:00 5779868
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo 
>
> 0812d000-08137000 rw-p 000e4000 fc:00 5779868
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/pharo 
>
> 08137000-08173000 rw-p 00000000 00:00 0
> 08b12000-08b33000 rw-p 00000000 00:00 0  [heap]
> f6f5d000-f6f79000 r-xp 00000000 fc:00 2913365 
>  /lib/i386-linux-gnu/libgcc_s.so.1
> f6f79000-f6f7a000 r--p 0001b000 fc:00 2913365 
>  /lib/i386-linux-gnu/libgcc_s.so.1
> f6f7a000-f6f7b000 rw-p 0001c000 fc:00 2913365 
>  /lib/i386-linux-gnu/libgcc_s.so.1
> f6f7b000-f6f82000 r-xp 00000000 fc:00 2989741 
>  /lib/i386-linux-gnu/librt-2.15.so
> f6f82000-f6f83000 r--p 00006000 fc:00 2989741 
>  /lib/i386-linux-gnu/librt-2.15.so
> f6f83000-f6f84000 rw-p 00007000 fc:00 2989741 
>  /lib/i386-linux-gnu/librt-2.15.so
> f6f84000-f6f89000 r-xp 00000000 fc:00 3841794 
>  /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
> f6f89000-f6f8a000 r--p 00004000 fc:00 3841794 
>  /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
> f6f8a000-f6f8b000 rw-p 00005000 fc:00 3841794 
>  /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
> f6f8b000-f6f8d000 r-xp 00000000 fc:00 3841792 
>  /usr/lib/i386-linux-gnu/libXau.so.6.0.0
> f6f8d000-f6f8e000 r--p 00001000 fc:00 3841792 
>  /usr/lib/i386-linux-gnu/libXau.so.6.0.0
> f6f8e000-f6f8f000 rw-p 00002000 fc:00 3841792 
>  /usr/lib/i386-linux-gnu/libXau.so.6.0.0
> f6f8f000-f6f9a000 r-xp 00000000 fc:00 3801636 
>  /usr/lib/i386-linux-gnu/libdrm.so.2.4.0
> f6f9a000-f6f9b000 r--p 0000a000 fc:00 3801636 
>  /usr/lib/i386-linux-gnu/libdrm.so.2.4.0
> f6f9b000-f6f9c000 rw-p 0000b000 fc:00 3801636 
>  /usr/lib/i386-linux-gnu/libdrm.so.2.4.0
> f6f9c000-f6fbc000 r-xp 00000000 fc:00 3846353 
>  /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
> f6fbc000-f6fbd000 r--p 0001f000 fc:00 3846353 
>  /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
> f6fbd000-f6fbe000 rw-p 00020000 fc:00 3846353 
>  /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
> f6fbe000-f6fd4000 r-xp 00000000 fc:00 3843823 
>  /usr/lib/i386-linux-gnu/libxcb-glx.so.0.0.0
> f6fd4000-f6fd5000 r--p 00016000 fc:00 3843823 
>  /usr/lib/i386-linux-gnu/libxcb-glx.so.0.0.0
> f6fd5000-f6fd6000 rw-p 00017000 fc:00 3843823 
>  /usr/lib/i386-linux-gnu/libxcb-glx.so.0.0.0
> f6fd6000-f6fdb000 r-xp 00000000 fc:00 3846389 
>  /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
> f6fdb000-f6fdc000 r--p 00004000 fc:00 3846389 
>  /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
> f6fdc000-f6fdd000 rw-p 00005000 fc:00 3846389 
>  /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
> f6fdd000-f6fdf000 r-xp 00000000 fc:00 3843329 
>  /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0
> f6fdf000-f6fe0000 r--p 00001000 fc:00 3843329 
>  /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0
> f6fe0000-f6fe1000 rw-p 00002000 fc:00 3843329 
>  /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0
> f6fe1000-f6ff1000 r-xp 00000000 fc:00 3846377 
>  /usr/lib/i386-linux-gnu/libXext.so.6.4.0
> f6ff1000-f6ff2000 r--p 0000f000 fc:00 3846377 
>  /usr/lib/i386-linux-gnu/libXext.so.6.4.0
> f6ff2000-f6ff3000 rw-p 00010000 fc:00 3846377 
>  /usr/lib/i386-linux-gnu/libXext.so.6.4.0
> f6ff3000-f7126000 r-xp 00000000 fc:00 3846357 
>  /usr/lib/i386-linux-gnu/libX11.so.6.3.0
> f7126000-f7127000 r--p 00132000 fc:00 3846357 
>  /usr/lib/i386-linux-gnu/libX11.so.6.3.0
> f7127000-f712a000 rw-p 00133000 fc:00 3846357 
>  /usr/lib/i386-linux-gnu/libX11.so.6.3.0
> f712a000-f7181000 r-xp 00000000 fc:00 3806685 
>  /usr/lib/i386-linux-gnu/mesa/libGL.so.1.2.0
> f7181000-f7183000 r--p 00056000 fc:00 3806685 
>  /usr/lib/i386-linux-gnu/mesa/libGL.so.1.2.0
> f7183000-f7188000 rwxp 00058000 fc:00 3806685 
>  /usr/lib/i386-linux-gnu/mesa/libGL.so.1.2.0
> f71ac000-f71c4000 r-xp 00000000 fc:00 5779870
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/vm-display-X11 
>
> f71c4000-f71c5000 r--p 00017000 fc:00 5779870
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/vm-display-X11 
>
> f71c5000-f71c6000 rw-p 00018000 fc:00 5779870
> /home/jv/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf/pharo-vm/vm-display-X11 
>
> f71c6000-f71c7000 rw-p 00000000 00:00 0
> f71c7000-f71c8000 r--p 00461000 fc:00 3688627 
>  /usr/lib/locale/locale-archive
> f71c8000-f7338000 r--p 001bc000 fc:00 3688627 
>  /usr/lib/locale/locale-archive
> f7338000-f7538000 r--p 00000000 fc:00 3688627 
>  /usr/lib/locale/locale-archive
> f7538000-f7539000 rw-p 00000000 00:00 0
> f7539000-f76dd000 r-xp 00000000 fc:00 2989731 
>  /lib/i386-linux-gnu/libc-2.15.so
> f76dd000-f76de000 ---p 001a4000 fc:00 2989731 
>  /lib/i386-linux-gnu/libc-2.15.so
> f76de000-f76e0000 r--p 001a4000 fc:00 2989731 
>  /lib/i386-linux-gnu/libc-2.15.so
> f76e0000-f76e1000 rw-p 001a6000 fc:00 2989731 
>  /lib/i386-linux-gnu/libc-2.15.so
> f76e1000-f76e4000 rw-p 00000000 00:00 0
> f76e4000-f76fb000 r-xp 00000000 fc:00 2989747 
>  /lib/i386-linux-gnu/libpthread-2.15.so
> f76fb000-f76fc000 r--p 00016000 fc:00 2989747 
>  /lib/i386-linux-gnu/libpthread-2.15.so
> f76fc000-f76fd000 rw-p 00017000 fc:00 2989747 
>  /lib/i386-linux-gnu/libpthread-2.15.so
> f76fd000-f7700000 rw-p 00000000 00:00 0
> f7700000-f7703000 r-xp 00000000 fc:00 2989746 
>  /lib/i386-linux-gnu/libdl-2.15.so
> f7703000-f7704000 r--p 00002000 fc:00 2989746 
>  /lib/i386-linux-gnu/libdl-2.15.so
> f7704000-f7705000 rw-p 00003000 fc:00 2989746 
>  /lib/i386-linux-gnu/libdl-2.15.so
> f7705000-f772f000 r-xp 00000000 fc:00 2989763 
>  /lib/i386-linux-gnu/libm-2.15.so
> f772f000-f7730000 r--p 00029000 fc:00 2989763 
>  /lib/i386-linux-gnu/libm-2.15.so
> f7730000-f7731000 rw-p 0002a000 fc:00 2989763 
>  /lib/i386-linux-gnu/libm-2.15.so
> f7735000-f7736000 rw-p 00000000 00:00 0
> f7736000-f773a000 r-xp 00000000 fc:00 3846693 
>  /usr/lib/i386-linux-gnu/libXxf86vm.so.1.0.0
> f773a000-f773b000 r--p 00003000 fc:00 3846693 
>  /usr/lib/i386-linux-gnu/libXxf86vm.so.1.0.0
> f773b000-f773c000 rw-p 00004000 fc:00 3846693 
>  /usr/lib/i386-linux-gnu/libXxf86vm.so.1.0.0
> f773c000-f773d000 r-xp 00000000 fc:00 3843521 
>  /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0
> f773d000-f773e000 r--p 00000000 fc:00 3843521 
>  /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0
> f773e000-f773f000 rw-p 00001000 fc:00 3843521 
>  /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0
> f773f000-f774e000 r-xp 00000000 fc:00 3803606 
>  /usr/lib/i386-linux-gnu/libglapi.so.0.0.0
> f774e000-f7750000 r--p 0000f000 fc:00 3803606 
>  /usr/lib/i386-linux-gnu/libglapi.so.0.0.0
> f7750000-f7755000 rwxp 00011000 fc:00 3803606 
>  /usr/lib/i386-linux-gnu/libglapi.so.0.0.0
> f7755000-f7757000 rw-p 00000000 00:00 0
> f7757000-f7758000 r-xp 00000000 00:00 0  [vdso]
> f7758000-f7778000 r-xp 00000000 fc:00 2989754 
>  /lib/i386-linux-gnu/ld-2.15.so
> f7778000-f7779000 r--p 0001f000 fc:00 2989754 
>  /lib/i386-linux-gnu/ld-2.15.so
> f7779000-f777a000 rw-p 00020000 fc:00 2989754 
>  /lib/i386-linux-gnu/ld-2.15.so
> ffe2a000-ffe4c000 rw-p 00000000 00:00 0  [stack]
> ./pharo-ui: line 11: 31488 Aborted                 (core dumped) 
> "$DIR"/"pharo-vm/pharo" "$@"
> jv at sao:~/Projects/Pharo/3.0/dsdsadasdsadasdas/DasDasDasdASdASdASDasDas/das/das/das/dasd/dasdasdastget4efdsfsd/dasdasdasdasda/dadasdasdasdas/dasdasdadasdasdadasdasdasdasdasdasdasdsadas/dadasdasdasdasrewgdfgbfdcghbcfgdf/gdf/gdfgdfgdf/gdfg/df/gdf/gdf$ 
>
>
> Running it under GDB shows following backtrace:
>
> Program received signal SIGABRT, Aborted.
> 0xf7fdb430 in __kernel_vsyscall ()
> (gdb) bt
> #0  0xf7fdb430 in __kernel_vsyscall ()
> #1  0xf7deb1df in raise () from /lib/i386-linux-gnu/libc.so.6
> #2  0xf7dee825 in abort () from /lib/i386-linux-gnu/libc.so.6
> #3  0xf7e2839a in ?? () from /lib/i386-linux-gnu/libc.so.6
> #4  0xf7ec1ed5 in __fortify_fail () from /lib/i386-linux-gnu/libc.so.6
> #5  0xf7ec0c8a in __chk_fail () from /lib/i386-linux-gnu/libc.so.6
> #6  0xf7ec02e8 in ?? () from /lib/i386-linux-gnu/libc.so.6
> #7  0xf7e30501 in _IO_default_xsputn () from 
> /lib/i386-linux-gnu/libc.so.6
> #8  0xf7e01e02 in vfprintf () from /lib/i386-linux-gnu/libc.so.6
> #9  0xf7ec03b9 in __vsprintf_chk () from /lib/i386-linux-gnu/libc.so.6
> #10 0xf7ec02cf in __sprintf_chk () from /lib/i386-linux-gnu/libc.so.6
> #11 0x08098763 in tryLoading ()
> #12 0x08098a72 in ioLoadModule ()
> #13 0x0809a393 in queryLoadModule ()
> #14 0x0809a47f in queryModule ()
> #15 0x0805b519 in main ()
>
> Good you compile with -fstack-protector :-)
>
> Best, Jan
>
>



More information about the Vm-dev mailing list