Bug 1084

Summary: buffer overflow on slirpvde
Product: Mageia Reporter: Matthieu Duchemin <alkahan>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: cjw
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: vde2 CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 1678    

Description Matthieu Duchemin 2011-05-01 11:53:36 CEST 
Description of problem:
slirpvde crash after buffer overflow


*** buffer overflow detected ***: slirpvde terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f54b6bbeb27]
/lib64/libc.so.6(+0xeda80)[0x7f54b6bbca80]
/lib64/libc.so.6(+0xee0f7)[0x7f54b6bbd0f7]
slirpvde[0x40b237]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f54b6aedc3d]
slirpvde[0x401ae9]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 08:01 821745                             /usr/bin/slirpvde
0060e000-0060f000 r--p 0000e000 08:01 821745                             /usr/bin/slirpvde
0060f000-00610000 rw-p 0000f000 08:01 821745                             /usr/bin/slirpvde
00610000-00611000 rw-p 00000000 00:00 0 
01a6d000-01a8e000 rw-p 00000000 00:00 0                                  [heap]
7f54b68ba000-7f54b68cf000 r-xp 00000000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b68cf000-7f54b6ace000 ---p 00015000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b6ace000-7f54b6acf000 rw-p 00014000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b6acf000-7f54b6c37000 r-xp 00000000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6c37000-7f54b6e36000 ---p 00168000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e36000-7f54b6e3a000 r--p 00167000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e3a000-7f54b6e3b000 rw-p 0016b000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e3b000-7f54b6e40000 rw-p 00000000 00:00 0 
7f54b6e40000-7f54b6e44000 r-xp 00000000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b6e44000-7f54b7043000 ---p 00004000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7043000-7f54b7044000 r--p 00003000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7044000-7f54b7045000 rw-p 00004000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7045000-7f54b7062000 r-xp 00000000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b723b000-7f54b723e000 rw-p 00000000 00:00 0 
7f54b7260000-7f54b7261000 rw-p 00000000 00:00 0 
7f54b7261000-7f54b7262000 r--p 0001c000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b7262000-7f54b7263000 rw-p 0001d000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b7263000-7f54b7264000 rw-p 00000000 00:00 0 
7fff4c2ab000-7fff4c2cc000 rw-p 00000000 00:00 0                          [stack]
7fff4c365000-7fff4c366000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Abandon



Version-Release number of selected component (if applicable):
2.2.2-5.mga1

How reproducible:



Steps to Reproduce:
1. launch slirpvde
Christiaan Welvaart 2011-06-08 00:17:46 CEST

Blocks: (none) => 1678

Comment 1 Christiaan Welvaart 2011-06-08 00:37:22 CEST 
Fixed for cauldron in vde2-2.2.3-1.mga2. I also filed this bug on mageia 1, but that fix will have to go through the update procedure.

Status: NEW => RESOLVED
CC: (none) => cjw
Resolution: (none) => FIXED