1084 – buffer overflow on slirpvde

Bug 1084 - buffer overflow on slirpvde

Summary: buffer overflow on slirpvde

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	x86_64 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1678
	Show dependency tree / graph

Reported:	2011-05-01 11:53 CEST by Matthieu Duchemin
Modified:	2011-06-08 00:37 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	vde2
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Matthieu Duchemin 2011-05-01 11:53:36 CEST

Description of problem:
slirpvde crash after buffer overflow


*** buffer overflow detected ***: slirpvde terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f54b6bbeb27]
/lib64/libc.so.6(+0xeda80)[0x7f54b6bbca80]
/lib64/libc.so.6(+0xee0f7)[0x7f54b6bbd0f7]
slirpvde[0x40b237]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f54b6aedc3d]
slirpvde[0x401ae9]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 08:01 821745                             /usr/bin/slirpvde
0060e000-0060f000 r--p 0000e000 08:01 821745                             /usr/bin/slirpvde
0060f000-00610000 rw-p 0000f000 08:01 821745                             /usr/bin/slirpvde
00610000-00611000 rw-p 00000000 00:00 0 
01a6d000-01a8e000 rw-p 00000000 00:00 0                                  [heap]
7f54b68ba000-7f54b68cf000 r-xp 00000000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b68cf000-7f54b6ace000 ---p 00015000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b6ace000-7f54b6acf000 rw-p 00014000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b6acf000-7f54b6c37000 r-xp 00000000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6c37000-7f54b6e36000 ---p 00168000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e36000-7f54b6e3a000 r--p 00167000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e3a000-7f54b6e3b000 rw-p 0016b000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e3b000-7f54b6e40000 rw-p 00000000 00:00 0 
7f54b6e40000-7f54b6e44000 r-xp 00000000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b6e44000-7f54b7043000 ---p 00004000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7043000-7f54b7044000 r--p 00003000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7044000-7f54b7045000 rw-p 00004000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7045000-7f54b7062000 r-xp 00000000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b723b000-7f54b723e000 rw-p 00000000 00:00 0 
7f54b7260000-7f54b7261000 rw-p 00000000 00:00 0 
7f54b7261000-7f54b7262000 r--p 0001c000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b7262000-7f54b7263000 rw-p 0001d000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b7263000-7f54b7264000 rw-p 00000000 00:00 0 
7fff4c2ab000-7fff4c2cc000 rw-p 00000000 00:00 0                          [stack]
7fff4c365000-7fff4c366000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Abandon



Version-Release number of selected component (if applicable):
2.2.2-5.mga1

How reproducible:



Steps to Reproduce:
1. launch slirpvde

Christiaan Welvaart 2011-06-08 00:17:46 CEST

Blocks: (none) => 1678

Comment 1 Christiaan Welvaart 2011-06-08 00:37:22 CEST

Fixed for cauldron in vde2-2.2.3-1.mga2. I also filed this bug on mageia 1, but that fix will have to go through the update procedure.

Status: NEW => RESOLVED
CC: (none) => cjw
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.