[Kst] SIGABRT in meminfo()

bug.zilla.vynce at neverbox.com bug.zilla.vynce at neverbox.com
Wed Sep 23 01:19:58 CEST 2009

I'm running kst-1.8.0-3.fc12.i686.rpm recompiled for FC10 on Fedora
10. The same problem also occurred with kst-1.7.0-3.fc10.i386.rpm.

After running for a few hours, Kst kills itself with a SIGABRT in the
meminfo() function. Here's a backtrace from gdb:

#0  0x0028f424 in __kernel_vsyscall ()
#1  0x00e0b460 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x00e0ce28 in abort () at abort.c:88
#3  0x00e48fed in __libc_message (do_abort=2,
    fmt=0xf2211c "*** %s ***: %s terminated\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x00edd938 in __fortify_fail (msg=0xf220c6 "buffer overflow detected")
    at fortify_fail.c:32
#5  0x00edba30 in __chk_fail () at chk_fail.c:29
#6  0x00edacf4 in __strcpy_chk (dest=0xbfffe248 "PageTables:     ",
    src=0x60a808 "PageTables", destlen=11825) at strcpy_chk.c:61
#7  0x005c9356 in strcpy () at /usr/include/bits/string3.h:106
#8  meminfo () at sysinfo.c:537
#9  0x03735ef9 in KstApp::updateMemoryStatus (this=0x80ccff0) at kst.cpp:2699

glibc thinks that the strcpy() overflowed its destination buffer, but
I don't think it actually has. The __fortify_fail() call is part of a
buffer overflow protection scheme in glibc that was introduced for C++
in Fedora 8. See the FORTIFY_SOURCE section here:

#8  meminfo () at sysinfo.c:537
537	    strcpy(namebuf,head);

(gdb) p namebuf
$6 = "PageTables:     "
(gdb) p head
$7 = 0x60a808 "PageTables"

I still have kst open in gdb at this point, so let me know if I can
provide any more info. I have a core dump, but it's 132MB.


More information about the Kst mailing list