[Kst] SIGABRT in meminfo()
bug.zilla.vynce at neverbox.com
bug.zilla.vynce at neverbox.com
Wed Sep 23 01:19:58 CEST 2009
I'm running kst-1.8.0-3.fc12.i686.rpm recompiled for FC10 on Fedora
10. The same problem also occurred with kst-1.7.0-3.fc10.i386.rpm.
After running for a few hours, Kst kills itself with a SIGABRT in the
meminfo() function. Here's a backtrace from gdb:
#0 0x0028f424 in __kernel_vsyscall ()
#1 0x00e0b460 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0x00e0ce28 in abort () at abort.c:88
#3 0x00e48fed in __libc_message (do_abort=2,
fmt=0xf2211c "*** %s ***: %s terminated\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4 0x00edd938 in __fortify_fail (msg=0xf220c6 "buffer overflow detected")
at fortify_fail.c:32
#5 0x00edba30 in __chk_fail () at chk_fail.c:29
#6 0x00edacf4 in __strcpy_chk (dest=0xbfffe248 "PageTables: ",
src=0x60a808 "PageTables", destlen=11825) at strcpy_chk.c:61
#7 0x005c9356 in strcpy () at /usr/include/bits/string3.h:106
#8 meminfo () at sysinfo.c:537
#9 0x03735ef9 in KstApp::updateMemoryStatus (this=0x80ccff0) at kst.cpp:2699
...
glibc thinks that the strcpy() overflowed its destination buffer, but
I don't think it actually has. The __fortify_fail() call is part of a
buffer overflow protection scheme in glibc that was introduced for C++
in Fedora 8. See the FORTIFY_SOURCE section here:
http://fedoraproject.org/wiki/Security/Features
#8 meminfo () at sysinfo.c:537
537 strcpy(namebuf,head);
(gdb) p namebuf
$6 = "PageTables: "
(gdb) p head
$7 = 0x60a808 "PageTables"
I still have kst open in gdb at this point, so let me know if I can
provide any more info. I have a core dump, but it's 132MB.
Michael
More information about the Kst
mailing list