Ubuntu
xfstt package

xfstt assert failure: * buffer overflow detected *: /usr/bin/xfstt terminated

Bug #433146 reported by samana@swing.be on 2009-09-19

684

This bug affects 66 people

Affects		Status	Importance	Assigned to	Milestone
	xfstt (Debian)	Fix Released	Unknown	debbugs #569316
	xfstt (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Binary package hint: xfstt

xfstt assert failure: *** buffer overflow detected **

ProblemType: Crash
Architecture: i386
AssertionMessage: *** buffer overflow detected ***: /usr/bin/xfstt terminated
CrashCounter: 1
Date: Sat Sep 19 18:42:08 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/xfstt
Package: xfstt 1.7-5
ProcCmdline: /usr/bin/xfstt --daemon --notcp
ProcEnviron: PATH=(custom, no user)
ProcVersionSignature: Ubuntu 2.6.27-14.35-generic
Signal: 6
SourcePackage: xfstt
StacktraceTop:
__kernel_vsyscall ()
raise () from /lib/tls/i686/cmov/libc.so.6
abort () from /lib/tls/i686/cmov/libc.so.6
?? () from /lib/tls/i686/cmov/libc.so.6
__fortify_fail () from /lib/tls/i686/cmov/libc.so.6
Title: xfstt assert failure: *** buffer overflow detected ***: /usr/bin/xfstt terminated
Uname: Linux 2.6.27-14-generic i686
UserGroups:

Tags:

Revision history for this message

samana@swing.be (samana) wrote on 2009-09-19:

Dependencies.txt Edit (585 bytes, text/plain; charset="utf-8")
Disassembly.txt Edit (488 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (1.8 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (710 bytes, text/plain; charset="utf-8")
Registers.txt Edit (456 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (920 bytes, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (946 bytes, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2009-09-19: Stacktrace.txt (retraced)

Stacktrace.txt (retraced) Edit (2.1 KiB, text/plain)

StacktraceTop:__kernel_vsyscall ()
*__GI_raise (sig=6)
*__GI_abort () at abort.c:92
__libc_message (do_abort=2,
*__GI___fortify_fail (

Revision history for this message

Apport retracing service (apport) wrote on 2009-09-19: ThreadStacktrace.txt (retraced)

ThreadStacktrace.txt (retraced) Edit (2.1 KiB, text/plain)

Changed in xfstt (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-i386-retrace

Kees Cook (kees) on 2009-10-17

visibility:

private → public

Brian Murray (brian-murray) on 2009-11-30

Changed in xfstt (Ubuntu):
status:	New → Confirmed

Revision history for this message

Niall Creech (sevenmachines-deactivatedaccount) wrote on 2010-02-11:

this could be
src/xfstt.cc:
strncpy(info.magic, "TTFNINFO", 8);

but,
src/xfstt.h:
typedef struct {
        char magic[4]; // == TTFN
        char type[4]; // == INFO or NAME
        u16_t version;
        u16_t key;
        u32_t crc;
        //TTFNdata ttfn[];
} TTFNheader;

so maybe,
src/xfstt.cc:
- strncpy(info.magic, "TTFNINFO", 8);
+ strncpy(info.magic, "TTFN", 4);
+ strncpy(info.type, "INFO", 4);

seems to work, does that look sane? i cant get the failure on debian so i'm not entirely sure whats going on in ubuntu specifically

Brian Murray (brian-murray) on 2010-02-11

tags:

added: patch

Revision history for this message

Niall Creech (sevenmachines-deactivatedaccount) wrote on 2010-02-11:

having said that a no change rebuild seems to fix it too, the previous patch seems to hold though, if it isnt causing this crash its still a problem. test build ppa below

xfstt (1.7-6ubuntu1~sevenmachines1) lucid; urgency=low

   * src/xfstt.cc:
    - don't copy TTFNINFO into TTFNHeader's magic variable, it should be
    broken into TTFN for magic and INFO for type (LP:#433146)

https://launchpad.net/~sevenmachines/+archive/release+1

Changed in xfstt (Ubuntu):
assignee:	nobody → SevenMachines (sevenmachines)

Revision history for this message

Niall Creech (sevenmachines-deactivatedaccount) wrote on 2010-02-11:

sorry, a bit of confusion, a no change rebuild still leaves the crash, the patch is the fix in reality

Changed in xfstt (Ubuntu):
assignee:	SevenMachines (sevenmachines) → nobody

Revision history for this message

Niall Creech (sevenmachines-deactivatedaccount) wrote on 2010-02-11:

wish i'd noticed Bug #403074 before :), i'll say a quick thanks to PCC since it is the same fix!

Revision history for this message

Niall Creech (sevenmachines-deactivatedaccount) wrote on 2010-02-11:

i'll report to debian, if its showing up there now it surely will at some point

Revision history for this message

Niall Creech (sevenmachines-deactivatedaccount) wrote on 2010-02-11:

xfstt_1.7-6ubuntu1.debdiff Edit (1.4 KiB, text/plain)

remember to update maintainer

Revision history for this message

Michael Bienia (geser) wrote on 2010-02-11:

#10

Uploaded to lucid. Thanks for your contribution.

Changed in xfstt (Ubuntu):
status:	Confirmed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2010-04-01

Changed in xfstt (Debian):
status:	Unknown → New

Bug Watch Updater (bug-watch-updater) on 2010-05-04

Changed in xfstt (Debian):
status:	New → Fix Released

Revision history for this message

rifter (rifter0x0000) wrote on 2010-10-07:

#11

Okay it says the fix is released, but in what version? I have the latest package and this still continuously happens. Further, the bug continues to exist in Lucid https://bugs.launchpad.net/ubuntu/+source/xfstt/+bug/575026

I see the patch in here, but is it going to get included in a package? I though that was what fix released meant.