cuneiform team mailing list archive
-
cuneiform team
-
Mailing list archive
-
Message #00615
[Bug 609482] [NEW] Buffer overflow with gcc optimization -O1 or higher
Public bug reported:
If cuneiform-linux 1.0.0 is compiled with gcc (Gentoo 4.4.4-r1 p1.0,
pie-0.4.5) 4.4.4 using CFLAGS/CXXFLAGS -march=athlon64-sse3 -O1 -pipe
(or -O2) there is a buffer overflow problem with the attached file which
contains two columns with the first column in german and the second one
in english, if cuneiform is invoked with "-l ger". If this option is
omitted, then there is no overflow.
Cuneiform for Linux 1.0.0
*** buffer overflow detected ***: cuneiform terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f1ce0e1f197]
/lib/libc.so.6(+0xe4ff0)[0x7f1ce0e1cff0]
/usr/lib/libfon32.so.1.0.0(+0x1f191)[0x7f1ce31ac191]
/usr/lib/libfon32.so.1.0.0(+0x1f77c)[0x7f1ce31ac77c]
/usr/lib/libfon32.so.1.0.0(FONRecog2Glue+0x19a)[0x7f1ce319c9cd]
/usr/lib/libpass2.so.1.0.0(+0x7130)[0x7f1ce3c8e130]
/usr/lib/libpass2.so.1.0.0(+0x743b)[0x7f1ce3c8e43b]
/usr/lib/libpass2.so.1.0.0(+0x9503)[0x7f1ce3c90503]
/usr/lib/libpass2.so.1.0.0(p2_proc+0x8fd)[0x7f1ce3c917a9]
/usr/lib/librstr.so.1.0.0(+0x8b51b)[0x7f1ce435d51b]
/usr/lib/librstr.so.1.0.0(RSTRRecognizeMain+0x376)[0x7f1ce436e2d3]
/usr/lib/librstr.so.1.0.0(RSTRRecognize+0x19)[0x7f1ce436eb66]
/usr/lib/librstr.so.1.0.0(RSTR_Recog+0x9)[0x7f1ce436eba2]
/usr/lib/libcuneiform.so.1.0.0(+0xd43c)[0x7f1ce7e6343c]
/usr/lib/libcuneiform.so.1.0.0(PUMA_XFinalRecognition+0x9b)[0x7f1ce7e64620]
cuneiform[0x4048dd]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f1ce0d56bbd]
cuneiform[0x4035f9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 09:02 1818430 /usr/bin/cuneiform
00605000-00606000 r--p 00005000 09:02 1818430 /usr/bin/cuneiform
00606000-00607000 rw-p 00006000 09:02 1818430 /usr/bin/cuneiform
01f46000-03113000 rw-p 00000000 00:00 0 [heap]
7f1cd76df000-7f1cd76e3000 r-xp 00000000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd76e3000-7f1cd78e2000 ---p 00004000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd78e2000-7f1cd78e3000 r--p 00003000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd78e3000-7f1cd78e4000 rw-p 00004000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd78e4000-7f1cd78e5000 ---p 00000000 00:00 0
7f1cd78e5000-7f1cd80e5000 rw-p 00000000 00:00 0
7f1cdd351000-7f1cdd793000 rw-p 00000000 00:00 0
7f1cdd793000-7f1cdd7b8000 r-xp 00000000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd7b8000-7f1cdd9b7000 ---p 00025000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd9b7000-7f1cdd9b8000 r--p 00024000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd9b8000-7f1cdd9b9000 rw-p 00025000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd9b9000-7f1cdd9d6000 r-xp 00000000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cdd9d6000-7f1cddbd5000 ---p 0001d000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cddbd5000-7f1cddbd6000 r--p 0001c000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cddbd6000-7f1cddbd7000 rw-p 0001d000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cddbd7000-7f1cddbdf000 r-xp 00000000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cddbdf000-7f1cdddde000 ---p 00008000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cdddde000-7f1cddddf000 r--p 00007000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cddddf000-7f1cddde0000 rw-p 00008000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cddde0000-7f1cddded000 r-xp 00000000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddded000-7f1cddfec000 ---p 0000d000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddfec000-7f1cddfed000 r--p 0000c000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddfed000-7f1cddfee000 rw-p 0000d000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddfee000-7f1cddff3000 r-xp 00000000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cddff3000-7f1cde1f2000 ---p 00005000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cde1f2000-7f1cde1f3000 r--p 00004000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cde1f3000-7f1cde1f4000 rw-p 00005000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cde1f4000-7f1cde1f6000 r-xp 00000000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde1f6000-7f1cde3f6000 ---p 00002000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde3f6000-7f1cde3f7000 r--p 00002000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde3f7000-7f1cde3f8000 rw-p 00003000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde3f8000-7f1cde415000 r-xp 00000000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde415000-7f1cde614000 ---p 0001d000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde614000-7f1cde615000 r--p 0001c000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde615000-7f1cde616000 rw-p 0001d000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde616000-7f1cde74a000 r-xp 00000000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde74a000-7f1cde94a000 ---p 00134000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde94a000-7f1cde94b000 r--p 00134000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde94b000-7f1cde950000 rw-p 00135000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde950000-7f1cde968000 r-xp 00000000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cde968000-7f1cdeb67000 ---p 00018000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cdeb67000-7f1cdeb68000 r--p 00017000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cdeb68000-7f1cdeb69000 rw-p 00018000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cdeb69000-7f1cdeb6d000 rw-p 00000000 00:00 0
7f1cdeb6d000-7f1cdeb71000 r-xp 00000000 09:02 100799751 /lib64/libuuid.so.1.3.0
7f1cdeb71000-7f1cded70000 ---p 00004000 09:02 100799751 /lib64/libuuid.so.1.3.0
7f1cded70000-7f1cded71000 r--p 00003000 09:02 100799751 /lib64/libuuid.so.1.3.0
7f1cded71000-7f1cded72000 rw-p 00004000 09:02 100799751 /lib64/libuuid.so.1.3.0Abgebrochen
** Affects: cuneiform-linux
Importance: Undecided
Status: New
--
Buffer overflow with gcc optimization -O1 or higher
https://bugs.launchpad.net/bugs/609482
You received this bug notification because you are a member of Cuneiform
Linux, which is the registrant for Cuneiform for Linux.
Status in Linux port of Cuneiform: New
Bug description:
If cuneiform-linux 1.0.0 is compiled with gcc (Gentoo 4.4.4-r1 p1.0, pie-0.4.5) 4.4.4 using CFLAGS/CXXFLAGS -march=athlon64-sse3 -O1 -pipe (or -O2) there is a buffer overflow problem with the attached file which contains two columns with the first column in german and the second one in english, if cuneiform is invoked with "-l ger". If this option is omitted, then there is no overflow.
Cuneiform for Linux 1.0.0
*** buffer overflow detected ***: cuneiform terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f1ce0e1f197]
/lib/libc.so.6(+0xe4ff0)[0x7f1ce0e1cff0]
/usr/lib/libfon32.so.1.0.0(+0x1f191)[0x7f1ce31ac191]
/usr/lib/libfon32.so.1.0.0(+0x1f77c)[0x7f1ce31ac77c]
/usr/lib/libfon32.so.1.0.0(FONRecog2Glue+0x19a)[0x7f1ce319c9cd]
/usr/lib/libpass2.so.1.0.0(+0x7130)[0x7f1ce3c8e130]
/usr/lib/libpass2.so.1.0.0(+0x743b)[0x7f1ce3c8e43b]
/usr/lib/libpass2.so.1.0.0(+0x9503)[0x7f1ce3c90503]
/usr/lib/libpass2.so.1.0.0(p2_proc+0x8fd)[0x7f1ce3c917a9]
/usr/lib/librstr.so.1.0.0(+0x8b51b)[0x7f1ce435d51b]
/usr/lib/librstr.so.1.0.0(RSTRRecognizeMain+0x376)[0x7f1ce436e2d3]
/usr/lib/librstr.so.1.0.0(RSTRRecognize+0x19)[0x7f1ce436eb66]
/usr/lib/librstr.so.1.0.0(RSTR_Recog+0x9)[0x7f1ce436eba2]
/usr/lib/libcuneiform.so.1.0.0(+0xd43c)[0x7f1ce7e6343c]
/usr/lib/libcuneiform.so.1.0.0(PUMA_XFinalRecognition+0x9b)[0x7f1ce7e64620]
cuneiform[0x4048dd]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f1ce0d56bbd]
cuneiform[0x4035f9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 09:02 1818430 /usr/bin/cuneiform
00605000-00606000 r--p 00005000 09:02 1818430 /usr/bin/cuneiform
00606000-00607000 rw-p 00006000 09:02 1818430 /usr/bin/cuneiform
01f46000-03113000 rw-p 00000000 00:00 0 [heap]
7f1cd76df000-7f1cd76e3000 r-xp 00000000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd76e3000-7f1cd78e2000 ---p 00004000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd78e2000-7f1cd78e3000 r--p 00003000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd78e3000-7f1cd78e4000 rw-p 00004000 09:02 102891675 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/dib.so
7f1cd78e4000-7f1cd78e5000 ---p 00000000 00:00 0
7f1cd78e5000-7f1cd80e5000 rw-p 00000000 00:00 0
7f1cdd351000-7f1cdd793000 rw-p 00000000 00:00 0
7f1cdd793000-7f1cdd7b8000 r-xp 00000000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd7b8000-7f1cdd9b7000 ---p 00025000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd9b7000-7f1cdd9b8000 r--p 00024000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd9b8000-7f1cdd9b9000 rw-p 00025000 09:02 67634962 /usr/lib64/libpng14.so.14.3.0
7f1cdd9b9000-7f1cdd9d6000 r-xp 00000000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cdd9d6000-7f1cddbd5000 ---p 0001d000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cddbd5000-7f1cddbd6000 r--p 0001c000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cddbd6000-7f1cddbd7000 rw-p 0001d000 09:02 103217233 /usr/lib64/ImageMagick-6.6.2/modules-Q16/coders/png.so
7f1cddbd7000-7f1cddbdf000 r-xp 00000000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cddbdf000-7f1cdddde000 ---p 00008000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cdddde000-7f1cddddf000 r--p 00007000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cddddf000-7f1cddde0000 rw-p 00008000 09:02 101492218 /lib64/librt-2.11.2.so
7f1cddde0000-7f1cddded000 r-xp 00000000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddded000-7f1cddfec000 ---p 0000d000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddfec000-7f1cddfed000 r--p 0000c000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddfed000-7f1cddfee000 rw-p 0000d000 09:02 100750932 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.4/libgomp.so.1.0.0
7f1cddfee000-7f1cddff3000 r-xp 00000000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cddff3000-7f1cde1f2000 ---p 00005000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cde1f2000-7f1cde1f3000 r--p 00004000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cde1f3000-7f1cde1f4000 rw-p 00005000 09:02 35733947 /usr/lib64/libXdmcp.so.6.0.0
7f1cde1f4000-7f1cde1f6000 r-xp 00000000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde1f6000-7f1cde3f6000 ---p 00002000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde3f6000-7f1cde3f7000 r--p 00002000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde3f7000-7f1cde3f8000 rw-p 00003000 09:02 33698285 /usr/lib64/libXau.so.6.0.0
7f1cde3f8000-7f1cde415000 r-xp 00000000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde415000-7f1cde614000 ---p 0001d000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde614000-7f1cde615000 r--p 0001c000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde615000-7f1cde616000 rw-p 0001d000 09:02 33631687 /usr/lib64/libxcb.so.1.1.0
7f1cde616000-7f1cde74a000 r-xp 00000000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde74a000-7f1cde94a000 ---p 00134000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde94a000-7f1cde94b000 r--p 00134000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde94b000-7f1cde950000 rw-p 00135000 09:02 68372758 /usr/lib64/libX11.so.6.3.0
7f1cde950000-7f1cde968000 r-xp 00000000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cde968000-7f1cdeb67000 ---p 00018000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cdeb67000-7f1cdeb68000 r--p 00017000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cdeb68000-7f1cdeb69000 rw-p 00018000 09:02 36300569 /usr/lib64/libICE.so.6.3.0
7f1cdeb69000-7f1cdeb6d000 rw-p 00000000 00:00 0
7f1cdeb6d000-7f1cdeb71000 r-xp 00000000 09:02 100799751 /lib64/libuuid.so.1.3.0
7f1cdeb71000-7f1cded70000 ---p 00004000 09:02 100799751 /lib64/libuuid.so.1.3.0
7f1cded70000-7f1cded71000 r--p 00003000 09:02 100799751 /lib64/libuuid.so.1.3.0
7f1cded71000-7f1cded72000 rw-p 00004000 09:02 100799751 /lib64/libuuid.so.1.3.0Abgebrochen
Follow ups
References
