registry team mailing list archive

Thread
Date

[Bug 614240] Re: libglib2.0-0 2.25.12-1ubuntu1 failed to install: * buffer overflow detected *: /usr/lib/glib-2.0/gio-querymodules terminated

To: registry@xxxxxxxxxxxxxxxxxxx
From: Robert Ancell <robert.ancell@xxxxxxxxxxxxx>
Date: Fri, 06 Aug 2010 07:41:40 -0000
Reply-to: Bug 614240 <614240@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Occurs on i386, not amd64.  Buildlog shows:

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I/build/buildd/glib2.0-2.25.12/gobject -I.. -DG_LOG_DOMAIN=\"GLib-GObject\" -I/build/buildd/glib2.0-2.25.12 -I/build/buildd/glib2.0-2.25.12/glib -I.. -DG_ENABLE_DEBUG -DG_THREADS_MANDATORY -DG_DISABLE_DEPRECATED -DGOBJECT_COMPILATION -DG_DISABLE_CONST_RETURNS -DG_DISABLE_SINGLE_INCLUDES -pthread -g -O2 -Wall -g -O2 -MT gtype.lo -MD -MP -MF .deps/gtype.Tpo -c /build/buildd/glib2.0-2.25.12/gobject/gtype.c  -fPIC -DPIC -o .libs/gtype.o
In file included from //usr/include/string.h:642,
                 from /build/buildd/glib2.0-2.25.12/gobject/gsignal.c:29:
In function 'memset',
    inlined from 'g_bsearch_array_create' at /build/buildd/glib2.0-2.25.12/glib/gbsearcharray.h:137,
    inlined from 'g_signal_init' at /build/buildd/glib2.0-2.25.12/gobject/gsignal.c:775:
//usr/include/bits/string3.h:86: warning: call to __builtin___memset_chk will always overflow destination buffer

(http://launchpadlibrarian.net/53144885/buildlog_ubuntu-
maverick-i386.glib2.0_2.25.12-1ubuntu1_FULLYBUILT.txt.gz)

Function in question:
/* --- implementation --- */
/* helper macro to cut down realloc()s */
#ifdef  DISABLE_MEM_POOLS
#define G_BSEARCH_UPPER_POWER2(n)       (n)
#else   /* !DISABLE_MEM_POOLS */
#define G_BSEARCH_UPPER_POWER2(n)       ((n) ? 1 << g_bit_storage ((n) - 1) : 0)
#endif  /* !DISABLE_MEM_POOLS */
#define G_BSEARCH_ARRAY_NODES(barray)    (((guint8*) (barray)) + sizeof (GBSearchArray))
static inline GBSearchArray*
g_bsearch_array_create (const GBSearchConfig *bconfig)
{
  GBSearchArray *barray;
  guint size;

  g_return_val_if_fail (bconfig != NULL, NULL);

  size = sizeof (GBSearchArray) + bconfig->sizeof_node;
  if (bconfig->flags & G_BSEARCH_ARRAY_ALIGN_POWER2)
    size = G_BSEARCH_UPPER_POWER2 (size);
  barray = (GBSearchArray *) g_malloc (size);
  memset (barray, 0, sizeof (GBSearchArray));

  return barray;
}

Looks safe, trying patch now that replaces g_malloc/memset with
g_malloc0

-- 
libglib2.0-0 2.25.12-1ubuntu1 failed to install: *** buffer overflow detected ***: /usr/lib/glib-2.0/gio-querymodules terminated
https://bugs.launchpad.net/bugs/614240
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.

References

[Bug 614240] [NEW] libglib2.0-0 2.25.12-1ubuntu1 failed to install: *** buffer overflow detected ***: /usr/lib/glib-2.0/gio-querymodules terminated
From: Anders Kaseorg, 2010-08-06

registry team mailing list archive

[Bug 614240] Re: libglib2.0-0 2.25.12-1ubuntu1 failed to install: *** buffer overflow detected ***: /usr/lib/glib-2.0/gio-querymodules terminated

References

[Bug 614240] Re: libglib2.0-0 2.25.12-1ubuntu1 failed to install: * buffer overflow detected *: /usr/lib/glib-2.0/gio-querymodules terminated