tar segfaults (busybox 1.8.1)

Alexander Griesser alexander.griesser at lkh-vil.or.at
Fri Nov 16 07:43:32 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Denys Vlasenko wrote:
> Wow. I didn't know that glibc has buffer overrun protection.

Me neither ;)

> I failed to reproduce it here. Can you send your .config,
> files you compress (a,s,d) and
> 
> strace -o tar.log ./busybox tar cf test.tar a s d
> 
> log?

Of course.
a s d are three empty files (they were just `touch`ed), but it doesn't
matter if they have content or not, I just tried that out.

Create the files a, s and d
- ----------------------------
tuxx at vi-edv003:~/busybox/busybox-1.8.1$ touch a s d

Run tar with strace
- --------------------
tuxx at vi-edv003:~/busybox/busybox-1.8.1$ strace -f -o /tmp/tar.log ./busy
busybox                 busybox_unstripped      busybox_unstripped.map
busybox_unstripped.out
tuxx at vi-edv003:~/busybox/busybox-1.8.1$ strace -f -o /tmp/tar.log
./busybox tar cf test.tar a s d
*** buffer overflow detected ***: ./busybox terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x44)[0xb7e56dd4]
/lib/libc.so.6(__strcpy_chk+0x49)[0xb7e56249]
./busybox[0x80711ca]
[0x805]
======= Memory map: ========
08048000-08099000 r-xp 00000000 08:05 2064849
/home/tuxx/busybox/busybox-1.8.1/busybox
08099000-0809a000 rw-p 00050000 08:05 2064849
/home/tuxx/busybox/busybox-1.8.1/busybox
0809a000-080be000 rw-p 0809a000 00:00 0          [heap]
b7d62000-b7d6c000 r-xp 00000000 08:01 505102     /lib/libgcc_s.so.1
b7d6c000-b7d6d000 rw-p 00009000 08:01 505102     /lib/libgcc_s.so.1
b7d6d000-b7d6f000 rw-p b7d6d000 00:00 0
b7d6f000-b7eb1000 r-xp 00000000 08:01 505133     /lib/libc-2.6.1.so
b7eb1000-b7eb2000 r--p 00142000 08:01 505133     /lib/libc-2.6.1.so
b7eb2000-b7eb4000 rw-p 00143000 08:01 505133     /lib/libc-2.6.1.so
b7eb4000-b7eb7000 rw-p b7eb4000 00:00 0
b7eb7000-b7edb000 r-xp 00000000 08:01 505284     /lib/libm-2.6.1.so
b7edb000-b7edd000 rw-p 00023000 08:01 505284     /lib/libm-2.6.1.so
b7edd000-b7ee2000 r-xp 00000000 08:01 505269     /lib/libcrypt-2.6.1.so
b7ee2000-b7ee4000 rw-p 00004000 08:01 505269     /lib/libcrypt-2.6.1.so
b7ee4000-b7f0b000 rw-p b7ee4000 00:00 0
b7f2a000-b7f2c000 rw-p b7f2a000 00:00 0
b7f2c000-b7f48000 r-xp 00000000 08:01 505053     /lib/ld-2.6.1.so
b7f48000-b7f4a000 rw-p 0001b000 08:01 505053     /lib/ld-2.6.1.so
bfe65000-bfe7a000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
tuxx at vi-edv003:~/busybox/busybox-1.8.1$


tar.log and .config are attached.

Thanks in advance,
- --
Alexander Griesser (Netzwerkadministration)
E-Mail: alexander.griesser at lkh-vil.or.at | Web: http://www.lkh-vil.or.at
KABEG LKH Villach | Nikolaigasse 43 | 9500 Villach
Tel.:   +43 4242 208 3061 | Fax.:   +43 4242 971 3061
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHPUok66HVD6KUm1oRAmsgAJwJDXRRI5W+xN2Z4sHtMqYlRt+7OwCfUq3F
8rXjix9Y2lVZHH/YGJejA3E=
=6LhN
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: config
Url: http://lists.busybox.net/pipermail/busybox/attachments/20071116/8d3be50b/attachment-0002.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tar.log
Type: text/x-log
Size: 6308 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20071116/8d3be50b/attachment-0002.bin 


More information about the busybox mailing list