fwts: stack smashing detected on 32 bit system

Bug #1461520 reported by dino99
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fwts (Ubuntu)
Fix Released
High
Colin Ian King

Bug Description

Testing the newest Wily fwts package from a terminal:

sudo fwts -f -r fwts0615.log
[sudo] password for oem:
Running 44 tests, results appended to fwts0615.log
Test: Gather kernel system information.
  Gather kernel signature. 1 info only
  Gather kernel system information. 1 info only
  Gather kernel boot command line. 1 info only
  Gather ACPI driver version. 1 info only
Test: Gather BIOS DMI information.
  Gather BIOS DMI information 1 info only
Test: Scan kernel log for Oopses.
  Kernel log oops check. 2 passed
Test: Scan kernel log for errors and warnings.
  Kernel log error check. 3 failed
Test: MTRR tests.
  Validate the kernel MTRR IOMEM setup. 1 passed
*** stack smashing detected ***: fwts terminated

Apport fails to report that issue: does not open the chromium launchpad report page, so i join the crash file
---
ApportVersion: 2.17.3-0ubuntu3
Architecture: i386
CurrentDesktop: GNOME
DistroRelease: Ubuntu 15.10
NonfreeKernelModules: nvidia
Package: fwts 15.06.00-0ubuntu1
PackageArchitecture: i386
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Tags: wily package-from-proposed
Uname: Linux 3.19.0-20-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True

Related branches

Revision history for this message
dino99 (9d9) wrote :
tags: added: apport-collected package-from-proposed wily
description: updated
Revision history for this message
dino99 (9d9) wrote : Dependencies.txt

apport information

Revision history for this message
dino99 (9d9) wrote : JournalErrors.txt

apport information

Revision history for this message
dino99 (9d9) wrote : ProcEnviron.txt

apport information

Revision history for this message
Colin Ian King (colin-king) wrote : Re: stack smashing detected

The crash occurred while parsing the kernel log, so it would be useful if I could get a copy of that.

Can you attach the output from:

dmesg > dmesg.log

and also the /var/log/syslog

Thanks

Changed in fwts (Ubuntu):
status: New → Incomplete
importance: Undecided → High
assignee: nobody → Colin Ian King (colin-king)
Revision history for this message
dino99 (9d9) wrote :

Here is dmesg & syslog; thanks for the quick reply

Revision history for this message
dino99 (9d9) wrote :
Changed in fwts (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Colin Ian King (colin-king) wrote :

Can you also add the output to /proc/mtrr to the bug report too. Thanks!

Revision history for this message
Colin Ian King (colin-king) wrote :

Actually, I've now figured out the bug and can reproduce it on a 32 bit system. The regular expression engine used the the fwts klog scanner was using a vector of size 1, when the size should be a multiple of 3 ints, so this was causing the pcre regex execution to trash the end of the stack and hence cause this bug.

Changed in fwts (Ubuntu):
status: Confirmed → Fix Committed
status: Fix Committed → In Progress
summary: - stack smashing detected
+ fwts: stack smashing detected on 32 bit system
Revision history for this message
dino99 (9d9) wrote :

hm /proc/mtrr seems empty (0 byte) into nautilus , and when 'cat' is used. But double-clicking on that file is showing:

reg00: base=0x000000000 ( 0MB), size= 2048MB, count=1: write-back
reg01: base=0x080000000 ( 2048MB), size= 1024MB, count=1: write-back
reg02: base=0x100000000 ( 4096MB), size= 1024MB, count=1: write-back

Revision history for this message
Colin Ian King (colin-king) wrote :

Fix sent to mailing list for inclusion into the next release of fwts

https://lists.ubuntu.com/archives/fwts-devel/2015-June/006209.html

Revision history for this message
Colin Ian King (colin-king) wrote :

Aside note, /proc/mttr is not readable in nautilus probably because it does stat() on the file and gets zero bytes (which is what /proc/mttr returns), where as cat just reads the data and ignores the bogus stat size.

Revision history for this message
Colin Ian King (colin-king) wrote :
Changed in fwts (Ubuntu):
status: In Progress → Fix Committed
Changed in fwts (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.