[GRASS-dev] Buffer overflow GRASS GIS 6.3.0

Jachym_Cepicky3 · November 14, 2008, 11:45am

hi,

I already reported problem with g.parsr in GRASS 6.3 on Ubuntu 8.10

here is another message, maybe it could help (?)

---------- Forwarded message ----------
From: Christian Braun <christian.braun@tudor.lu>
Date: 2008/11/14
Subject: Buffer overflow GRASS GIS 6.3.0
To: jachym@les-ejk.cz
Kopie: ulrich.leopold@tudor.lu

[...]

GRASS 6.3.0 (christian_lux):~ > r.mask -r in=study_area
*** buffer overflow detected ***: g.parser terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f28558]
/lib/tls/i686/cmov/libc.so.6[0xb7f26680]
/lib/tls/i686/cmov/libc.so.6[0xb7f25d68]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e9ba18]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xf4a)[0xb7e6e8da]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa7)[0xb7f25e17]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7f25d5d]
g.parser(main+0x3ac)[0x80491dc]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e44685]
g.parser[0x8048ca1]
======= Memory map: ========
08048000-0804a000 r-xp 00000000 08:02
726710 /usr/lib/grass/bin/g.parser
0804a000-0804b000 r--p 00001000 08:02
726710 /usr/lib/grass/bin/g.parser
0804b000-0804c000 rw-p 00002000 08:02
726710 /usr/lib/grass/bin/g.parser
0869c000-086bd000 rw-p 0869c000 00:00 0 [heap]
b7dcb000-b7dd8000 r-xp 00000000 08:02 979936 /lib/libgcc_s.so.1
b7dd8000-b7dd9000 r--p 0000c000 08:02 979936 /lib/libgcc_s.so.1
b7dd9000-b7dda000 rw-p 0000d000 08:02 979936 /lib/libgcc_s.so.1
b7dee000-b7e2d000 r--p 00000000 08:02
726815 /usr/lib/locale/en_US.utf8/LC_CTYPE
b7e2d000-b7e2e000 rw-p b7e2d000 00:00 0
b7e2e000-b7f86000 r-xp 00000000 08:02
996547 /lib/tls/i686/cmov/libc-2.8.90.so
b7f86000-b7f88000 r--p 00158000 08:02
996547 /lib/tls/i686/cmov/libc-2.8.90.so
b7f88000-b7f89000 rw-p 0015a000 08:02
996547 /lib/tls/i686/cmov/libc-2.8.90.so
b7f89000-b7f8c000 rw-p b7f89000 00:00 0
b7f8c000-b7fb0000 r-xp 00000000 08:02
996555 /lib/tls/i686/cmov/libm-2.8.90.so
b7fb0000-b7fb1000 r--p 00023000 08:02
996555 /lib/tls/i686/cmov/libm-2.8.90.so
b7fb1000-b7fb2000 rw-p 00024000 08:02
996555 /lib/tls/i686/cmov/libm-2.8.90.so
b7fb2000-b7fc6000 r-xp 00000000 08:02
701911 /usr/lib/libz.so.1.2.3.3
b7fc6000-b7fc8000 rw-p 00013000 08:02
701911 /usr/lib/libz.so.1.2.3.3
b7fc8000-b7fc9000 rw-p b7fc8000 00:00 0
b7fd4000-b7fd5000 r--p 00000000 08:02
726824 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
b7fd5000-b7fdc000 r--s 00000000 08:02
514352 /usr/lib/gconv/gconv-modules.cache
b7fdd000-b7fe4000 r-xp 00000000 08:02
727893 /usr/lib/grass/lib/libgrass_datetime.6.3.0.so
b7fe4000-b7fe5000 r--p 00006000 08:02
727893 /usr/lib/grass/lib/libgrass_datetime.6.3.0.so
b7fe5000-b7fe6000 rw-p 00007000 08:02
727893 /usr/lib/grass/lib/libgrass_datetime.6.3.0.so
b7fe6000-b8031000 r-xp 00000000 08:02
727906 /usr/lib/grass/lib/libgrass_gis.6.3.0.so
b8031000-b8032000 r--p 0004b000 08:02
727906 /usr/lib/grass/lib/libgrass_gis.6.3.0.so
b8032000-b8033000 rw-p 0004c000 08:02
727906 /usr/lib/grass/lib/libgrass_gis.6.3.0.so
b8033000-b803b000 rw-p b8033000 00:00 0
b803b000-b8055000 r-xp 00000000 08:02 979264 /lib/ld-2.8.90.so
b8055000-b8056000 r-xp b8055000 00:00 0 [vdso]
b8056000-b8057000 r--p 0001a000 08:02 979264 /lib/ld-2.8.90.so
b8057000-b8058000 rw-p 0001b000 08:02 979264 /lib/ld-2.8.90.so
bf842000-bf857000 rw-p bffeb000 00:00 0 [stack]
Aborted

--
Jachym Cepicky
e-mail: jachym.cepicky gmail com
URL: http://les-ejk.cz
GPG: http://www.les-ejk.cz/pgp/jachym_cepicky-gpg.pub

Glynn_Clements1 · November 14, 2008, 12:28pm

Jáchym Čepický wrote:

I already reported problem with g.parsr in GRASS 6.3 on Ubuntu 8.10

here is another message, maybe it could help (?)

I believe that this has been fixed by r34172 (7.0) and r34173 (6.4),
with the following change:

--- general/g.parser/main.c (revision 34171)
+++ general/g.parser/main.c (revision 34172)
@@ -358,7 +358,7 @@
      * to uppercase it was necessary to use uppercase variables.
      * Set both until all scripts are updated */
     for (flag = ctx.first_flag; flag; flag = flag->next_flag) {
- char buff[12];
+ char buff[16];

sprintf(buff, "GIS_FLAG_%c=%d", flag->key, flag->answer ? 1 : 0);
putenv(G_store(buff));

--
Glynn Clements <glynn@gclements.plus.com>

Jachym_Cepicky3 · November 14, 2008, 12:45pm

thanks, glynn, I'll give it a try!

jachym

2008/11/14 Glynn Clements <glynn@gclements.plus.com>:

Jáchym Čepický wrote:

I already reported problem with g.parsr in GRASS 6.3 on Ubuntu 8.10

here is another message, maybe it could help (?)

I believe that this has been fixed by r34172 (7.0) and r34173 (6.4),
with the following change:

--- general/g.parser/main.c (revision 34171)
+++ general/g.parser/main.c (revision 34172)
@@ -358,7 +358,7 @@
     * to uppercase it was necessary to use uppercase variables.
     * Set both until all scripts are updated */
    for (flag = ctx.first_flag; flag; flag = flag->next_flag) {
- char buff[12];
+ char buff[16];

       sprintf(buff, "GIS_FLAG_%c=%d", flag->key, flag->answer ? 1 : 0);
       putenv(G_store(buff));

--
Glynn Clements <glynn@gclements.plus.com>

--
Jachym Cepicky
e-mail: jachym.cepicky gmail com
URL: http://les-ejk.cz
GPG: http://www.les-ejk.cz/pgp/jachym_cepicky-gpg.pub

Jachym_Cepicky3 · November 14, 2008, 1:48pm

Hi,

2008/11/14 Ulrich Leopold <Ulrich.Leopold@tudor.lu>:

Hi Jachym,

is it possible to include grass version 6.4 in the Ubuntu 8.10
(intrepid) repositories? Or at least the grass-6.4.0-dev packages as it
seems the fix will not find its way into version 6.3 so quickly?

Or is 6.4 too unstable at the moment for production?

6.4 is not stable yet (but shall be stable sooon) and it makes no
sense to prepare packages from development snapshots.

anyway: it works! I applied the patch to grass 6.3 and it works like a
charm. I prepared fresh packages, but the upload will take time (slow
connection here), so be patient

thanks a lot, glynn!

jachym

Thx,
Ulrich

On Fri, 2008-11-14 at 13:45 +0100, Jáchym Čepický wrote:

thanks, glynn, I'll give it a try!

jachym

2008/11/14 Glynn Clements <glynn@gclements.plus.com>:
>
> Jáchym Čepický wrote:
>
>> I already reported problem with g.parsr in GRASS 6.3 on Ubuntu 8.10
>>
>> here is another message, maybe it could help (?)
>
> I believe that this has been fixed by r34172 (7.0) and r34173 (6.4),
> with the following change:
>
> --- general/g.parser/main.c (revision 34171)
> +++ general/g.parser/main.c (revision 34172)
> @@ -358,7 +358,7 @@
> * to uppercase it was necessary to use uppercase variables.
> * Set both until all scripts are updated */
> for (flag = ctx.first_flag; flag; flag = flag->next_flag) {
> - char buff[12];
> + char buff[16];
>
> sprintf(buff, "GIS_FLAG_%c=%d", flag->key, flag->answer ? 1 : 0);
> putenv(G_store(buff));
>
> --
> Glynn Clements <glynn@gclements.plus.com>
>

--
______________________________________________________________________

Ulrich Leopold

Resource Centre for Environmental Technologies, Public Research Centre
Henri Tudor, Technoport Schlassgoart, 66 rue de Luxembourg, P.O. BOX
144, L-4002 Esch-sur-Alzette, Luxembourg

tel: +352 425991 618
fax: +352 425991 601
mobile: +352 691 304813
http://www.crte.lu

Computational Bio- and Physical Geography, Institute for Biodiversity
and Ecosystem Dynamics, University of Amsterdam, Nieuwe Achtergracht
166, NL-1018WV Amsterdam, The Netherlands

http://www.science.uva.nl/ibed

--
Jachym Cepicky
e-mail: jachym.cepicky gmail com
URL: http://les-ejk.cz
GPG: http://www.les-ejk.cz/pgp/jachym_cepicky-gpg.pub

neteler · November 14, 2008, 3:34pm

2008/11/14 Glynn Clements <glynn@gclements.plus.com>:

Jáchym Čepický wrote:

I already reported problem with g.parsr in GRASS 6.3 on Ubuntu 8.10

here is another message, maybe it could help (?)

I believe that this has been fixed by r34172 (7.0) and r34173 (6.4),
with the following change:

--- general/g.parser/main.c (revision 34171)
+++ general/g.parser/main.c (revision 34172)
@@ -358,7 +358,7 @@
     * to uppercase it was necessary to use uppercase variables.
     * Set both until all scripts are updated */
    for (flag = ctx.first_flag; flag; flag = flag->next_flag) {
- char buff[12];
+ char buff[16];

       sprintf(buff, "GIS_FLAG_%c=%d", flag->key, flag->answer ? 1 : 0);
       putenv(G_store(buff));

Backported to 6.3.svn, too.

Markus

Jachym_Cepicky · November 14, 2008, 4:18pm

For those, who are impatient, because of I do not have access to
Les-ejk right now, fresh packages for Ubuntu 8.10 with GRASS 6.3, with
working WxGUI are located at

deb http://sandbox.cz/~jachym/ubuntu intrepid multiverse

this repository is only temporary, I'll upload the packages to Les-ejk
during next week.

Jachym

2008/11/14 Markus Neteler <neteler@osgeo.org>:

2008/11/14 Glynn Clements <glynn@gclements.plus.com>:

Jáchym Čepický wrote:

I already reported problem with g.parsr in GRASS 6.3 on Ubuntu 8.10

here is another message, maybe it could help (?)

I believe that this has been fixed by r34172 (7.0) and r34173 (6.4),
with the following change:

--- general/g.parser/main.c (revision 34171)
+++ general/g.parser/main.c (revision 34172)
@@ -358,7 +358,7 @@
     * to uppercase it was necessary to use uppercase variables.
     * Set both until all scripts are updated */
    for (flag = ctx.first_flag; flag; flag = flag->next_flag) {
- char buff[12];
+ char buff[16];

       sprintf(buff, "GIS_FLAG_%c=%d", flag->key, flag->answer ? 1 : 0);
       putenv(G_store(buff));

Backported to 6.3.svn, too.

Markus

--
Jachym Cepicky
e-mail: jachym.cepicky gmail com
URL: http://les-ejk.cz
GPG: http://www.les-ejk.cz/pgp/jachym_cepicky-gpg.pub

Nikos_Alexandris1 · November 14, 2008, 9:47pm

On Fri, 2008-11-14 at 17:18 +0100, Jachym Cepicky wrote:

For those, who are impatient, because of I do not have access to
Les-ejk right now, fresh packages for Ubuntu 8.10 with GRASS 6.3, with
working WxGUI are located at

deb http://sandbox.cz/~jachym/ubuntu intrepid multiverse

this repository is only temporary, I'll upload the packages to Les-ejk
during next week.

Jachym

Thank you Jachym.
Regards, Nikos