[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#454212: megahal segfaults as soon as it's launched

Niko Tyni wrote:
Confirmed using etch i386 (though an amd64 processor). Attached output
of megahal and strace.

The attached patch fixes a stack corruption issue on 64-bit architectures
(reading 8 bytes into a 4-byte buffer) and an off-by-one sprintf overflow
in the error and status file name initialization code.

The stack corruption makes megahal reliably crash for me on amd64 every
time it tries to load a saved dictionary.

However, the original problem is on i386 and happens earlier in the
initialization code. I can't reproduce it myself, but I think it might
well be caused by the sprintf overflow. Note that Neil's strace in



 open("/home/nmcgovern/.megahal/megahal.logi", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3


-rw-r--r--  1 nmcgovern users  380 2007-12-19 11:37 megahal.logi?

while the intended filename is "megahal.log". So there's definitely at
least some corruption happening here.

Could somebody (Neil?) try if the bug persists with this patch?

Confirmed that this patch fixes the issue, at least on the version in Etch.

This issue probably qualifies for a stable point update (-release in cc). I can prepare a package if you want.

Neil McGovern
SQA - Amino Communications

Reply to: