Ticket #973 (closed defect: fixed)

Opened 10 years ago

Last modified 8 years ago

discuss segfault on re-adding a meeting

Reported by: geofft Owned by:
Priority: normal Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version: debathena-discuss (and friends) 10.0.15-0debathena2
Upstream bug:

Description

I saw the following on my Squeeze amd64 server:

$ catchsegv discuss
Discuss version 1.7.  Type '?' for a list of commands.

discuss:  am charon.mit.edu:/var/spool/discuss/cfs
Meeting The Cryptographic File System users list already exists.
Do you wish to delete the old one and add the new one? yes
Segmentation fault

...

Backtrace:
/lib/libc.so.6(+0x10d35a)[0x7f028384d35a]
discuss[0x40c154]
discuss[0x406b03]
discuss[0x406df5]
discuss[0x407657]
/lib/libss.so.2(+0x2eda)[0x7f0283cbbeda]
/lib/libss.so.2(ss_execute_line+0x95)[0x7f0283cbbfc5]
/lib/libss.so.2(ss_listen+0x18f)[0x7f0283cbc3ff]
discuss[0x402fb8]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f028375ec4d]
discuss[0x402a39]

This doesn't happen when re-adding, say, the debian-devel meeting.

Change History

comment:1 Changed 10 years ago by jdreed

So, uh, this has one of the longer "long names". Is it dependent on the length of the meeting name?

For maximum awesomeness, on Natty:

discuss:  am charon:/usr/spool/discuss/cfs
discuss:  am charon:/var/spool/discuss/cfs
*** buffer overflow detected ***: discuss terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffa385661d7]
/lib/x86_64-linux-gnu/libc.so.6(+0xfd0f0)[0x7ffa385650f0]
/lib/x86_64-linux-gnu/libc.so.6(+0xfc569)[0x7ffa38564569]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xd8)[0x7ffa384dcb98]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x1a12)[0x7ffa384af272]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x94)[0x7ffa38564604]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7a)[0x7ffa3856454a]
discuss[0x406e9e]
discuss[0x407134]
/lib/x86_64-linux-gnu/libss.so.2(+0x2ada)[0x7ffa38a16ada]
/lib/x86_64-linux-gnu/libss.so.2(ss_execute_line+0x95)[0x7ffa38a16c55]
/lib/x86_64-linux-gnu/libss.so.2(ss_listen+0x1a8)[0x7ffa38a16ff8]
discuss[0x402c28]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xff)[0x7ffa38486eff]
discuss[0x402889]

comment:2 Changed 10 years ago by mitchb

Is it dependent on the length of the meeting name?

I hate the world. Yes. See clients/addmtg.c:371,385
The question about whether to punt the old meeting and add the new one is being sprintf'd into a 100 character array. ... ... ... *glare*

comment:3 Changed 9 years ago by jdreed

  • Status changed from new to committed
  • Fixed in version set to debathena-discuss (and friends) 10.0.15-0debathena2

comment:4 Changed 9 years ago by jdreed

  • Status changed from committed to development

comment:5 Changed 9 years ago by jdreed

  • Status changed from development to proposed

comment:6 Changed 8 years ago by jdreed

  • Status changed from proposed to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.