[Bug 2060538] Re: rpcdebug segfault in s390x
Erki Aas
2060538 at bugs.launchpad.net
Wed Feb 19 10:17:07 UTC 2025
aarch64 seems also affected
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/2060538
Title:
rpcdebug segfault in s390x
Status in nfs-utils package in Ubuntu:
New
Bug description:
Just running rpcdebug in noble on s390x causes a segfault. In gdb we
see:
Breakpoint 1, main (argc=1, argv=0x3ffffffa498) at rpcdebug.c:57
57 cdename = malloc(strlen(basename(argv[0])));
(gdb) n
58 if (cdename == NULL) {
(gdb) n
62 strcpy(cdename, basename(argv[0]));
(gdb) n
*** buffer overflow detected ***: terminated
It's the _FORTIFY_SOURCE=3 that is catching it, but only on s390x. Looks like an off-by-one.
From the strcpy() manpage:
strcpy()
These functions copy the string pointed to by src, into a string at the buffer pointed to by dst. The programmer is responsible for allocating a destination buffer large enough, that is, strlen(src) + 1. For the difference between the two functions, see RETURN VALUE.
Patch:
--- a/tools/rpcdebug/rpcdebug.c
+++ b/tools/rpcdebug/rpcdebug.c
@@ -54,7 +54,7 @@ main(int argc, char **argv)
char * module = NULL;
int c;
- cdename = malloc(strlen(basename(argv[0])));
+ cdename = malloc(strlen(basename(argv[0])) + 1);
if (cdename == NULL) {
fprintf(stderr, "failed in malloc\n");
exit(1);
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/2060538/+subscriptions
More information about the foundations-bugs
mailing list