[Bug 672325] Re: tftp assert failure: * buffer overflow detected *: tftp terminated

Carl Karsten Sun, 07 Nov 2010 15:50:45 -0800

(gdb) run
Starting program: /usr/bin/tftp
tftp> shaz:pxelinux.cfg/default
?Invalid command
tftp> get shaz:pxelinux.cfg/default
*** buffer overflow detected ***: /usr/bin/tftp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7ffff7b58527]
/lib/libc.so.6(+0xfe3e0)[0x7ffff7b573e0]
/usr/bin/tftp[0x4013c1]
/usr/bin/tftp[0x401fad]
/usr/bin/tftp[0x402d61]
/usr/bin/tftp[0x4027ba]
/usr/bin/tftp[0x4035bf]
/lib/libc.so.6(__libc_start_main+0xfe)[0x7ffff7a77d8e]
/usr/bin/tftp[0x4012a9]
======= Memory map: ========
00400000-00405000 r-xp 00000000 08:01 9063097                            
/usr/bin/tftp
00604000-00605000 r--p 00004000 08:01 9063097                            
/usr/bin/tftp
00605000-00606000 rw-p 00005000 08:01 9063097                            
/usr/bin/tftp
00606000-00628000 rw-p 00000000 00:00 0                                  [heap]
7ffff7014000-7ffff7029000 r-xp 00000000 08:01 4587594                    
/lib/libgcc_s.so.1
7ffff7029000-7ffff7228000 ---p 00015000 08:01 4587594                    
/lib/libgcc_s.so.1
7ffff7228000-7ffff7229000 r--p 00014000 08:01 4587594                    
/lib/libgcc_s.so.1
7ffff7229000-7ffff722a000 rw-p 00015000 08:01 4587594                    
/lib/libgcc_s.so.1
7ffff722a000-7ffff7240000 r-xp 00000000 08:01 4587559                    
/lib/libresolv-2.12.1.so
7ffff7240000-7ffff743f000 ---p 00016000 08:01 4587559                    
/lib/libresolv-2.12.1.so
7ffff743f000-7ffff7440000 r--p 00015000 08:01 4587559                    
/lib/libresolv-2.12.1.so
7ffff7440000-7ffff7441000 rw-p 00016000 08:01 4587559                    
/lib/libresolv-2.12.1.so
7ffff7441000-7ffff7443000 rw-p 00000000 00:00 0
7ffff7443000-7ffff7448000 r-xp 00000000 08:01 4587552                    
/lib/libnss_dns-2.12.1.so
7ffff7448000-7ffff7647000 ---p 00005000 08:01 4587552                    
/lib/libnss_dns-2.12.1.so
7ffff7647000-7ffff7648000 r--p 00004000 08:01 4587552                    
/lib/libnss_dns-2.12.1.so
7ffff7648000-7ffff7649000 rw-p 00005000 08:01 4587552                    
/lib/libnss_dns-2.12.1.so
7ffff7649000-7ffff764b000 r-xp 00000000 08:01 4591393                    
/lib/libnss_mdns4_minimal.so.2
7ffff764b000-7ffff784a000 ---p 00002000 08:01 4591393                    
/lib/libnss_mdns4_minimal.so.2
7ffff784a000-7ffff784b000 r--p 00001000 08:01 4591393                    
/lib/libnss_mdns4_minimal.so.2
7ffff784b000-7ffff784c000 rw-p 00002000 08:01 4591393                    
/lib/libnss_mdns4_minimal.so.2
7ffff784c000-7ffff7858000 r-xp 00000000 08:01 4587553                    
/lib/libnss_files-2.12.1.so
7ffff7858000-7ffff7a57000 ---p 0000c000 08:01 4587553                    
/lib/libnss_files-2.12.1.so
7ffff7a57000-7ffff7a58000 r--p 0000b000 08:01 4587553                    
/lib/libnss_files-2.12.1.so
7ffff7a58000-7ffff7a59000 rw-p 0000c000 08:01 4587553                    
/lib/libnss_files-2.12.1.so
7ffff7a59000-7ffff7bd3000 r-xp 00000000 08:01 4587540                    
/lib/libc-2.12.1.so
7ffff7bd3000-7ffff7dd2000 ---p 0017a000 08:01 4587540                    
/lib/libc-2.12.1.so
7ffff7dd2000-7ffff7dd6000 r--p 00179000 08:01 4587540                    
/lib/libc-2.12.1.so
7ffff7dd6000-7ffff7dd7000 rw-p 0017d000 08:01 4587540                    
/lib/libc-2.12.1.so
7ffff7dd7000-7ffff7ddc000 rw-p 00000000 00:00 0
7ffff7ddc000-7ffff7dfc000 r-xp 00000000 08:01 4587536                    
/lib/ld-2.12.1.so
7ffff7fe5000-7ffff7fe8000 rw-p 00000000 00:00 0
7ffff7ff6000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 08:01 4587536                    
/lib/ld-2.12.1.so
7ffff7ffd000-7ffff7ffe000 rw-p 00021000 08:01 4587536                    
/lib/ld-2.12.1.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  
[vsyscall]


Program received signal SIGABRT, Aborted.
0x00007ffff7a8cba5 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt full
#0  0x00007ffff7a8cba5 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        pid = <value optimized out>
        selftid = <value optimized out>
#1  0x00007ffff7a906b0 in abort () at abort.c:92
        act = {__sigaction_handler = {sa_handler = 0x7fffffffd580,
            sa_sigaction = 0x7fffffffd580}, sa_mask = {__val = {
              140737488344640, 140737488348103, 13, 140737349558994, 3,
              140737488344650, 6, 140737349558998, 2, 140737488344638, 2,
              140737349550008, 1, 140737349558994, 3, 140737488344644}},
          sa_flags = 12, sa_restorer = 0x7ffff7ba22d6}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff7ac643b in __libc_message (do_abort=<value optimized out>,
    fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
        ap = {{gp_offset = 32, fp_offset = 48,
            overflow_arg_area = 0x7fffffffdf40,
            reg_save_area = 0x7fffffffde50}}
        ap_copy = {{gp_offset = 16, fp_offset = 48,
            overflow_arg_area = 0x7fffffffdf40,
            reg_save_area = 0x7fffffffde50}}
        fd = 7
        on_2 = <value optimized out>
        list = <value optimized out>
        nlist = 0
        cp = <value optimized out>
        written = false
#3  0x00007ffff7b58527 in __fortify_fail (
    msg=0x7ffff7ba2210 "buffer overflow detected") at fortify_fail.c:32
No locals.
#4  0x00007ffff7b573e0 in __chk_fail () at chk_fail.c:29
No locals.
#5  0x00000000004013c1 in strcpy (request=<value optimized out>,
    name=<value optimized out>, tp=0x605760, mode=0x6060c0 "netascii")
    at /usr/include/bits/string3.h:107
No locals.
#6  makerequest (request=<value optimized out>, name=<value optimized out>,
---Type <return> to continue, or q <return> to quit---
    tp=0x605760, mode=0x6060c0 "netascii") at tftp.c:326
        cp = 0x605762 "p"
#7  0x0000000000401fad in recvfile (fd=<value optimized out>,
    name=0x605bc9 "pxelinux.cfg/default", mode=0x6060c0 "netascii")
    at tftp.c:240
        ap = 0x605760
        dp = 0x6062e4
        size = 0
        block = 1
        n = <value optimized out>
        amount = 0
        firsttrip = 1
        file = 0x6096e0
        convert = 1
#8  0x0000000000402d61 in get (argc=2, argv=<value optimized out>)
    at main.c:546
        fd = 6
        n = <value optimized out>
        cp = 0x605bd6 "default"
        src = 0x605bc9 "pxelinux.cfg/default"
        len = <value optimized out>
#9  0x00000000004027ba in command (top=<value optimized out>) at main.c:703
        c = <value optimized out>
#10 0x00000000004035bf in main (argc=1, argv=0x7fffffffe198) at main.c:196
        top = 1
(gdb)

-- 
tftp assert failure: *** buffer overflow detected ***: tftp terminated
https://bugs.launchpad.net/bugs/672325
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 672325] Re: tftp assert failure: *** buffer overflow detected ***: tftp terminated

Reply via email to

[Bug 672325] Re: tftp assert failure: * buffer overflow detected *: tftp terminated