stack smashing attack while compiling qt on amd64

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

stack smashing attack while compiling qt on amd64

Nicolas MASSE
Hello,

I tried to compile qt-4.0.1 on my amd64 box and the build failed with :
 
for /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/examples/linguist/arrowpad/arrowpad.pro
(linux-g++-64)
/tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/bin/qmake  
-spec /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/mkspecs/linux-g++-64
-o /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/./examples/linguist/arrowpad /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/examples/linguist/arrowpad/arrowpad.pro
qmake: stack smashing attack in function virtual bool
UnixMakefileGenerator::findLibraries()()
./configure: line 3901:  1293 Aborted                 QTDIR="$outpath"
$QMAKE_EXEC

        NOTE: This platform does not support runtime library paths, using
-no-rpath.

Qt is now configured for building. Just run 'gmake'.
Once everything is built, you must run 'gmake install'.
Qt will be installed into /usr/lib64/qt4

To reconfigure, run 'gmake confclean' and 'configure'.

make: *** No rule to make target `sub-tools-all-ordered'.  Stop.

!!! ERROR: x11-libs/qt-4.0.1 failed.
!!! Function src_compile, Line 144, Exitcode 2
!!! (no error message)
!!! If you need support, post the topmost build error, NOT this status
message.

Does anyone experienced this ? Do you think this is amd64 specific ?

My make.profile : ../var/portage/profiles/hardened/amd64
My kernel : 2.6.13-hardened-r2

Best regards.

Nicolas MASSE
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: stack smashing attack while compiling qt on amd64

PaX Team
On 11 Dec 2005 at 17:09, Nicolas MASSE wrote:
> qmake: stack smashing attack in function virtual bool
> UnixMakefileGenerator::findLibraries()()
[...]
> Does anyone experienced this ? Do you think this is amd64 specific ?

is it reproducible? if yes, someone can debug it and see if it's
an application bug or that of SSP (it's known to generate bad
code for C++ apps sometimes.)

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: stack smashing attack while compiling qt on amd64

Nicolas MASSE
On Sunday 11 December 2005 20:20, [hidden email] wrote:

> On 11 Dec 2005 at 17:09, Nicolas MASSE wrote:
> > qmake: stack smashing attack in function virtual bool
> > UnixMakefileGenerator::findLibraries()()
>
> [...]
>
> > Does anyone experienced this ? Do you think this is amd64 specific ?
>
> is it reproducible? if yes, someone can debug it and see if it's
> an application bug or that of SSP (it's known to generate bad
> code for C++ apps sometimes.)

Yes, the bug is always reproductible. Should I fill a bug report ?

Since I'm an IT student, maybe can I try to debug the program, with some help
however...

Nicolas MASSE
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: stack smashing attack while compiling qt on amd64

PaX Team
On 11 Dec 2005 at 20:52, Nicolas MASSE wrote:
> Yes, the bug is always reproductible. Should I fill a bug report ?

yes, at least for tracking purposes (i doubt we'll fix it though
per se, it's either a qt or ssp bug).

> Since I'm an IT student, maybe can I try to debug the program, with some help
> however...

ok, i'll give you a few ideas then. start building qt and when it
crashes, note the last command that was executed, change to the
directory it was run from and execute this command yourself, just
to see it abort again. if that works, then you should run the
command inside gdb and when it aborts and gdb gets control back,
you can do the usual hunt for the cause (look at the stack backtrace,
stack content, set breakpoints, rerun the app, etc).

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: stack smashing attack while compiling qt on amd64

Nicolas MASSE
On Sunday 11 December 2005 21:12, [hidden email] wrote:
> On 11 Dec 2005 at 20:52, Nicolas MASSE wrote:
> > Yes, the bug is always reproductible. Should I fill a bug report ?
>
> yes, at least for tracking purposes (i doubt we'll fix it though
> per se, it's either a qt or ssp bug).
>

I filled a bug report (#115237)

Nicolas MASSE
--
[hidden email] mailing list