segv analyzer does not notice stack pointer leaving stack VMA
Bug #531672 reported by
Kees Cook
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apport (Ubuntu) |
Fix Released
|
Low
|
Kees Cook | ||
| Lucid |
Fix Released
|
Low
|
Kees Cook | ||
Bug Description
Binary package hint: apport
Program terminated with signal 11, Segmentation fault.
#0 0x00000000004004e0 in again ()
(gdb) info reg pc
pc: 0x4004e0
(gdb) x/1i $pc
0x4004e0 <again+28>: callq 0x4004c4 <again>
(gdb) info reg rsp
rsp 0x7fff95b34000 0x7fff95b34000
In the case that rsp is outside the stack VMA, "call" will fail. "push", and "pop" were already checked, but not "call" or "ret".
| Changed in apport (Ubuntu Lucid): | |
| importance: | Undecided → Low |
| assignee: | nobody → Kees Cook (kees) |
| milestone: | none → ubuntu-10.04-beta-1 |
| status: | New → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in apport (Ubuntu Lucid): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package apport - 1.12.1-0ubuntu3
---------------
apport (1.12.1-0ubuntu3) lucid; urgency=low
* data/general-
that check the stack pointer for VMA sanity (LP: #531672), backport of
upstream commit 1715.
-- Kees Cook <email address hidden> Wed, 03 Mar 2010 18:07:46 -0800