Comment 8 for bug 194964

Revision history for this message
Arnaud Jeansen (ajeans) wrote : Re: Update ps3pf-utils to version 2.2.0

Here is the additional information I mentioned in my previous comment, it is a buffer overflow :( :

arnaud@arnaud-ps3:~/Documents/ps3-kboot/ps3-kboot-1.6$ sudo debuild -i -us -uc -b 1>/home/arnaud/share/stdout.log 2>/home/arnaud/share/stderr.log

*** buffer overflow detected ***: powerpc-linux-uclibc-ar terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x6c)[0xff5129c]
/lib/libc.so.6[0xff4e748]
/lib/libc.so.6(__vsprintf_chk+0x0)[0xff4d8f0]
/lib/libc.so.6(_IO_default_xsputn+0xe8)[0xfec91b8]
/lib/libc.so.6(_IO_padn+0x144)[0xfeb85a4]
/lib/libc.so.6(_IO_vfprintf+0x258c)[0xfe9a72c]
/lib/libc.so.6(__vsprintf_chk+0xb8)[0xff4d9a8]
/lib/libc.so.6(__sprintf_chk+0x68)[0xff4d8c8]
powerpc-linux-uclibc-ar[0x100098dc]
powerpc-linux-uclibc-ar[0x10007534]
powerpc-linux-uclibc-ar[0x1000a43c]
powerpc-linux-uclibc-ar[0x10013330]
powerpc-linux-uclibc-ar[0x10003770]
powerpc-linux-uclibc-ar[0x10004538]
/lib/libc.so.6[0xfe68c24]
/lib/libc.so.6[0xfe68de0]
======= Memory map: ========
00100000-00103000 r-xp 00000000 00:00 0 [vdso]
0fe26000-0fe29000 r-xp 00000000 fd:01 188868 /lib/libdl-2.9.so
0fe29000-0fe38000 ---p 00003000 fd:01 188868 /lib/libdl-2.9.so
0fe38000-0fe39000 r--p 00002000 fd:01 188868 /lib/libdl-2.9.so
0fe39000-0fe3a000 rw-p 00003000 fd:01 188868 /lib/libdl-2.9.so
0fe4a000-0ffae000 r-xp 00000000 fd:01 188864 /lib/libc-2.9.so
0ffae000-0ffbd000 ---p 00164000 fd:01 188864 /lib/libc-2.9.so
0ffbd000-0ffc1000 r--p 00163000 fd:01 188864 /lib/libc-2.9.so
0ffc1000-0ffc2000 rw-p 00167000 fd:01 188864 /lib/libc-2.9.so
0ffc2000-0ffc5000 rw-p 00000000 00:00 0
0ffd5000-0ffdf000 r-xp 00000000 fd:01 227309 /usr/lib/libfakeroot/libfakeroot-sysv.so
0ffdf000-0ffee000 ---p 0000a000 fd:01 227309 /usr/lib/libfakeroot/libfakeroot-sysv.so
0ffee000-0ffef000 r--p 00009000 fd:01 227309 /usr/lib/libfakeroot/libfakeroot-sysv.so
0ffef000-0fff0000 rw-p 0000a000 fd:01 227309 /usr/lib/libfakeroot/libfakeroot-sysv.so
10000000-10081000 r-xp 00000000 fd:01 597271 /home/arnaud/Documents/ps3-kboot/ps3-kboot-1.6/kboot-11/build/bin/powerpc-linux-uclibc-ar
10090000-10091000 r--p 00080000 fd:01 597271 /home/arnaud/Documents/ps3-kboot/ps3-kboot-1.6/kboot-11/build/bin/powerpc-linux-uclibc-ar
10091000-10092000 rw-p 00081000 fd:01 597271 /home/arnaud/Documents/ps3-kboot/ps3-kboot-1.6/kboot-11/build/bin/powerpc-linux-uclibc-ar
10092000-1039e000 rwxp 00000000 00:00 0 [heap]
40000000-4001f000 r-xp 00000000 fd:01 188860 /lib/ld-2.9.so
4001f000-40022000 rw-p 00000000 00:00 0
40022000-40023000 r--p 00000000 fd:01 585523 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
40023000-4002a000 r--s 00000000 fd:01 559775 /usr/lib/gconv/gconv-modules.cache
4002a000-4002f000 rw-p 00000000 00:00 0
4002f000-40030000 r--p 0001f000 fd:01 188860 /lib/ld-2.9.so
40030000-40031000 rw-p 00020000 fd:01 188860 /lib/ld-2.9.so
40031000-40070000 r--p 00000000 fd:01 578140 /usr/lib/locale/en_US.utf8/LC_CTYPE
40070000-40075000 rw-p 00000000 00:00 0
ffe18000-ffe2f000 rw-p 00000000 00:00 0 [stack]

Note that this was done with the latest karmic.

Is this problem related to the new FORTIFY option that was made a default recently?
Is there a way for me to try another build with FORTIFY backed out? I don't think there is too much security risk for a PS3 bootloader...

Any ideas / suggestions welcome.