btscanner crashes on try using "brute force scan"

Bug #311253 reported by Jorge Pereira
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
btscanner (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: btscanner

Always that using the btscanner and try the shortcut "b" (brute force scan) i receive the crash message.

------------- init message
*** buffer overflow detected ***: /usr/bin/btscanner terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f237c3b2887]
/lib/libc.so.6[0x7f237c3b0750]
/usr/bin/btscanner[0x407ddd]
/usr/bin/btscanner[0x408395]
/usr/bin/btscanner[0x4044d8]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f237c2d1466]
/usr/bin/btscanner[0x403d99]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 08:02 444669 /usr/bin/btscanner
0060e000-0060f000 r--p 0000e000 08:02 444669 /usr/bin/btscanner
0060f000-00610000 rw-p 0000f000 08:02 444669 /usr/bin/btscanner
00610000-00611000 rw-p 00610000 00:00 0
0228c000-0238e000 rw-p 0228c000 00:00 0 [heap]
7f237b9fa000-7f237ba10000 r-xp 00000000 08:02 557297 /lib/libgcc_s.so.1
7f237ba10000-7f237bc10000 ---p 00016000 08:02 557297 /lib/libgcc_s.so.1
7f237bc10000-7f237bc11000 r--p 00016000 08:02 557297 /lib/libgcc_s.so.1
7f237bc11000-7f237bc12000 rw-p 00017000 08:02 557297 /lib/libgcc_s.so.1
7f237bc12000-7f237bc96000 r-xp 00000000 08:02 556041 /lib/libm-2.8.90.so
7f237bc96000-7f237be95000 ---p 00084000 08:02 556041 /lib/libm-2.8.90.so
7f237be95000-7f237be96000 r--p 00083000 08:02 556041 /lib/libm-2.8.90.so
7f237be96000-7f237be97000 rw-p 00084000 08:02 556041 /lib/libm-2.8.90.so
7f237be97000-7f237beae000 r-xp 00000000 08:02 444009 /usr/lib/libz.so.1.2.3.3
7f237beae000-7f237c0ad000 ---p 00017000 08:02 444009 /usr/lib/libz.so.1.2.3.3
7f237c0ad000-7f237c0af000 rw-p 00016000 08:02 444009 /usr/lib/libz.so.1.2.3.3
7f237c0af000-7f237c0b1000 r-xp 00000000 08:02 556021 /lib/libdl-2.8.90.so
7f237c0b1000-7f237c2b1000 ---p 00002000 08:02 556021 /lib/libdl-2.8.90.so
7f237c2b1000-7f237c2b2000 r--p 00002000 08:02 556021 /lib/libdl-2.8.90.so
7f237c2b2000-7f237c2b3000 rw-p 00003000 08:02 556021 /lib/libdl-2.8.90.so
7f237c2b3000-7f237c41c000 r-xp 00000000 08:02 556006 /lib/libc-2.8.90.so
7f237c41c000-7f237c61b000 ---p 00169000 08:02 556006 /lib/libc-2.8.90.so
7f237c61b000-7f237c61f000 r--p 00168000 08:02 556006 /lib/libc-2.8.90.so
7f237c61f000-7f237c620000 rw-p 0016c000 08:02 556006 /lib/libc-2.8.90.so
7f237c620000-7f237c625000 rw-p 7f237c620000 00:00 0
7f237c625000-7f237c65c000 r-xp 00000000 08:02 556045 /lib/libncurses.so.5.6
7f237c65c000-7f237c85b000 ---p 00037000 08:02 556045 /lib/libncurses.so.5.6
7f237c85b000-7f237c860000 rw-p 00036000 08:02 556045 /lib/libncurses.so.5.6
7f237c860000-7f237c867000 r-xp 00000000 08:02 443676 /usr/lib/libmenu.so.5.6
7f237c867000-7f237ca66000 ---p 00007000 08:02 443676 /usr/lib/libmenu.so.5.6
7f237ca66000-7f237ca67000 rw-p 00006000 08:02 443676 /usr/lib/libmenu.so.5.6
7f237ca67000-7f237ca74000 r-xp 00000000 08:02 443318 /usr/lib/libform.so.5.6
7f237ca74000-7f237cc74000 ---p 0000d000 08:02 443318 /usr/lib/libform.so.5.6
7f237cc74000-7f237cc75000 rw-p 0000d000 08:02 443318 /usr/lib/libform.so.5.6
7f237cc75000-7f237cc8e000 r-xp 00000000 08:02 441533 /usr/lib/libbluetooth.so.3.0.2
7f237cc8e000-7f237ce8d000 ---p 00019000 08:02 441533 /usr/lib/libbluetooth.so.3.0.2
7f237ce8d000-7f237ce8e000 r--p 00018000 08:02 441533 /usr/lib/libbluetooth.so.3.0.2
7f237ce8e000-7f237ce90000 rw-p 00019000 08:02 441533 /usr/lib/libbluetooth.so.3.0.2
7f237ce90000-7f237cea7000 r-xp 00000000 08:02 556084 /lib/libpthread-2.8.90.so
7f237cea7000-7f237d0a6000 ---p 00017000 08:02 556084 Aborted
------------- end message

[jpereira@jiraya btscanner-2.1]$ lsb_release -rd
Description: Ubuntu 8.10
Release: 8.10
[jpereira@jiraya btscanner-2.1]$ apt-cache show btscanner
Package: btscanner
Priority: optional
Section: universe/net
Installed-Size: 432
Maintainer: Ubuntu MOTU Developers <email address hidden>
Original-Maintainer: Uwe Hermann <email address hidden>
Architecture: amd64
Version: 2.1-3ubuntu1
Depends: libbluetooth3 (>= 4.9), libc6 (>= 2.4), libncurses5 (>= 5.6+20071006-3), libxml2 (>= 2.6.27)
Filename: pool/universe/b/btscanner/btscanner_2.1-3ubuntu1_amd64.deb
Size: 131320
MD5sum: 8f7980f2ff93d06135bcd3d161d79c62
SHA1: f21da1d8e5aa068764a0817307810716c90f5bc2
SHA256: 56d6aed537802619dc3a3359b7b60aec123a6ddc66fd16c276a76ca350477f08
Description: ncurses-based scanner for Bluetooth devices
 btscanner is a tool designed specifically to extract as much information
 as possible from a Bluetooth device without the requirement to pair. A
 detailed information screen extracts HCI and SDP information, and
 maintains an open connection to monitor the RSSI and link quality.
 btscanner is based on the BlueZ Bluetooth stack, which is included with
 recent Linux kernels, and the BlueZ toolset. btscanner also contains a
 complete listing of the IEEE OUI numbers and class lookup tables. Using
 the information gathered from these sources it is possible to make
 educated guesses as to the host device type.
Bugs: mailto:<email address hidden>
Origin: Ubuntu

[jpereira@jiraya btscanner-2.1]$

Revision history for this message
Remove Me (remove-me) wrote :

This is a trivial initialization bug: memset called with a wrong length (looks like copy-paste mistake).
The attached patch fixes it.

Revision history for this message
C.J. (mdcj7670) wrote :

how does one apply the attached patch?

Revision history for this message
Sander Jonkers (jonkers) wrote :
Download full text (8.5 KiB)

Still happens on Ubuntu 15.04 with btscanner 2.0 after pressing "b"

$ btscanner

*** buffer overflow detected ***: btscanner terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x78c4e)[0x7fa095fc8c4e]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fa096068e8c]
/lib/x86_64-linux-gnu/libc.so.6(+0x116e80)[0x7fa096066e80]
btscanner[0x4075bc]
btscanner[0x407db5]
btscanner[0x403c49]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fa095f70a40]
btscanner[0x403c9d]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 b3:05 145449 /usr/bin/btscanner
0060e000-0060f000 r--p 0000e000 b3:05 145449 /usr/bin/btscanner
0060f000-00610000 rw-p 0000f000 b3:05 145449 /usr/bin/btscanner
00610000-00611000 rw-p 00000000 00:00 0
02064000-02105000 rw-p 00000000 00:00 0 [heap]
7fa093719000-7fa09372f000 r-xp 00000000 b3:05 284748 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa09372f000-7fa09392e000 ---p 00016000 b3:05 284748 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa09392e000-7fa09392f000 rw-p 00015000 b3:05 284748 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa09392f000-7fa093a1f000 r-xp 00000000 b3:05 134877 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.20
7fa093a1f000-7fa093c1f000 ---p 000f0000 b3:05 134877 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.20
7fa093c1f000-7fa093c27000 r--p 000f0000 b3:05 134877 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.20
7fa093c27000-7fa093c29000 rw-p 000f8000 b3:05 134877 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.20
7fa093c29000-7fa093c3e000 rw-p 00000000 00:00 0
7fa093c3e000-7fa0952aa000 r-xp 00000000 b3:05 136593 /usr/lib/x86_64-linux-gnu/libicudata.so.52.1
7fa0952aa000-7fa0954a9000 ---p 0166c000 b3:05 136593 /usr/lib/x86_64-linux-gnu/libicudata.so.52.1
7fa0954a9000-7fa0954aa000 r--p 0166b000 b3:05 136593 /usr/lib/x86_64-linux-gnu/libicudata.so.52.1
7fa0954aa000-7fa0954ab000 rw-p 0166c000 b3:05 136593 /usr/lib/x86_64-linux-gnu/libicudata.so.52.1
7fa0954ab000-7fa0955b2000 r-xp 00000000 b3:05 274001 /lib/x86_64-linux-gnu/libm-2.21.so
7fa0955b2000-7fa0957b1000 ---p 00107000 b3:05 274001 /lib/x86_64-linux-gnu/libm-2.21.so
7fa0957b1000-7fa0957b2000 r--p 00106000 b3:05 274001 /lib/x86_64-linux-gnu/libm-2.21.so
7fa0957b2000-7fa0957b3000 rw-p 00107000 b3:05 274001 /lib/x86_64-linux-gnu/libm-2.21.so
7fa0957b3000-7fa0957cc000 r-xp 00000000 b3:05 266645 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fa0957cc000-7fa0959cc000 ---p 00019000 b3:05 266645 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fa0959cc000-7fa0959cd000 r--p 00019000 b3:05 266645 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fa0959cd000-7fa0959ce000 rw-p 0001a000 b3:05 266645 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fa0959ce000-7fa095b36000 r-xp 00000000 b3:05 137433 /usr...

Read more...

Changed in btscanner (Ubuntu):
status: New → Confirmed
Revision history for this message
Sander Jonkers (jonkers) wrote :

FWIW:

The latest change to btscanner 2.1 was made in 2005. The maintainer seems to be gone. So maybe better to remove btscanner from the Ubuntu repositories?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.