Opened 9 months ago

Closed 2 months ago

#2878 closed defect (fixed)

*** buffer overflow detected ***: terminated - WMS, Ubuntu, Apache

Reported by: pcardinal Owned by: jng
Priority: medium Milestone: 4.0
Component: WMS Interface Version:
Severity: blocker Keywords: WMS, Ubuntu, Apache
Cc: pcardinal External ID:

Description

Change History (3)

comment:1 by pcardinal, 9 months ago

Last edited 9 months ago by pcardinal (previous) (diff)

comment:2 by jng, 2 months ago

After painstakingly trying to enable coredumps on my test Ubuntu VM I was able to get this useful stack trace:

0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140438241216064) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140438241216064) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140438241216064, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007fba5b2dc476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007fba5b2c27f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007fba5b323676 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fba5b47592e "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:155
#6  0x00007fba5b3d059a in __GI___fortify_fail (msg=msg@entry=0x7fba5b4758d4 "buffer overflow detected") at ./debug/fortify_fail.c:26
#7  0x00007fba5b3cef16 in __GI___chk_fail () at ./debug/chk_fail.c:28
#8  0x00007fba5b3cfaa5 in __swprintf_chk (s=<optimised out>, maxlen=<optimised out>, flag=<optimised out>, slen=<optimised out>, format=<optimised out>)
    at ./debug/swprintf_chk.c:29
#9  0x00007fba575f62f8 in MgOgcServer::IsIterationInSubset(int, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, wchar_t const*) () from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#10 0x00007fba575f8e01 in MgOgcServer::ProcedureEnum(MgXmlProcessingInstruction&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#11 0x00007fba575f948f in MgOgcServer::ProcessInstruction(MgXmlProcessingInstruction&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#12 0x00007fba575f97c3 in MgOgcServer::ProcessXmlStream(MgXmlParser&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#13 0x00007fba575f9822 in MgOgcServer::ProcessXmlStream(MgXmlParser&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#14 0x00007fba575f9822 in MgOgcServer::ProcessXmlStream(MgXmlParser&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#15 0x00007fba575f9822 in MgOgcServer::ProcessXmlStream(MgXmlParser&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#16 0x00007fba575fe69a in MgOgcServer::Expansion(std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#17 0x00007fba575fe922 in MgOgcServer::ProcessExpansion(wchar_t const*) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#18 0x00007fba575fe9b7 in MgOgcServer::ProcessExpandableText(wchar_t const*, int) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#19 0x00007fba575f9879 in MgOgcServer::ProcessXmlStream(MgXmlParser&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#20 0x00007fba576023ac in MgOgcServer::ProcessResponseElement(MgXmlParser&, wchar_t const*, wchar_t const*) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#21 0x00007fba57602877 in MgOgcServer::ProcessTemplateElement(MgXmlParser&, wchar_t const*, wchar_t const*, wchar_t const*) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#22 0x00007fba57602aa3 in MgOgcServer::GenerateResponse(wchar_t const*, wchar_t const*) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#23 0x00007fba57602c20 in MgOgcWmsServer::GetCapabilitiesResponse() ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#24 0x00007fba575da4a6 in MgOgcServer::ProcessRequest(IMgOgcDataAccessor*) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#25 0x00007fba57623414 in MgHttpWmsGetCapabilities::Execute(MgHttpResponse&) ()
   from /usr/local/mapguideopensource-4.0.0/webserverextensions/apache2/modules/../../lib64/libMgHttpHandler-4.0.0.so
#26 0x00007fba5762694c in MgHttpRequest::Execute() ()

comment:3 by jng, 2 months ago

Owner: set to jng
Resolution: fixed
Status: newclosed

In 10089:

Buffer overflow fixes in OGC Server. Fixes #2878

Note: See TracTickets for help on using tickets.