| Anonymous | Login | Signup for a new account | 2013-06-19 19:51 CEST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||
| 0000322 | Sphinx | general | public | 2009-04-09 10:02 | 2012-02-05 15:27 | ||
| Reporter | moep | ||||||
| Assigned To | shodan | ||||||
| Priority | normal | Severity | crash | Reproducibility | always | ||
| Status | closed | Resolution | fixed | ||||
| Platform | OS | OS Version | |||||
| Product Version | 0.9.9-rc2 | ||||||
| Target Version | Fixed in Version | ||||||
| Summary | 0000322: buffer overflow detected when using SphinxQL | ||||||
| Description | I get this error message when trying to issue a query using the standard mysql client and the new SphinxQL feature. ./configure --with-mysql --without-unixodbc --prefix=/opt/sphinx-0.9.9-rc2/ This doesn't happen if compiling with debug (./configure --with-mysql --without-unixodbc --prefix=/opt/sphinx-0.9.9-rc2/ --with-debug) I'm using Ubuntu 8.10 (libc6 2.8~20080505-0ubuntu9). Sphinx 0.9.9-rc2 (r1785) Copyright (c) 2001-2009, Andrew Aksyonoff using config file './sphinx.conf'... listening on 127.0.0.1:3312 accepting connections [Thu Apr 9 09:20:27.969 2009] 0.001 sec [scan/0/ext 100 (0,20)] [Candidate] *** buffer overflow detected ***: /opt/sphinx-0.9.9-rc2/bin/searchd terminated ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7cf06d8] /lib/tls/i686/cmov/libc.so.6[0xb7cee800] /lib/tls/i686/cmov/libc.so.6[0xb7cee107] /lib/tls/i686/cmov/libc.so.6(__snprintf_chk+0x34)[0xb7cedff4] /opt/sphinx-0.9.9-rc2/bin/searchd(_Z17HandleClientMySQLiPKci+0x14eb)[0x80a7d3b] /opt/sphinx-0.9.9-rc2/bin/searchd(_Z12HandleClient14ProtocolType_eiPKci+0x56)[0x80aad86] /opt/sphinx-0.9.9-rc2/bin/searchd(_Z11ServiceMainiPPc+0x2b57)[0x80ad8e7] /opt/sphinx-0.9.9-rc2/bin/searchd(main+0x46)[0x80af296] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7c0c685] /opt/sphinx-0.9.9-rc2/bin/searchd[0x80854d1] ======= Memory map: ======== 08048000-081a3000 r-xp 00000000 08:02 967123 /opt/sphinx-0.9.9-rc2/bin/searchd 081a3000-081ab000 r--p 0015b000 08:02 967123 /opt/sphinx-0.9.9-rc2/bin/searchd 081ab000-081af000 rw-p 00163000 08:02 967123 /opt/sphinx-0.9.9-rc2/bin/searchd 081af000-081b0000 rw-p 081af000 00:00 0 0990a000-099bc000 rw-p 0990a000 00:00 0 [heap] b74c0000-b75c7000 rw-s 00000000 00:07 2435071 /dev/zero (deleted) b75c7000-b75c8000 rw-s 00000000 00:07 2435070 /dev/zero (deleted) b75c8000-b75cc000 rw-s 00000000 00:07 2435069 /dev/zero (deleted) b75cc000-b76b6000 rw-s 00000000 00:07 2435068 /dev/zero (deleted) b76b6000-b76b7000 rw-s 00000000 00:07 2435067 /dev/zero (deleted) b76b7000-b7778000 rw-s 00000000 00:07 2435066 /dev/zero (deleted) b7778000-b777c000 rw-s 00000000 00:07 2435065 /dev/zero (deleted) b777c000-b785c000 rw-s 00000000 00:07 2435064 /dev/zero (deleted) b785c000-b785d000 rw-s 00000000 00:07 2435063 /dev/zero (deleted) b785d000-b7a47000 rw-s 00000000 00:07 2435062 /dev/zero (deleted) b7a47000-b7a48000 rw-s 00000000 00:07 2435061 /dev/zero (deleted) b7a48000-b7a6e000 rw-s 00000000 00:07 2435060 /dev/zero (deleted) b7a6e000-b7a6f000 rw-s 00000000 00:07 2435059 /dev/zero (deleted) b7a6f000-b7b44000 rw-s 00000000 00:07 2435058 /dev/zero (deleted) b7b44000-b7b45000 rw-s 00000000 00:07 2435057 /dev/zero (deleted) b7b45000-b7b5c000 rw-s 00000000 00:07 2435056 /dev/zero (deleted) b7b5c000-b7b5d000 rw-s 00000000 00:07 2435055 /dev/zero (deleted) b7b5d000-b7ba9000 rw-s 00000000 00:07 2435054 /dev/zero (deleted) b7ba9000-b7bab000 rw-p b7ba9000 00:00 0 b7bab000-b7bc0000 r-xp 00000000 08:02 606799 /lib/tls/i686/cmov/libnsl-2.8.90.so b7bc0000-b7bc1000 r--p 00014000 08:02 606799 /lib/tls/i686/cmov/libnsl-2.8.90.so b7bc1000-b7bc2000 rw-p 00015000 08:02 606799 /lib/tls/i686/cmov/libnsl-2.8.90.so b7bc2000-b7bc4000 rw-p b7bc2000 00:00 0 b7bc4000-b7bcd000 r-xp 00000000 08:02 606795 /lib/tls/i686/cmov/libcrypt-2.8.90.so b7bcd000-b7bce000 r--p 00008000 08:02 606795 /lib/tls/i686/cmov/libcrypt-2.8.90.so b7bce000-b7bcf000 rw-p 00009000 08:02 606795 /lib/tls/i686/cmov/libcrypt-2.8.90.so b7bcf000-b7bf6000 rw-p b7bcf000 00:00 0 b7bf6000-b7d4e000 r-xp 00000000 08:02 606793 /lib/tls/i686/cmov/libc-2.8.90.so b7d4e000-b7d50000 r--p 00158000 08:02 606793 /lib/tls/i686/cmov/libc-2.8.90.so b7d50000-b7d51000 rw-p 0015a000 08:02 606793 /lib/tls/i686/cmov/libc-2.8.90.so b7d51000-b7d55000 rw-p b7d51000 00:00 0 b7d55000-b7d62000 r-xp 00000000 08:02 581896 /lib/libgcc_s.so.1 b7d62000-b7d63000 r--p 0000c000 08:02 581896 /lib/libgcc_s.so.1 b7d63000-b7d64000 rw-p 0000d000 08:02 581896 /lib/libgcc_s.so.1 b7d64000-b7d88000 r-xp 00000000 08:02 606797 /lib/tls/i686/cmov/libm-2.8.90.so b7d88000-b7d89000 r--p 00023000 08:02 606797 /lib/tls/i686/cmov/libm-2.8.90.so b7d89000-b7d8a000 rw-p 00024000 08:02 606797 /lib/tls/i686/cmov/libm-2.8.90.so b7d8a000-b7e6d000 r-xp 00000000 08:02 868527 /usr/lib/libstdc++.so.6.0.10 b7e6d000-b7e71000 r--p 000e3000 08:02 868527 /usr/lib/libstdc++.so.6.0.10 b7e71000-b7e72000 rw-p 000e7000 08:02 868527 /usr/lib/libstdc++.so.6.0.10 b7e72000-b7e78000 rw-p b7e72000 00:00 0 b7e78000-b7e8d000 r-xp 00000000 08:02 606807 /lib/tls/i686/cmov/libpthread-2.8.90.so b7e8d000-b7e8e000 r--p 0001400Aborted | ||||||
| Tags | No tags attached. | ||||||
| Attached Files |  overflow.patch [^] (1,582 bytes) 2009-06-02 13:05 [Show Content]
| ||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000403) moep (reporter) 2009-04-09 10:06 |
The problem occures regardless of --with/without-unixodbc |
|
(0000415) kcivey (reporter) 2009-04-28 18:09 |
We're getting something similar. It runs but then crashes when a query comes in: Sphinx 0.9.9-rc2 (r1785) Copyright (c) 2001-2009, Andrew Aksyonoff using config file 'feed_sphinx.conf'... listening on all interfaces, port=3312 listening on [**ip_address**]:3307 WARNING: index 'combined': preload: failed to open /var/data/combined.sph: No such file or directory; NOT SERVING accepting connections [Tue Apr 28 11:56:33.095 2009] 0.278 sec [scan/0/ext 6685712 (0,20)] [standard] *** buffer overflow detected ***: searchd terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7fbc67b554c7] /lib64/libc.so.6[0x7fbc67b53370] /lib64/libc.so.6[0x7fbc67b5299b] /lib64/libc.so.6(__snprintf_chk+0x7b)[0x7fbc67b5286b] searchd(_Z17HandleClientMySQLiPKci+0x12eb)[0x463edb] searchd(_Z11ServiceMainiPPc+0x26c3)[0x466c13] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7fbc67a74576] searchd[0x441799] ======= Memory map: ======== 00400000-00552000 r-xp 00000000 08:02 56858 /usr/local/bin/searchd 00751000-00764000 rw-p 00151000 08:02 56858 /usr/local/bin/searchd 00764000-00766000 rw-p 00764000 00:00 0 00af5000-00b5c000 rw-p 00af5000 00:00 0 [heap] 7fbc5f8cf000-7fbc5f9d6000 rw-s 00000000 00:08 20984598 /dev/zero (deleted) 7fbc5f9d6000-7fbc5ff7a000 rw-s 00000000 00:08 20984596 /dev/zero (deleted) 7fbc5ff7a000-7fbc60113000 rw-s 00000000 00:08 20984595 /dev/zero (deleted) 7fbc60113000-7fbc66718000 rw-s 00000000 00:08 20984593 /dev/zero (deleted) 7fbc66718000-7fbc66733000 r-xp 00000000 08:02 648574 /lib64/libselinux.so.1 7fbc66733000-7fbc66932000 ---p 0001b000 08:02 648574 /lib64/libselinux.so.1 7fbc66932000-7fbc66933000 r--p 0001a000 08:02 648574 /lib64/libselinux.so.1 7fbc66933000-7fbc66934000 rw-p 0001b000 08:02 648574 /lib64/libselinux.so.1 7fbc66934000-7fbc66935000 rw-p 7fbc66934000 00:00 0 7fbc66935000-7fbc66949000 r-xp 00000000 08:02 1798 /lib64/libresolv-2.9.so 7fbc66949000-7fbc66b49000 ---p 00014000 08:02 1798 /lib64/libresolv-2.9.so 7fbc66b49000-7fbc66b4a000 r--p 00014000 08:02 1798 /lib64/libresolv-2.9.so 7fbc66b4a000-7fbc66b4b000 rw-p 00015000 08:02 1798 /lib64/libresolv-2.9.so 7fbc66b4b000-7fbc66b4d000 rw-p 7fbc66b4b000 00:00 0 7fbc66b4d000-7fbc66b4f000 r-xp 00000000 08:02 2023 /lib64/libkeyutils-1.2.so 7fbc66b4f000-7fbc66d4e000 ---p 00002000 08:02 2023 /lib64/libkeyutils-1.2.so 7fbc66d4e000-7fbc66d4f000 rw-p 00001000 08:02 2023 /lib64/libkeyutils-1.2.so 7fbc66d4f000-7fbc66d58000 r-xp 00000000 08:02 47398 /usr/lib64/libkrb5support.so.0.1 7fbc66d58000-7fbc66f58000 ---p 00009000 08:02 47398 /usr/lib64/libkrb5support.so.0.1 7fbc66f58000-7fbc66f59000 rw-p 00009000 08:02 47398 /usr/lib64/libkrb5support.so.0.1 7fbc66f59000-7fbc66f5b000 r-xp 00000000 08:02 1778 /lib64/libdl-2.9.so 7fbc66f5b000-7fbc6715b000 ---p 00002000 08:02 1778 /lib64/libdl-2.9.so 7fbc6715b000-7fbc6715c000 r--p 00002000 08:02 1778 /lib64/libdl-2.9.so 7fbc6715c000-7fbc6715d000 rw-p 00003000 08:02 1778 /lib64/libdl-2.9.so 7fbc6715d000-7fbc67181000 r-xp 00000000 08:02 47386 /usr/lib64/libk5crypto.so.3.1 7fbc67181000-7fbc67380000 ---p 00024000 08:02 47386 /usr/lib64/libk5crypto.so.3.1 7fbc67380000-7fbc67382000 rw-p 00023000 08:02 47386 /usr/lib64/libk5crypto.so.3.1 7fbc67382000-7fbc67385000 r-xp 00000000 08:02 1810 /lib64/libcom_err.so.2.1 7fbc67385000-7fbc67584000 ---p 00003000 08:02 1810 /lib64/libcom_err.so.2.1 7fbc67584000-7fbc67585000 rw-p 00002000 08:02 1810 /lib64/libcom_err.so.2.1 7fbc67585000-7fbc67624000 r-xp 00000000 08:02 47396 /usr/lib64/libkrb5.so.3.3 7fbc67624000-7fbc67823000 ---p 0009f000 08:02 47396 /usr/lib64/libkrb5.so.3.3 7fbc67823000-7fbc67827000 rw-p 0009e000 08:02 47396 /usr/lib64/libkrb5.so.3.3 7fbc67827000-7fbc67855000 r-xp 00000000 08:02 47382 /usr/lib64/libgssapi_krb5.so.2.2 7fbc67855000-7fbc67a54000 ---p 0002e000 08:02 47382 /usr/lib64/libgssapi_krb5.so.2.2 7fbc67a54000-7fbc67a56000 rw-p 0002d000 08:02 47382 /usr/lib64/libgssapi_krb5.so.2.2 7fbc67a56000-7fbc67bbe000 r-xp 00000000 08:02 1772 /lib64/libc-2.9.so 7fbc67bbe000-7fbc67dbe000 ---p 00168000 08:02 1772 /lib64/libc-2.9.so 7fbc67dbe000-7fbc67dc2000 r--p 00168000 08:02 1772 /lib64/libc-2.9.so 7fbc67dc2000-7fbc67dc3000 rw-p 0016c000 08:02 1772 /lib64/libc-2.9.so 7fbc67dc3000-7fbc67dc8000 rw-p 7fbc67dc3000 00:00 0 7fbc67dc8000-7fbc67dde000 r-xp 00000000 08:02 1760 /lib64/libgcc_s-4.3.2-20081105.so.1 7fbc67dde000-7fbc67fde000 ---p 00016000 08:02 1760 /lib64/libgcc_s-4.3.2-20081105.so.1 7fbc67fde000-7fbc67fdf000 rw-p 00016000 08:02 1760 /lib64/libgcc_s-4.3.2-20081105.so.1 7fbc67fdf000-7fbc680cd000 r-xp 00000000 08:02 46966 /usr/lib64/libstdc++.so.6.0.10 7fbc680cd000-7fbc682cd000 ---p 000ee000 08:02 46966 /usr/lib64/libstdc++.so.6.0.10 7fbc682cd000-7fbc682d4000 r--p 000ee000 08:02 46966 /usr/lib64/libstdc++.so.6.0.10 7fbc682d4000-7fbc682d6000 rw-p 000f5000 08:02 46966 /usr/lib64/libstdc++.so.6.0.10 7fbc682d6000-7fbc682e9000 rw-p 7fbc682d6000 00:00 0 7fbc682e9000-7fbc68300000 r-xp 00000000 08:02 1796 /lib64/libpthread-2.9.so 7fbc68300000-7fbc684ff000 ---p 00017000 08:02 1796 /lib64/libpthread-2.9.so 7fbc684ff000-7fbc68500000 r--p 00016000 08:02 1796 /lib64/libpthread-2.9.so 7fbc68500000-7fbc68501000 rw-p 00017000 08:02 1796 /lib64/libpthread-2.9.so 7fbc68501000-7fbc68505000 rw-p 7fbc68501000 00:00 0 7fbc68505000-7fbc6850d000 r-xp 00000000 08:02 1800 /lib64/librt-2.9.so 7fbc6850d000-7fbc6870c000 ---p 00008000 08:02 1800 /lib64/librt-2.9.so 7fbc6870c000-7fbc6870d000 r--p 00007000 08:02 1800 /lib64/librt-2.9.so 7fbc6870d000-7fbc6870e000 rw-p 00008000 08:02 1800 /lib64/librt-2.9.so 7fbc6870e000-7fbc68735000 r-xp 00000000 08:02 1838 /lib64/libexpat.so.1.5.2 7fbc68735000-7fbc68934000 ---p 00027000 08:02 1838 /lib64/libexpat.so.1.5.2 7fbc68934000-7fbc68937000 rw-p 00026000 08:02 1838 /lib64/libexpat.so.1.5.2 7fbc68937000-7fbc689bb000 r-xp 00000000 08:02 1780 /lib64/libm-2.9.so 7fbc689bb000-7fbc68bba000 ---p 00084000 08:02 1780 /lib64/libm-2.9.so 7fbc68bba000-7fbc68bbb000 r--p 00083000 08:02 1780 /lib64/libm-2.9.so 7fbc68bbb000-7fbc68bbc000 rw-p 00084000 08:02 1780 /lib64/libm-2.9.so 7fbc68bbc000-7fbc68c20000 r-xp 00000000 08:02 47101 /usr/lib64/libodbc.so.1.0.0 7fbc68c20000-7fbc68e20000 ---p 00064000 08:02 47101 /usr/lib64/libodbc.so.1.0.0 7fbc68e20000-7fbc68e28000 rw-p 00064000 08:02 47101 /usr/lib64/libodbc.so.1.0.0 7fbc68e28000-7fbc68f68000 r-xp 00000000 08:02 2051 /lib64/libcrypto.so.0.9.8g 7fbc68f68000-7fbc69167000 ---p 00140000 08:02 2051 /lib64/libcrypto.so.0.9.8g 7fbc69167000-7fbc69188000 rw-p 0013f000 08:02 2051 /lib64/libcrypto.so.0.9.8g 7fbc69188000-7fbc6918b000 rw-p 7fbc69188000 00:00 0 7fbc6918b000-7fbc691d4000 r-xp 00000000 08:02 2053 /lib64/libssl.so.0.9.8g 7fbc691d4000-7fbc693d3000 ---p 00049000 08:02 2053 /lib64/libssl.so.0.9.8g 7fbc693d3000-7fbc693da000 rw-p 00048000 08:02 2053 /lib64/libssl.so.0.9.8g 7fbc693da000-7fbc693f0000 r-xp 00000000 08:02 1782 /lib64/libnsl-2.9.so 7fbc693f0000-7fbc695f0000 ---p 00016000 08:02 1782 /lib64/libnsl-2.9.so 7fbc695f0000-7fbc695f1000 r--p 00016000 08:02 1782 /lib64/libnsl-2.9.so 7fbc695f1000-7fbc695f2000 rw-p 00017000 08:02 1782 /lib64/libnsl-2.9.so 7fbc695f2000-7fbc695f4000 rw-p 7fbc695f2000 00:00 0 7fbc695f4000-7fbc695fd000 r-xp 00000000 08:02 1776 /lib64/libcrypt-2.9.so 7fbc695fd000-7fbc697fc000 ---p 00009000 08:02 1776 /lib64/libcrypt-2.9.so 7fbc697fc000-7fbc697fd000 r--p 00008000 08:02 1776 /lib64/libcrypt-2.9.so 7fbc697fd000-7fbc697fe000 rw-p 00009000 08:02 1776 /lib64/libcrypt-2.9.so 7fbc697fe000-7fbc6982c000 rw-p 7fbc697fe000 00:00 0 7fbc6982c000-7fbc69841000 r-xp 00000000 08:02 1807 /lib64/libz.so.1.2.3 7fbc69841000-7fbc69a40000 ---p 00015000 08:02 1807 /lib64/libz.so.1.2.3 7fbc69a40000-7fbc69a41000 rw-p 00014000 08:02 1807 /lib64/libz.so.1.2.3 7fbc69a41000-7fbc69b6d000 r-xp 00000000 08:02 715645 /usr/lib64/mysql/libmysqlclient.so.15.0.0 7fbc69b6d000-7fbc69d6d000 ---p 0012c000 08:02 715645 /usr/lib64/mysql/libmysqlclient.so.15.0.0 7fbc69d6d000-7fbc69db4000 rw-p 0012c000 08:02 715645 /usr/lib64/mysql/libmysqlclient.so.15.0.0 7fbc69db4000-7fbc69db5000 rw-p 7fbc69db4000 00:00 0 7fbc69db5000-7fbc69dd5000 r-xp 00000000 08:02 1762 /lib64/ld-2.9.so 7fbc69e98000-7fbc69e99000 rw-s 00000000 00:08 20984597 /dev/zero (deleted) 7fbc69e99000-7fbc69f9a000 rw-s 00000000 00:08 20984594 /dev/zero (deleted) 7fbc69f9a000-7fbc69fc6000 rw-p 7fbc69f9a000 00:00 0 7fbc69fcd000-7fbc69fce000 rw-s 00000000 00:08 20984592 /dev/zero (deleted) 7fbc69fce000-7fbc69fcf000 rw-s 00000000 00:08 20984589 /dev/zero (deleted) 7fbc69fcf000-7fbc69fd0000 rw-p 7fbc69fcf000 00:00 0 7fbc69fd0000-7fbc69fd1000 rw-s 00000000 00:08 20984588 /dev/zero (deleted) 7fbc69fd1000-7fbc69fd2000 rw-s 00000000 00:08 20984587 /dev/zero (deleted) 7fbc69fd2000-7fbc69fd4000 rw-p 7fbc69fd2000 00:00 0 7fbc69fd4000-7fbc69fd5000 r--p 0001f000 08:02 1762 /lib64/ld-2.9.so 7fbc69fd5000-7fbc69fd6000 rw-p 00020000 08:02 1762 /lib64/ld-2.9.so 7fff71fc1000-7fff71fd6000 rw-p 7ffffffea000 00:00 0 [stack] 7fff71fff000-7fff72000000 r-xp 7fff71fff000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted |
|
(0000432) TECK (reporter) 2009-05-27 18:56 |
Where is located your my.cnf file? I presume it is not into /etc or /etc/mysql directory, right? |
|
(0000433) kcivey (reporter) 2009-05-27 19:04 |
Ours is in /etc/my.cnf. |
|
(0000434) moep (reporter) 2009-05-28 12:55 |
mine is in cwd ./sphinx.conf and i use a "dynamic" config with shebang |
|
(0000438) Xharze (reporter) 2009-06-02 13:05 |
When compiling Sphinx the compiler actually tells us that an overflow always will occur at line 5706, 5707 and 5798. I've attached a patch which seems to fix the problem, but i has not been tested throughly yet, so use it at you own risk. |
|
(0000444) shodan (administrator) 2009-06-20 14:06 |
Fixed in r1841 (rel099 branch). |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-04-09 10:02 | moep | New Issue | |
| 2009-04-09 10:06 | moep | Note Added: 0000403 | |
| 2009-04-28 18:07 | kcivey | Issue Monitored: kcivey | |
| 2009-04-28 18:09 | kcivey | Note Added: 0000415 | |
| 2009-05-27 18:56 | TECK | Note Added: 0000432 | |
| 2009-05-27 19:03 | TECK | Issue Monitored: TECK | |
| 2009-05-27 19:04 | kcivey | Note Added: 0000433 | |
| 2009-05-28 12:55 | moep | Note Added: 0000434 | |
| 2009-06-02 13:05 | Xharze | File Added: overflow.patch | |
| 2009-06-02 13:05 | Xharze | Note Added: 0000438 | |
| 2009-06-09 00:45 | K | Status | new => assigned |
| 2009-06-09 00:45 | K | Assigned To | => shodan |
| 2009-06-20 14:06 | shodan | Note Added: 0000444 | |
| 2009-06-20 14:06 | shodan | Status | assigned => resolved |
| 2009-06-20 14:06 | shodan | Resolution | open => fixed |
| 2012-02-05 15:27 | shodan | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2010 MantisBT Group |
 |