Open MPI logo

Open MPI Development Mailing List Archives

  |   Home   |   Support   |   FAQ   |   all Development mailing list

From: Brian Barrett (brbarret_at_[hidden])
Date: 2006-09-25 11:46:31


Following up on an old thread from the list. The error was being thrown
by the FORTIFY_SOURCE option that Dave had used (actually, RPM added, I
believe) that does some bounds checking on C functions. There was an
erroneous size value being passed to a call to snprintf() that was
larger than the buffer being passed. However, the string being
processed by snprintf() could not possibly have overflowed the buffer,
so there was no possibility of a buffer overflow in this situation.

We've fixed the code so that it will pass the correct value for the size
to snprintf() and this error will no longer occur.

Brian

On Thu, 2006-08-31 at 15:56 -0600, Brian Barrett wrote:
> What facilities are you using to detect the buffer overflow? We've seen
> no such issues in our testing and I'd be surprised if there was an issue
> in that code path. Valgrind and friends don't show any issues on our
> test machines, so without more detail, I'm afraid we really can't fix
> the issue you are seeing.
>
> Brian
>
>
> On Thu, 2006-08-24 at 13:53 -0400, Dave Rogers wrote:
> > I just compiled the latest version on my machine and ran a dumb test -
> > mpirun without any arguments.
> > This generated a buffer overflow error!
> >
> > Error message (reproducible with different mem. addr.s):
> > [ /home/dave/rpmbuild ] $ mpirun
> > *** buffer overflow detected ***: mpirun terminated
> > ======= Backtrace: =========
> > /lib64/libc.so.6(__chk_fail+0x2f)[0x31669dee3f]
> > /lib64/libc.so.6[0x31669de69b]
> > /lib64/libc.so.6(__snprintf_chk+0x7b)[0x31669de56b]
> > /usr/lib64/libopal.so.0(opal_cmd_line_get_usage_msg
> > +0x20a)[0x2aaaaac1088a]
> > mpirun[0x403c53]
> > mpirun(orterun+0xa0)[0x402798]
> > mpirun(main+0x1b)[0x4026f3]
> > /lib64/libc.so.6(__libc_start_main+0xf4)[0x316691d084]
> > mpirun[0x402649]
> > ======= Memory map: ========
> > 00400000-00408000 r-xp 00000000 09:01
> > 2697992 /usr/bin/orterun
> > ...
> > 7fff20e92000-7fff20ea8000 rw-p 7fff20e92000 00:00 0
> > [stack]
> > ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0
> > [vdso]
> > Aborted
> >
> > Installation details: System: FC5 AMD Opteron x86_64
> > downloaded SRPM version 1.1.1
> >
> > rpm -ivh /usr/local/src/dist/libs/openmpi- 1.1-1.src.rpm
> > rpmbuild -ba SPECS/openmpi-1.1.spec --target x86_64
> > - generates an error from check-rpaths stating that the /usr/lib64
> > prefix is unnecessary and may cause problems
> > QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -ba SPECS/openmpi- 1.1.spec
> > --target x86_64
> > - suggessted workaround - ignores as warnings
> > rpm -ivh ~dave/rpmbuild/RPMS/x86_64/openmpi-1.1-1.x86_64.rpm
> > - generates a package conflict -- file /usr/lib64/libopal.so from
> > install of openmpi-1.1-1 conflicts with file from package opal-2.2.1-1
> > - apparently, this comes from opal, the open phone abstraction
> > library... so I uninstalled opal
> > rpm -ivh ~dave/rpmbuild/RPMS/x86_64/openmpi-1.1-1.x86_64.rpm
> > - worked!
> >
> > The strange thing is that mpirun with normal arguments works as
> > expected without any sorts of mem. errors.
> > mpirun with flags -h or --help also buffer overflows, but not mpirun
> > with an unrecognized argument, to which it spits out a "you must
> > specify how many processes to launch, via the -np argument." error.
> >
> > I hope this gets fixed soon, buffer overflows are potential security
> > vulnerabilities.
> >
> > ~ David Rogers
> > _______________________________________________
> > devel mailing list
> > devel_at_[hidden]
> > http://www.open-mpi.org/mailman/listinfo.cgi/devel
>
> _______________________________________________
> devel mailing list
> devel_at_[hidden]
> http://www.open-mpi.org/mailman/listinfo.cgi/devel