[Debian GNUstep maintainers] Bug#1040372: edenmath.app: Aborts with stack smashing when calculation result is large enough

Yavor Doganov yavor at gnu.org
Wed Jul 5 06:38:40 BST 2023 

Package: edenmath.app
Version: 1.1.1a-8+b5
Severity: important

Type "40", then press the button "10^x" (second button from right to
left on the lowest row); EdenMath aborts with:
*** stack smashing detected *** terminated.

Backtrace:

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, 
    no_tid=no_tid at entry=0) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: Няма такъв файл или директория.
(gdb) bt
#0  __pthread_kill_implementation
    (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0)
    at ./nptl/pthread_kill.c:44
#1  0x00007ffff6ea815f in __pthread_kill_internal (signo=6, threadid=<optimized out>)
    at ./nptl/pthread_kill.c:78
#2  0x00007ffff6e5a472 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff6e444b2 in __GI_abort () at ./stdlib/abort.c:79
#4  0x00007ffff6e451ed in __libc_message
    (fmt=fmt at entry=0x7ffff6fb7543 "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007ffff6f362c5 in __GI___fortify_fail
    (msg=msg at entry=0x7ffff6fb752b "stack smashing detected")
    at ./debug/fortify_fail.c:24
#6  0x00007ffff6f362b0 in __stack_chk_fail () at ./debug/stack_chk_fail.c:24
#7  0x000055555555d0a6 in -[EMController updateDisplay]
    (self=<optimized out>, _cmd=<optimized out>) at ./EMController.m:227
#8  0x00007ffff7a5dabe in -[NSApplication sendAction:to:from:]
    (self=<optimized out>, _cmd=<optimized out>, aSelector=0x5555557edf20, aTarget=<optimized out>, sender=0x555556e18050) at ./Source/NSApplication.m:2273
#9  0x00007ffff7a8f313 in -[NSButton sendAction:to:]
    (self=0x555556e18050, _cmd=<optimized out>, theAction=0x5555557edf20, theTarget=0x555556e2ff30) at ./Source/NSButton.m:588
#10 0x00007ffff7a9b01d in -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
    (self=self at entry=0x555556e1f690, _cmd=_cmd at entry=0x7ffff7da0d50 <_OBJC_SELECTOR_TABLE+1712>, theEvent=<optimized out>, 
    theEvent at entry=0x555556e23a30, cellFrame=..., controlView=controlView at entry=0x555556e18050, flag=0 '\000') at ./Source/NSCell.m:1807
#11 0x00007ffff7abd56b in -[NSControl mouseDown:]
    (self=0x555556e18050, _cmd=<optimized out>, theEvent=<optimized out>)
    at ./Source/NSControl.m:931
#12 0x00007ffff7bfd354 in -[NSWindow sendEvent:]
    (self=0x5555568b4480, _cmd=<optimized out>, theEvent=0x555556e23a30)
    at ./Source/NSWindow.m:4154
#13 0x00007ffff7a63f5e in -[NSApplication run]
    (self=0x555555808a40, _cmd=<optimized out>) at ./Source/NSApplication.m:1585
#14 0x00007ffff7a43ec9 in NSApplicationMain
    (argc=<optimized out>, argv=<optimized out>) at ./Source/Functions.m:119
#15 0x00007ffff6e456ca in __libc_start_call_main
    (main=main at entry=0x55555555b1f0 <main>, argc=argc at entry=1, argv=argv at entry=0x7fffffffead8) at ../sysdeps/nptl/libc_start_call_main.h:58
#16 0x00007ffff6e45785 in __libc_start_main_impl
    (main=0x55555555b1f0 <main>, argc=1, argv=0x7fffffffead8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffeac8)
    at ../csu/libc-start.c:360
#17 0x000055555555b231 in _start ()

Cannot be reproduced when built with -fno-stack-protector.  I guess the
culprit is a buffer overflow in -[EMController updateDisplay] where
buffer size is limited to 32 bytes.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 6.3.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages edenmath.app depends on:
ii  gnustep-back0.30      0.30.0-2
ii  gnustep-base-runtime  1.29.0-4
ii  gnustep-gui-runtime   0.30.0-3
ii  libc6                 2.37-3
ii  libgnustep-base1.29   1.29.0-4
ii  libgnustep-gui0.30    0.30.0-3
ii  libobjc4              13.1.0-7

Versions of packages edenmath.app recommends:
ii  helpviewer.app  0.4-1+b1

edenmath.app suggests no packages.

-- no debconf information

More information about the pkg-GNUstep-maintainers mailing list