fs-uae icon indicating copy to clipboard operation
fs-uae copied to clipboard

Published 20 hours ago verified publisher icon FrodeSolheim

BSDSOCKET buffer overflow on LInux

Open Telefonorosso opened this issue 1 year ago • 0 comments

Hello and thank you in advance for any assistance!

HOST Linux 5.10.0-21-amd64 1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz - 8 GB ram

UPDATE! Can reproduce even on Raspberry Pi 3 Linux raspberrypi 5.4.51-v7+ #1333 SMP Mon Aug 10 16:45:19 BST 2020 armv7l GNU/Linux

GUEST fs-uae versions 3 and 4 (compiled, downloaded from apt, downloaded from website...) Amiga ROM 3.1 rev 40.6 AmigaOS 3.1 AmiTCP 3.0 b2

(in fact, only inetd and telnetd are invoked since UAE's bsdsocket_library replaces the TCP stack alltogether)

PLUGINS QEMU-UAE 3.8.9 (enabling/disabling it makes no difference)

CONFIG [fs-uae] amiga_model = A4000 chip_memory = 2048 fast_memory = 8192 hard_drive_0 = /home/.../TELNET-ADV kickstart_file = /home/.../KICK31.ROM bsdsocket_library = 1

Note: tried any imaginable model/cpu/mmu permutation.

HOW TO REPRODUCE clean install Debian 11 with XFCE su apt-get install fs-uae (copy Amiga hdd and ROM, edit Default.fs-uae) fs-uae & telnet localhost

EXPECTED RESULT getting an Amiga shell prompt (the setup is working with Windows 10 host and WinUAE guest)

ACTUAL RESULT telnet connection closed without any interaction possible emulation stopped

ERROR MESSAGE (TELNET) Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host.

ERROR MESSAGE (FS-UAE) *** buffer overflow detected ***: terminated

ERROR MESSAGE (GDB) (gdb) backtrace 0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 1 0x00007ffff7546537 in __GI_abort () at abort.c:79 2 0x00007ffff759f768 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff76bd19c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 3 0x00007ffff7630542 in __GI___fortify_fa il (msg=msg@entry=0x7ffff76bd132 "buffer overflow detected") at fortify_fail.c:26 4 0x00007ffff762ef20 in __GI___chk_fail () at chk_fail.c:28 5 0x00007ffff7630497 in __fdelt_chk (d=) at fdelt_chk.c:25 6 0x000000000058838d in ?? () 7 0x0000000000588830 in ?? () 8 0x00007ffff7efd0bd in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 9 0x00007ffff7700ea7 in start_thread (arg=) at pthread_create.c:477 10 0x00007ffff7620a2f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

ATTACHMENTS debug.uae.txt OK-fs-uae.log.txt

Cheers, TR

Telefonorosso avatar Mar 11 '23 09:03 Telefonorosso