EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   Support::Linux Servers (https://www.eqemulator.org/forums/forumdisplay.php?f=588)
-   -   Buffer Overflow with rev1625 and up (https://www.eqemulator.org/forums/showthread.php?t=31940)

cubber 08-27-2010 03:25 PM
Buffer Overflow with rev1625 and up
 
I was using rev 1616 with no issues the server started fine. This is on gentoo x86 btw. If I upgrade to rev 1630 the latest in svn as of this writing I get the following on server startup.

Code:
+ LNAME=zone
+ '[' '' = test ']'
++ pwd
+ P=/opt/eqemu
+ export LD_LIBRARY_PATH=:/opt/eqemu
+ LD_LIBRARY_PATH=:/opt/eqemu
+ mkdir -p logs
+ '[' '!' -e .lock-zones -a '!' -e .lock-world ']'
+ for f in 'logs/eqemu_*.log'
+ '[' 'logs/eqemu_*.log' = logs/eqemu_commands_zone.log ']'
+ rm -f 'logs/eqemu_*.log'
+ '[' '!' -e .lock-world ']'
+ touch .lock-world
+ sleep 15
+ ./persist_world
*** buffer overflow detected ***: ./world terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x50)[0xb7194850]
/lib/libc.so.6(+0xe18aa)[0xb71928aa]
/lib/libc.so.6(__strcpy_chk+0x44)[0xb7191bb4]
./world(_ZN14SharedDatabase11DBLoadItemsEij+0x1bfe)[0x80d730c]
[0x6e657072]
======= Memory map: ========
08048000-081a0000 r-xp 00000000 fd:01 188627    /opt/eqemu/world
081a0000-081a1000 r--p 00157000 fd:01 188627    /opt/eqemu/world
081a1000-081a9000 rw-p 00158000 fd:01 188627    /opt/eqemu/world
081a9000-08615000 rw-p 00000000 00:00 0          [heap]
ab487000-b14e7000 rw-p 00000000 00:00 0
b14e7000-b5879000 rw-s 00000000 00:04 248446977  /SYSV4901e001 (deleted)
b5879000-b587a000 ---p 00000000 00:00 0
b587a000-b607a000 rw-p 00000000 00:00 0
b607a000-b607b000 ---p 00000000 00:00 0
b607b000-b687b000 rw-p 00000000 00:00 0
b687b000-b687c000 ---p 00000000 00:00 0
b687c000-b707c000 rw-p 00000000 00:00 0
b707c000-b7086000 r-xp 00000000 08:03 116735    /lib/libnss_files-2.11.2.so
b7086000-b7087000 r--p 00009000 08:03 116735    /lib/libnss_files-2.11.2.so
b7087000-b7088000 rw-p 0000a000 08:03 116735    /lib/libnss_files-2.11.2.so
b7088000-b708a000 rw-p 00000000 00:00 0
b708a000-b7091000 r-xp 00000000 08:03 116736    /lib/librt-2.11.2.so
b7091000-b7092000 r--p 00006000 08:03 116736    /lib/librt-2.11.2.so
b7092000-b7093000 rw-p 00007000 08:03 116736    /lib/librt-2.11.2.so
b7093000-b70af000 r-xp 00000000 fd:02 395936    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b70af000-b70b0000 r--p 0001b000 fd:02 395936    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b70b0000-b70b1000 rw-p 0001c000 fd:02 395936    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b70b1000-b71f1000 r-xp 00000000 08:03 116188    /lib/libc-2.11.2.so
b71f1000-b71f3000 r--p 0013f000 08:03 116188    /lib/libc-2.11.2.so
b71f3000-b71f4000 rw-p 00141000 08:03 116188    /lib/libc-2.11.2.so
b71f4000-b71f7000 rw-p 00000000 00:00 0
b71f7000-b71f9000 r-xp 00000000 08:03 116820    /lib/libutil-2.11.2.so
b71f9000-b71fa000 r--p 00001000 08:03 116820    /lib/libutil-2.11.2.so
b71fa000-b71fb000 rw-p 00002000 08:03 116820    /lib/libutil-2.11.2.so
b71fb000-b7210000 r-xp 00000000 08:03 116731    /lib/libpthread-2.11.2.so
b7210000-b7211000 r--p 00014000 08:03 116731    /lib/libpthread-2.11.2.so
b7211000-b7212000 rw-p 00015000 08:03 116731    /lib/libpthread-2.11.2.so
b7212000-b7214000 rw-p 00000000 00:00 0
b7214000-b7316000 r-xp 00000000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b7316000-b7317000 ---p 00102000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b7317000-b7318000 r--p 00102000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b7318000-b731c000 rw-p 00103000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b731c000-b7320000 rw-p 00000000 00:00 0
b7320000-b7456000 r-xp 00000000 fd:02 332166    /usr/lib/libcrypto.so.0.9.8
b7456000-b745e000 r--p 00135000 fd:02 332166    /usr/lib/libcrypto.so.0.9.8
b745e000-b746d000 rw-p 0013d000 fd:02 332166    /usr/lib/libcrypto.so.0.9.8
b746d000-b7470000 rw-p 00000000 00:00 0
b7470000-b74b5000 r-xp 00000000 fd:02 327693    /usr/lib/libssl.so.0.9.8
b74b5000-b74b6000 r--p 00045000 fd:02 327693    /usr/lib/libssl.so.0.9.8
b74b6000-b74b9000 rw-p 00046000 fd:02 327693    /usr/lib/libssl.so.0.9.8
b74b9000-b74cc000 r-xp 00000000 08:03 116739    /lib/libnsl-2.11.2.so
b74cc000-b74cd000 r--p 00012000 08:03 116739    /lib/libnsl-2.11.2.so
b74cd000-b74ce000 rw-p 00013000 08:03 116739    /lib/libnsl-2.11.2.so
b74ce000-b74d0000 rw-p 00000000 00:00 0
b74d0000-b74d9000 r-xp 00000000 08:03 116310    /lib/libcrypt-2.11.2.so
b74d9000-b74da000 r--p 00008000 08:03 116310    /lib/libcrypt-2.11.2.so
b74da000-b74db000 rw-p 00009000 08:03 116310    /lib/libcrypt-2.11.2.so
b74db000-b7502000 rw-p 00000000 00:00 0
b7502000-b761f000 r-xp 00000000 fd:02 337895    /usr/lib/mysql/libmysqlclient.so.15.0.0
b761f000-b7621000 r--p 0011c000 fd:02 337895    /usr/lib/mysql/libmysqlclient.so.15.0.0
b7621000-b7662000 rw-p 0011e000 fd:02 337895    /usr/lib/mysql/libmysqlclient.so.15.0.0
b7662000-b7664000 rw-p 00000000 00:00 0
b7664000-b7666000 r-xp 00000000 08:03 116729    /lib/libdl-2.11.2.so
b7666000-b7667000 r--p 00001000 08:03 116729    /lib/libdl-2.11.2.so
b7667000-b7668000 rw-p 00002000 08:03 116729    /lib/libdl-2.11.2.so
b7668000-b7679000 r-xp 00000000 08:03 116286    /lib/libz.so.1.2.3
b7679000-b767a000 ---p 00011000 08:03 116286    /lib/libz.so.1.2.3
b767a000-b767b000 r--p 00011000 08:03 116286    /lib/libz.so.1.2.3
b767b000-b767c000 rw-p 00012000 08:03 116286    /lib/libz.so.1.2.3
b767c000-b76a0000 r-xp 00000000 08:03 116728    /lib/libm-2.11.2.so
b76a0000-b76a1000 r--p 00023000 08:03 116728    /lib/libm-2.11.2.so
b76a1000-b76a2000 rw-p 00024000 08:03 116728    /lib/libm-2.11.2.so
b76a2000-b7786000 r-xp 00000000 fd:02 395920    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b7786000-b778a000 r--p 000e4000 fd:02 395920    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b778a000-b778b000 rw-p 000e8000 fd:02 395920    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b778b000-b7792000 rw-p 00000000 00:00 0
b779a000-b77a4000 r-xp 00000000 fd:01 188628    /opt/eqemu/libEMuShareMem.so
b77a4000-b77a5000 r--p 00009000 fd:01 188628    /opt/eqemu/libEMuShareMem.so
b77a5000-b77a6000 rw-p 0000a000 fd:01 188628    /opt/eqemu/libEMuShareMem.so
b77a6000-b77aa000 rw-p 00000000 00:00 0
b77aa000-b77ab000 r-xp 00000000 00:00 0          [vdso]
b77ab000-b77c7000 r-xp 00000000 08:03 116726    /lib/ld-2.11.2.so
b77c7000-b77c8000 r--p 0001b000 08:03 116726    /lib/ld-2.11.2.so
b77c8000-b77c9000 rw-p 0001c000 08:03 116726    /lib/ld-2.11.2.so
bf89e000-bf8a3000 rw-p 00000000 00:00 0          [stack]
./persist_world: line 14:  2574 Aborted                (core dumped) ./world "$@"
+ '[' '!' -e .lock-launcher ']'
+ touch .lock-launcher
+ ./eqlaunch zone
I downgraded to rev 1625 and had the same issue, actually the trace above is from rev 1625.

Reverting back to my 1616 build works fine again.

Any ideas how I can fix this and update?

joligario 08-27-2010 04:00 PM
Did you try r1624?

Derision 08-27-2010 04:10 PM
As there was a change to the Item struct (shared memory) in Rev 1625, I would first make sure you are executing cleanipc before launching world (cleanipc is built in the utils directory).

If that doesn't make any difference, try a make clean, before make, to ensure everything gets rebuilt from scratch.

Last thing would be to try a reboot before launching the new version, but that shouldn't be necessary.

cubber 08-27-2010 06:49 PM
1624 works.

I always run cleanipc after every server shutdown.

Did not try the reboot will try the new sources after a reboot and report back.

cubber 08-27-2010 06:52 PM
Same crash after server reboot, and I always use make clean before I run make.

Backtrace on 1630:

Code:
+ LNAME=zone
+ '[' '' = test ']'
++ pwd
+ P=/opt/eqemu
+ export LD_LIBRARY_PATH=:/opt/eqemu
+ LD_LIBRARY_PATH=:/opt/eqemu
+ mkdir -p logs
+ '[' '!' -e .lock-zones -a '!' -e .lock-world ']'
+ for f in 'logs/eqemu_*.log'
+ '[' 'logs/eqemu_*.log' = logs/eqemu_commands_zone.log ']'
+ rm -f 'logs/eqemu_*.log'
+ '[' '!' -e .lock-world ']'
+ touch .lock-world
+ sleep 15
+ ./persist_world
*** buffer overflow detected ***: ./world terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x50)[0xb727d850]
/lib/libc.so.6(+0xe18aa)[0xb727b8aa]
/lib/libc.so.6(__strcpy_chk+0x44)[0xb727abb4]
./world(_ZN14SharedDatabase11DBLoadItemsEij+0x1bfe)[0x80d730c]
[0x6e657072]
======= Memory map: ========
08048000-081a0000 r-xp 00000000 fd:01 188627    /opt/eqemu/world
081a0000-081a1000 r--p 00157000 fd:01 188627    /opt/eqemu/world
081a1000-081a9000 rw-p 00158000 fd:01 188627    /opt/eqemu/world
081a9000-08615000 rw-p 00000000 00:00 0          [heap]
ab570000-b15d0000 rw-p 00000000 00:00 0
b15d0000-b5962000 rw-s 00000000 00:04 925433859  /SYSV4901e001 (deleted)
b5962000-b5963000 ---p 00000000 00:00 0
b5963000-b6163000 rw-p 00000000 00:00 0
b6163000-b6164000 ---p 00000000 00:00 0
b6164000-b6964000 rw-p 00000000 00:00 0
b6964000-b6965000 ---p 00000000 00:00 0
b6965000-b7165000 rw-p 00000000 00:00 0
b7165000-b716f000 r-xp 00000000 08:03 116735    /lib/libnss_files-2.11.2.so
b716f000-b7170000 r--p 00009000 08:03 116735    /lib/libnss_files-2.11.2.so
b7170000-b7171000 rw-p 0000a000 08:03 116735    /lib/libnss_files-2.11.2.so
b7171000-b7173000 rw-p 00000000 00:00 0
b7173000-b717a000 r-xp 00000000 08:03 116736    /lib/librt-2.11.2.so
b717a000-b717b000 r--p 00006000 08:03 116736    /lib/librt-2.11.2.so
b717b000-b717c000 rw-p 00007000 08:03 116736    /lib/librt-2.11.2.so
b717c000-b7198000 r-xp 00000000 fd:02 395936    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b7198000-b7199000 r--p 0001b000 fd:02 395936    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b7199000-b719a000 rw-p 0001c000 fd:02 395936    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b719a000-b72da000 r-xp 00000000 08:03 116188    /lib/libc-2.11.2.so
b72da000-b72dc000 r--p 0013f000 08:03 116188    /lib/libc-2.11.2.so
b72dc000-b72dd000 rw-p 00141000 08:03 116188    /lib/libc-2.11.2.so
b72dd000-b72e0000 rw-p 00000000 00:00 0
b72e0000-b72e2000 r-xp 00000000 08:03 116820    /lib/libutil-2.11.2.so
b72e2000-b72e3000 r--p 00001000 08:03 116820    /lib/libutil-2.11.2.so
b72e3000-b72e4000 rw-p 00002000 08:03 116820    /lib/libutil-2.11.2.so
b72e4000-b72f9000 r-xp 00000000 08:03 116731    /lib/libpthread-2.11.2.so
b72f9000-b72fa000 r--p 00014000 08:03 116731    /lib/libpthread-2.11.2.so
b72fa000-b72fb000 rw-p 00015000 08:03 116731    /lib/libpthread-2.11.2.so
b72fb000-b72fd000 rw-p 00000000 00:00 0
b72fd000-b73ff000 r-xp 00000000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b73ff000-b7400000 ---p 00102000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b7400000-b7401000 r--p 00102000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b7401000-b7405000 rw-p 00103000 fd:02 330676    /usr/lib/libperl.so.1.5.8
b7405000-b7409000 rw-p 00000000 00:00 0
b7409000-b753f000 r-xp 00000000 fd:02 332166    /usr/lib/libcrypto.so.0.9.8
b753f000-b7547000 r--p 00135000 fd:02 332166    /usr/lib/libcrypto.so.0.9.8
b7547000-b7556000 rw-p 0013d000 fd:02 332166    /usr/lib/libcrypto.so.0.9.8
b7556000-b7559000 rw-p 00000000 00:00 0
b7559000-b759e000 r-xp 00000000 fd:02 327693    /usr/lib/libssl.so.0.9.8
b759e000-b759f000 r--p 00045000 fd:02 327693    /usr/lib/libssl.so.0.9.8
b759f000-b75a2000 rw-p 00046000 fd:02 327693    /usr/lib/libssl.so.0.9.8
b75a2000-b75b5000 r-xp 00000000 08:03 116739    /lib/libnsl-2.11.2.so
b75b5000-b75b6000 r--p 00012000 08:03 116739    /lib/libnsl-2.11.2.so
b75b6000-b75b7000 rw-p 00013000 08:03 116739    /lib/libnsl-2.11.2.so
b75b7000-b75b9000 rw-p 00000000 00:00 0
b75b9000-b75c2000 r-xp 00000000 08:03 116310    /lib/libcrypt-2.11.2.so
b75c2000-b75c3000 r--p 00008000 08:03 116310    /lib/libcrypt-2.11.2.so
b75c3000-b75c4000 rw-p 00009000 08:03 116310    /lib/libcrypt-2.11.2.so
b75c4000-b75eb000 rw-p 00000000 00:00 0
b75eb000-b7708000 r-xp 00000000 fd:02 337895    /usr/lib/mysql/libmysqlclient.so.15.0.0
b7708000-b770a000 r--p 0011c000 fd:02 337895    /usr/lib/mysql/libmysqlclient.so.15.0.0
b770a000-b774b000 rw-p 0011e000 fd:02 337895    /usr/lib/mysql/libmysqlclient.so.15.0.0
b774b000-b774d000 rw-p 00000000 00:00 0
b774d000-b774f000 r-xp 00000000 08:03 116729    /lib/libdl-2.11.2.so
b774f000-b7750000 r--p 00001000 08:03 116729    /lib/libdl-2.11.2.so
b7750000-b7751000 rw-p 00002000 08:03 116729    /lib/libdl-2.11.2.so
b7751000-b7762000 r-xp 00000000 08:03 116286    /lib/libz.so.1.2.3
b7762000-b7763000 ---p 00011000 08:03 116286    /lib/libz.so.1.2.3
b7763000-b7764000 r--p 00011000 08:03 116286    /lib/libz.so.1.2.3
b7764000-b7765000 rw-p 00012000 08:03 116286    /lib/libz.so.1.2.3
b7765000-b7789000 r-xp 00000000 08:03 116728    /lib/libm-2.11.2.so
b7789000-b778a000 r--p 00023000 08:03 116728    /lib/libm-2.11.2.so
b778a000-b778b000 rw-p 00024000 08:03 116728    /lib/libm-2.11.2.so
b778b000-b786f000 r-xp 00000000 fd:02 395920    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b786f000-b7873000 r--p 000e4000 fd:02 395920    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b7873000-b7874000 rw-p 000e8000 fd:02 395920    /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b7874000-b787b000 rw-p 00000000 00:00 0
b7883000-b788d000 r-xp 00000000 fd:01 188628    /opt/eqemu/libEMuShareMem.so
b788d000-b788e000 r--p 00009000 fd:01 188628    /opt/eqemu/libEMuShareMem.so
b788e000-b788f000 rw-p 0000a000 fd:01 188628    /opt/eqemu/libEMuShareMem.so
b788f000-b7893000 rw-p 00000000 00:00 0
b7893000-b7894000 r-xp 00000000 00:00 0          [vdso]
b7894000-b78b0000 r-xp 00000000 08:03 116726    /lib/ld-2.11.2.so
b78b0000-b78b1000 r--p 0001b000 08:03 116726    /lib/ld-2.11.2.so
b78b1000-b78b2000 rw-p 0001c000 08:03 116726    /lib/ld-2.11.2.so
bfa3a000-bfa40000 rw-p 00000000 00:00 0          [stack]
./persist_world: line 14: 12135 Aborted                (core dumped) ./world "$@"
+ '[' '!' -e .lock-launcher ']'
+ touch .lock-launcher
+ ./eqlaunch zone

pfyon 08-27-2010 07:26 PM
Ran into the same issue. The only difference I noticed was the sharedmem size warning when I started (700-some instead of the usual 500-some number).

Derision 08-28-2010 06:09 AM
Try Rev1632.

cubber 08-28-2010 10:09 AM
Rev 1634 works fine, I was able to leave my kernel.shmmax unchanged (noticed it mentioned in the changelog). It has been working fine for me set as:

kernel.shmmax = 134217728


All times are GMT -4. The time now is 03:42 AM.

Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.