Go Back   EQEmulator Home > EQEmulator Forums > Support > Support::Linux Servers
Reload this Page Buffer Overflow with rev1625 and up

Support::Linux Servers Support forum for Linux EQEMu users.

Reply
 
Thread Tools Display Modes
  #1  
Old 08-27-2010, 03:25 PM
cubber
Discordant
  
Join Date: Apr 2006
Posts: 374
Default Buffer Overflow with rev1625 and up
I was using rev 1616 with no issues the server started fine. This is on gentoo x86 btw. If I upgrade to rev 1630 the latest in svn as of this writing I get the following on server startup.

Code:
+ LNAME=zone
+ '[' '' = test ']'
++ pwd
+ P=/opt/eqemu
+ export LD_LIBRARY_PATH=:/opt/eqemu
+ LD_LIBRARY_PATH=:/opt/eqemu
+ mkdir -p logs
+ '[' '!' -e .lock-zones -a '!' -e .lock-world ']'
+ for f in 'logs/eqemu_*.log'
+ '[' 'logs/eqemu_*.log' = logs/eqemu_commands_zone.log ']'
+ rm -f 'logs/eqemu_*.log'
+ '[' '!' -e .lock-world ']'
+ touch .lock-world
+ sleep 15
+ ./persist_world
*** buffer overflow detected ***: ./world terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x50)[0xb7194850]
/lib/libc.so.6(+0xe18aa)[0xb71928aa]
/lib/libc.so.6(__strcpy_chk+0x44)[0xb7191bb4]
./world(_ZN14SharedDatabase11DBLoadItemsEij+0x1bfe)[0x80d730c]
[0x6e657072]
======= Memory map: ========
08048000-081a0000 r-xp 00000000 fd:01 188627     /opt/eqemu/world
081a0000-081a1000 r--p 00157000 fd:01 188627     /opt/eqemu/world
081a1000-081a9000 rw-p 00158000 fd:01 188627     /opt/eqemu/world
081a9000-08615000 rw-p 00000000 00:00 0          [heap]
ab487000-b14e7000 rw-p 00000000 00:00 0 
b14e7000-b5879000 rw-s 00000000 00:04 248446977  /SYSV4901e001 (deleted)
b5879000-b587a000 ---p 00000000 00:00 0 
b587a000-b607a000 rw-p 00000000 00:00 0 
b607a000-b607b000 ---p 00000000 00:00 0 
b607b000-b687b000 rw-p 00000000 00:00 0 
b687b000-b687c000 ---p 00000000 00:00 0 
b687c000-b707c000 rw-p 00000000 00:00 0 
b707c000-b7086000 r-xp 00000000 08:03 116735     /lib/libnss_files-2.11.2.so
b7086000-b7087000 r--p 00009000 08:03 116735     /lib/libnss_files-2.11.2.so
b7087000-b7088000 rw-p 0000a000 08:03 116735     /lib/libnss_files-2.11.2.so
b7088000-b708a000 rw-p 00000000 00:00 0 
b708a000-b7091000 r-xp 00000000 08:03 116736     /lib/librt-2.11.2.so
b7091000-b7092000 r--p 00006000 08:03 116736     /lib/librt-2.11.2.so
b7092000-b7093000 rw-p 00007000 08:03 116736     /lib/librt-2.11.2.so
b7093000-b70af000 r-xp 00000000 fd:02 395936     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b70af000-b70b0000 r--p 0001b000 fd:02 395936     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b70b0000-b70b1000 rw-p 0001c000 fd:02 395936     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b70b1000-b71f1000 r-xp 00000000 08:03 116188     /lib/libc-2.11.2.so
b71f1000-b71f3000 r--p 0013f000 08:03 116188     /lib/libc-2.11.2.so
b71f3000-b71f4000 rw-p 00141000 08:03 116188     /lib/libc-2.11.2.so
b71f4000-b71f7000 rw-p 00000000 00:00 0 
b71f7000-b71f9000 r-xp 00000000 08:03 116820     /lib/libutil-2.11.2.so
b71f9000-b71fa000 r--p 00001000 08:03 116820     /lib/libutil-2.11.2.so
b71fa000-b71fb000 rw-p 00002000 08:03 116820     /lib/libutil-2.11.2.so
b71fb000-b7210000 r-xp 00000000 08:03 116731     /lib/libpthread-2.11.2.so
b7210000-b7211000 r--p 00014000 08:03 116731     /lib/libpthread-2.11.2.so
b7211000-b7212000 rw-p 00015000 08:03 116731     /lib/libpthread-2.11.2.so
b7212000-b7214000 rw-p 00000000 00:00 0 
b7214000-b7316000 r-xp 00000000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b7316000-b7317000 ---p 00102000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b7317000-b7318000 r--p 00102000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b7318000-b731c000 rw-p 00103000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b731c000-b7320000 rw-p 00000000 00:00 0 
b7320000-b7456000 r-xp 00000000 fd:02 332166     /usr/lib/libcrypto.so.0.9.8
b7456000-b745e000 r--p 00135000 fd:02 332166     /usr/lib/libcrypto.so.0.9.8
b745e000-b746d000 rw-p 0013d000 fd:02 332166     /usr/lib/libcrypto.so.0.9.8
b746d000-b7470000 rw-p 00000000 00:00 0 
b7470000-b74b5000 r-xp 00000000 fd:02 327693     /usr/lib/libssl.so.0.9.8
b74b5000-b74b6000 r--p 00045000 fd:02 327693     /usr/lib/libssl.so.0.9.8
b74b6000-b74b9000 rw-p 00046000 fd:02 327693     /usr/lib/libssl.so.0.9.8
b74b9000-b74cc000 r-xp 00000000 08:03 116739     /lib/libnsl-2.11.2.so
b74cc000-b74cd000 r--p 00012000 08:03 116739     /lib/libnsl-2.11.2.so
b74cd000-b74ce000 rw-p 00013000 08:03 116739     /lib/libnsl-2.11.2.so
b74ce000-b74d0000 rw-p 00000000 00:00 0 
b74d0000-b74d9000 r-xp 00000000 08:03 116310     /lib/libcrypt-2.11.2.so
b74d9000-b74da000 r--p 00008000 08:03 116310     /lib/libcrypt-2.11.2.so
b74da000-b74db000 rw-p 00009000 08:03 116310     /lib/libcrypt-2.11.2.so
b74db000-b7502000 rw-p 00000000 00:00 0 
b7502000-b761f000 r-xp 00000000 fd:02 337895     /usr/lib/mysql/libmysqlclient.so.15.0.0
b761f000-b7621000 r--p 0011c000 fd:02 337895     /usr/lib/mysql/libmysqlclient.so.15.0.0
b7621000-b7662000 rw-p 0011e000 fd:02 337895     /usr/lib/mysql/libmysqlclient.so.15.0.0
b7662000-b7664000 rw-p 00000000 00:00 0 
b7664000-b7666000 r-xp 00000000 08:03 116729     /lib/libdl-2.11.2.so
b7666000-b7667000 r--p 00001000 08:03 116729     /lib/libdl-2.11.2.so
b7667000-b7668000 rw-p 00002000 08:03 116729     /lib/libdl-2.11.2.so
b7668000-b7679000 r-xp 00000000 08:03 116286     /lib/libz.so.1.2.3
b7679000-b767a000 ---p 00011000 08:03 116286     /lib/libz.so.1.2.3
b767a000-b767b000 r--p 00011000 08:03 116286     /lib/libz.so.1.2.3
b767b000-b767c000 rw-p 00012000 08:03 116286     /lib/libz.so.1.2.3
b767c000-b76a0000 r-xp 00000000 08:03 116728     /lib/libm-2.11.2.so
b76a0000-b76a1000 r--p 00023000 08:03 116728     /lib/libm-2.11.2.so
b76a1000-b76a2000 rw-p 00024000 08:03 116728     /lib/libm-2.11.2.so
b76a2000-b7786000 r-xp 00000000 fd:02 395920     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b7786000-b778a000 r--p 000e4000 fd:02 395920     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b778a000-b778b000 rw-p 000e8000 fd:02 395920     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b778b000-b7792000 rw-p 00000000 00:00 0 
b779a000-b77a4000 r-xp 00000000 fd:01 188628     /opt/eqemu/libEMuShareMem.so
b77a4000-b77a5000 r--p 00009000 fd:01 188628     /opt/eqemu/libEMuShareMem.so
b77a5000-b77a6000 rw-p 0000a000 fd:01 188628     /opt/eqemu/libEMuShareMem.so
b77a6000-b77aa000 rw-p 00000000 00:00 0 
b77aa000-b77ab000 r-xp 00000000 00:00 0          [vdso]
b77ab000-b77c7000 r-xp 00000000 08:03 116726     /lib/ld-2.11.2.so
b77c7000-b77c8000 r--p 0001b000 08:03 116726     /lib/ld-2.11.2.so
b77c8000-b77c9000 rw-p 0001c000 08:03 116726     /lib/ld-2.11.2.so
bf89e000-bf8a3000 rw-p 00000000 00:00 0          [stack]
./persist_world: line 14:  2574 Aborted                 (core dumped) ./world "$@"
+ '[' '!' -e .lock-launcher ']'
+ touch .lock-launcher
+ ./eqlaunch zone
I downgraded to rev 1625 and had the same issue, actually the trace above is from rev 1625.

Reverting back to my 1616 build works fine again.

Any ideas how I can fix this and update?
Reply With Quote
  #2  
Old 08-27-2010, 04:00 PM
joligario's Avatar
joligario
Developer
  
Join Date: Mar 2003
Posts: 1,497
Default
Did you try r1624?
Reply With Quote
  #3  
Old 08-27-2010, 04:10 PM
Derision
Developer
  
Join Date: Feb 2004
Location: UK
Posts: 1,540
Default
As there was a change to the Item struct (shared memory) in Rev 1625, I would first make sure you are executing cleanipc before launching world (cleanipc is built in the utils directory).

If that doesn't make any difference, try a make clean, before make, to ensure everything gets rebuilt from scratch.

Last thing would be to try a reboot before launching the new version, but that shouldn't be necessary.
Reply With Quote
  #4  
Old 08-27-2010, 06:49 PM
cubber
Discordant
  
Join Date: Apr 2006
Posts: 374
Default
1624 works.

I always run cleanipc after every server shutdown.

Did not try the reboot will try the new sources after a reboot and report back.
Reply With Quote
  #5  
Old 08-27-2010, 06:52 PM
cubber
Discordant
  
Join Date: Apr 2006
Posts: 374
Default
Same crash after server reboot, and I always use make clean before I run make.

Backtrace on 1630:

Code:
+ LNAME=zone
+ '[' '' = test ']'
++ pwd
+ P=/opt/eqemu
+ export LD_LIBRARY_PATH=:/opt/eqemu
+ LD_LIBRARY_PATH=:/opt/eqemu
+ mkdir -p logs
+ '[' '!' -e .lock-zones -a '!' -e .lock-world ']'
+ for f in 'logs/eqemu_*.log'
+ '[' 'logs/eqemu_*.log' = logs/eqemu_commands_zone.log ']'
+ rm -f 'logs/eqemu_*.log'
+ '[' '!' -e .lock-world ']'
+ touch .lock-world
+ sleep 15
+ ./persist_world
*** buffer overflow detected ***: ./world terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x50)[0xb727d850]
/lib/libc.so.6(+0xe18aa)[0xb727b8aa]
/lib/libc.so.6(__strcpy_chk+0x44)[0xb727abb4]
./world(_ZN14SharedDatabase11DBLoadItemsEij+0x1bfe)[0x80d730c]
[0x6e657072]
======= Memory map: ========
08048000-081a0000 r-xp 00000000 fd:01 188627     /opt/eqemu/world
081a0000-081a1000 r--p 00157000 fd:01 188627     /opt/eqemu/world
081a1000-081a9000 rw-p 00158000 fd:01 188627     /opt/eqemu/world
081a9000-08615000 rw-p 00000000 00:00 0          [heap]
ab570000-b15d0000 rw-p 00000000 00:00 0 
b15d0000-b5962000 rw-s 00000000 00:04 925433859  /SYSV4901e001 (deleted)
b5962000-b5963000 ---p 00000000 00:00 0 
b5963000-b6163000 rw-p 00000000 00:00 0 
b6163000-b6164000 ---p 00000000 00:00 0 
b6164000-b6964000 rw-p 00000000 00:00 0 
b6964000-b6965000 ---p 00000000 00:00 0 
b6965000-b7165000 rw-p 00000000 00:00 0 
b7165000-b716f000 r-xp 00000000 08:03 116735     /lib/libnss_files-2.11.2.so
b716f000-b7170000 r--p 00009000 08:03 116735     /lib/libnss_files-2.11.2.so
b7170000-b7171000 rw-p 0000a000 08:03 116735     /lib/libnss_files-2.11.2.so
b7171000-b7173000 rw-p 00000000 00:00 0 
b7173000-b717a000 r-xp 00000000 08:03 116736     /lib/librt-2.11.2.so
b717a000-b717b000 r--p 00006000 08:03 116736     /lib/librt-2.11.2.so
b717b000-b717c000 rw-p 00007000 08:03 116736     /lib/librt-2.11.2.so
b717c000-b7198000 r-xp 00000000 fd:02 395936     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b7198000-b7199000 r--p 0001b000 fd:02 395936     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b7199000-b719a000 rw-p 0001c000 fd:02 395936     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b719a000-b72da000 r-xp 00000000 08:03 116188     /lib/libc-2.11.2.so
b72da000-b72dc000 r--p 0013f000 08:03 116188     /lib/libc-2.11.2.so
b72dc000-b72dd000 rw-p 00141000 08:03 116188     /lib/libc-2.11.2.so
b72dd000-b72e0000 rw-p 00000000 00:00 0 
b72e0000-b72e2000 r-xp 00000000 08:03 116820     /lib/libutil-2.11.2.so
b72e2000-b72e3000 r--p 00001000 08:03 116820     /lib/libutil-2.11.2.so
b72e3000-b72e4000 rw-p 00002000 08:03 116820     /lib/libutil-2.11.2.so
b72e4000-b72f9000 r-xp 00000000 08:03 116731     /lib/libpthread-2.11.2.so
b72f9000-b72fa000 r--p 00014000 08:03 116731     /lib/libpthread-2.11.2.so
b72fa000-b72fb000 rw-p 00015000 08:03 116731     /lib/libpthread-2.11.2.so
b72fb000-b72fd000 rw-p 00000000 00:00 0 
b72fd000-b73ff000 r-xp 00000000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b73ff000-b7400000 ---p 00102000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b7400000-b7401000 r--p 00102000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b7401000-b7405000 rw-p 00103000 fd:02 330676     /usr/lib/libperl.so.1.5.8
b7405000-b7409000 rw-p 00000000 00:00 0 
b7409000-b753f000 r-xp 00000000 fd:02 332166     /usr/lib/libcrypto.so.0.9.8
b753f000-b7547000 r--p 00135000 fd:02 332166     /usr/lib/libcrypto.so.0.9.8
b7547000-b7556000 rw-p 0013d000 fd:02 332166     /usr/lib/libcrypto.so.0.9.8
b7556000-b7559000 rw-p 00000000 00:00 0 
b7559000-b759e000 r-xp 00000000 fd:02 327693     /usr/lib/libssl.so.0.9.8
b759e000-b759f000 r--p 00045000 fd:02 327693     /usr/lib/libssl.so.0.9.8
b759f000-b75a2000 rw-p 00046000 fd:02 327693     /usr/lib/libssl.so.0.9.8
b75a2000-b75b5000 r-xp 00000000 08:03 116739     /lib/libnsl-2.11.2.so
b75b5000-b75b6000 r--p 00012000 08:03 116739     /lib/libnsl-2.11.2.so
b75b6000-b75b7000 rw-p 00013000 08:03 116739     /lib/libnsl-2.11.2.so
b75b7000-b75b9000 rw-p 00000000 00:00 0 
b75b9000-b75c2000 r-xp 00000000 08:03 116310     /lib/libcrypt-2.11.2.so
b75c2000-b75c3000 r--p 00008000 08:03 116310     /lib/libcrypt-2.11.2.so
b75c3000-b75c4000 rw-p 00009000 08:03 116310     /lib/libcrypt-2.11.2.so
b75c4000-b75eb000 rw-p 00000000 00:00 0 
b75eb000-b7708000 r-xp 00000000 fd:02 337895     /usr/lib/mysql/libmysqlclient.so.15.0.0
b7708000-b770a000 r--p 0011c000 fd:02 337895     /usr/lib/mysql/libmysqlclient.so.15.0.0
b770a000-b774b000 rw-p 0011e000 fd:02 337895     /usr/lib/mysql/libmysqlclient.so.15.0.0
b774b000-b774d000 rw-p 00000000 00:00 0 
b774d000-b774f000 r-xp 00000000 08:03 116729     /lib/libdl-2.11.2.so
b774f000-b7750000 r--p 00001000 08:03 116729     /lib/libdl-2.11.2.so
b7750000-b7751000 rw-p 00002000 08:03 116729     /lib/libdl-2.11.2.so
b7751000-b7762000 r-xp 00000000 08:03 116286     /lib/libz.so.1.2.3
b7762000-b7763000 ---p 00011000 08:03 116286     /lib/libz.so.1.2.3
b7763000-b7764000 r--p 00011000 08:03 116286     /lib/libz.so.1.2.3
b7764000-b7765000 rw-p 00012000 08:03 116286     /lib/libz.so.1.2.3
b7765000-b7789000 r-xp 00000000 08:03 116728     /lib/libm-2.11.2.so
b7789000-b778a000 r--p 00023000 08:03 116728     /lib/libm-2.11.2.so
b778a000-b778b000 rw-p 00024000 08:03 116728     /lib/libm-2.11.2.so
b778b000-b786f000 r-xp 00000000 fd:02 395920     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b786f000-b7873000 r--p 000e4000 fd:02 395920     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b7873000-b7874000 rw-p 000e8000 fd:02 395920     /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libstdc++.so.6.0.13
b7874000-b787b000 rw-p 00000000 00:00 0 
b7883000-b788d000 r-xp 00000000 fd:01 188628     /opt/eqemu/libEMuShareMem.so
b788d000-b788e000 r--p 00009000 fd:01 188628     /opt/eqemu/libEMuShareMem.so
b788e000-b788f000 rw-p 0000a000 fd:01 188628     /opt/eqemu/libEMuShareMem.so
b788f000-b7893000 rw-p 00000000 00:00 0 
b7893000-b7894000 r-xp 00000000 00:00 0          [vdso]
b7894000-b78b0000 r-xp 00000000 08:03 116726     /lib/ld-2.11.2.so
b78b0000-b78b1000 r--p 0001b000 08:03 116726     /lib/ld-2.11.2.so
b78b1000-b78b2000 rw-p 0001c000 08:03 116726     /lib/ld-2.11.2.so
bfa3a000-bfa40000 rw-p 00000000 00:00 0          [stack]
./persist_world: line 14: 12135 Aborted                 (core dumped) ./world "$@"
+ '[' '!' -e .lock-launcher ']'
+ touch .lock-launcher
+ ./eqlaunch zone
Reply With Quote
  #6  
Old 08-27-2010, 07:26 PM
pfyon's Avatar
pfyon
Discordant
  
Join Date: Mar 2009
Location: Ottawa
Posts: 495
Default
Ran into the same issue. The only difference I noticed was the sharedmem size warning when I started (700-some instead of the usual 500-some number).
Reply With Quote
  #7  
Old 08-28-2010, 06:09 AM
Derision
Developer
  
Join Date: Feb 2004
Location: UK
Posts: 1,540
Default
Try Rev1632.
Reply With Quote
  #8  
Old 08-28-2010, 10:09 AM
cubber
Discordant
  
Join Date: Apr 2006
Posts: 374
Default
Rev 1634 works fine, I was able to leave my kernel.shmmax unchanged (noticed it mentioned in the changelog). It has been working fine for me set as:

kernel.shmmax = 134217728
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 03:03 PM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3