[Xastir] Xastir 1.9.8 CRASHING: ***buffer overflow detected***

Curt, WE7U curt.we7u at gmail.com
Wed Feb 10 10:33:11 EST 2010 

On Tue, 9 Feb 2010, Mike L wrote:

> *** buffer overflow detected ***: /usr/local/bin/xastir terminated

> /usr/local/bin/xastir(storeStationSimplePointToGisDbMysql+0x713)[0x809c6d3]
> /usr/local/bin/xastir(data_add+0x17f4)[0x808f5a4]
> /usr/local/bin/xastir(decode_info_field+0xfe2)[0x8096692]
> /usr/local/bin/xastir(decode_ax25_line+0x200)[0x8097340]


> (gdb) where

> #8  0x0809c6d3 in snprintf (aDbConnection=0x842a3d8,
> aStation=0x8438c38) at /usr/include/bits/stdio2.h:65
> #9  storeStationSimplePointToGisDbMysql (aDbConnection=0x842a3d8,
> aStation=0x8438c38) at db_gis.c:1862
> #10 0x0808f5a4 in data_add (type=1, call_sign=0xbfffea42 "WA4BVW",
>    path=0xbfffe9a1 "APW250,N4VDE-3,KI4WXS-5,KI4WXS-10,K4CCC-10,N4JTH-5,WIDE3*",
>    data=0xbfffef33 "WinAPRS 2.5.0 -SCGVLLANDRUM -250-<530>", from=84
> 'T', port=0, origin=0xbfffea38 "",
>    third_party=0, station_is_mine=0, object_is_mine=0) at db.c:13822
> #11 0x08096692 in decode_info_field (call=0xbfffea42 "WA4BVW",
>    path=0xbfffe9a1 "APW250,N4VDE-3,KI4WXS-5,KI4WXS-10,K4CCC-10,N4JTH-5,WIDE3*",
>    message=0xbfffef1f "=3505.70N/08217.00W-WinAPRS 2.5.0
> -SCGVLLANDRUM -250-<530>", origin=0xbfffea38 "",
>    from=<value optimized out>, port=0, third_party=0,
>    orig_message=0xbfffe640 "=3505.70N/08217.00W-PHG3160/WinAPRS 2.5.0
> -SCGVLLANDRUM -250-<530>") at db.c:17123
> #12 0x08097340 in decode_ax25_line (line=0xbfffeede "WA4BVW", from=84
> 'T', port=0, dbadd=1) at db.c:18722

Above are the important bits.  They show that
storeStationSimplePointToGisDbMysql in db_gis.c:1862 calls snprintf
and things blow up.  GDB sure makes this easy huh?

It's up to the writer of that code to fix it ("chicoreus", AKA Paul
Morris.  Hi Paul!).  Alternately you can come up with a fix yourself
and submit it to Paul for testing and inclusion in CVS.

I don't believe the database stuff was signed off as being complete,
so it's not integrated into our normal configure/make steps yet and
most people don't play with it.

-- 
Curt, WE7U.                         <http://www.eskimo.com/~archer>
    APRS:  Where it's at!                    <http://www.xastir.org>
   Lotto:  A tax on people who are bad at math. - unknown
Windows:  Microsoft's tax on computer illiterates. - WE7U.
The world DOES revolve around me:  I picked the coordinate system!"

More information about the Xastir mailing list