Created
June 1, 2012 15:50
-
-
Save ubergeek42/2853099 to your computer and use it in GitHub Desktop.
Domjudge buffer overflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Compiling failed with exitcode 134, compiler output: | |
/opt/judgehost/bin/runguard: verbose: watchdog using user ID `999' | |
/opt/judgehost/bin/runguard: verbose: using timelimit of 30.000 seconds | |
/opt/judgehost/bin/runguard: verbose: setting filesize limit to 67108864 bytes | |
/opt/judgehost/bin/runguard: verbose: disabling core dumps | |
/opt/judgehost/bin/runguard: verbose: reset user ID to `999' for command | |
boolfind-test-correct.c: In function 'main': | |
boolfind-test-correct.c:23:7: warning: ignoring return value of 'scanf', declared with attribute warn_unused_result [-Wunused-result] | |
boolfind-test-correct.c:27:8: warning: ignoring return value of 'scanf', declared with attribute warn_unused_result [-Wunused-result] | |
boolfind-test-correct.c:35:9: warning: ignoring return value of 'scanf', declared with attribute warn_unused_result [-Wunused-result] | |
*** buffer overflow detected ***: /opt/judgehost/bin/runguard terminated | |
======= Backtrace: ========= | |
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7faf9e84b007] | |
/lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7faf9e849f00] | |
/lib/x86_64-linux-gnu/libc.so.6(+0x108fbe)[0x7faf9e84afbe] | |
/opt/judgehost/bin/runguard(main+0x9fe)[0x7faf9ed26ede] | |
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7faf9e76376d] | |
/opt/judgehost/bin/runguard(+0x3539)[0x7faf9ed27539] | |
======= Memory map: ======== | |
7faf9e52c000-7faf9e541000 r-xp 00000000 08:01 262209 /lib/x86_64-linux-gnu/libgcc_s.so.1 | |
7faf9e541000-7faf9e740000 ---p 00015000 08:01 262209 /lib/x86_64-linux-gnu/libgcc_s.so.1 | |
7faf9e740000-7faf9e741000 r--p 00014000 08:01 262209 /lib/x86_64-linux-gnu/libgcc_s.so.1 | |
7faf9e741000-7faf9e742000 rw-p 00015000 08:01 262209 /lib/x86_64-linux-gnu/libgcc_s.so.1 | |
7faf9e742000-7faf9e8f5000 r-xp 00000000 08:01 262214 /lib/x86_64-linux-gnu/libc-2.15.so | |
7faf9e8f5000-7faf9eaf4000 ---p 001b3000 08:01 262214 /lib/x86_64-linux-gnu/libc-2.15.so | |
7faf9eaf4000-7faf9eaf8000 r--p 001b2000 08:01 262214 /lib/x86_64-linux-gnu/libc-2.15.so | |
7faf9eaf8000-7faf9eafa000 rw-p 001b6000 08:01 262214 /lib/x86_64-linux-gnu/libc-2.15.so | |
7faf9eafa000-7faf9eaff000 rw-p 00000000 00:00 0 | |
7faf9eaff000-7faf9eb21000 r-xp 00000000 08:01 262216 /lib/x86_64-linux-gnu/ld-2.15.so | |
7faf9ed12000-7faf9ed15000 rw-p 00000000 00:00 0 | |
7faf9ed1e000-7faf9ed21000 rw-p 00000000 00:00 0 | |
7faf9ed21000-7faf9ed22000 r--p 00022000 08:01 262216 /lib/x86_64-linux-gnu/ld-2.15.so | |
7faf9ed22000-7faf9ed24000 rw-p 00023000 08:01 262216 /lib/x86_64-linux-gnu/ld-2.15.so | |
7faf9ed24000-7faf9ed2a000 r-xp 00000000 08:01 19851 /opt/judgehost/bin/runguard | |
7faf9ef2a000-7faf9ef2b000 r--p 00006000 08:01 19851 /opt/judgehost/bin/runguard | |
7faf9ef2b000-7faf9ef2c000 rw-p 00007000 08:01 19851 /opt/judgehost/bin/runguard | |
7faf9ef2c000-7faf9ef2d000 rw-p 00000000 00:00 0 | |
7faf9f5c0000-7faf9f5e1000 rw-p 00000000 00:00 0 [heap] | |
7fffa698b000-7fffa69ac000 rw-p 00000000 00:00 0 [stack] | |
7fffa69ff000-7fffa6a00000 r-xp 00000000 00:00 0 [vdso] | |
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] | |
Aborted (core dumped) | |
From running gdb: | |
(gdb) bt | |
#0 0x00007ffff7a53445 in raise () from /lib/x86_64-linux-gnu/libc.so.6 | |
#1 0x00007ffff7a56bab in abort () from /lib/x86_64-linux-gnu/libc.so.6 | |
#2 0x00007ffff7a90e2e in ?? () from /lib/x86_64-linux-gnu/libc.so.6 | |
#3 0x00007ffff7b26007 in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6 | |
#4 0x00007ffff7b24f00 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6 | |
#5 0x00007ffff7b25fbe in __fdelt_warn () from /lib/x86_64-linux-gnu/libc.so.6 | |
#6 0x0000555555556ede in main (argc=<optimized out>, argv=<optimized out>) at runguard.c:790 | |
(gdb) list 790 | |
785 if ( pid==child_pid ) break; | |
786 } | |
787 | |
788 /* Check to see if data is available and pass it on */ | |
789 for(i=1; i<=2; i++) { | |
790 if ( FD_ISSET(child_pipefd[i][PIPE_OUT],&readfds) ) { | |
791 nread = read(child_pipefd[i][PIPE_OUT], buf, BUF_SIZE); | |
792 if ( nread==-1 ) error(errno,"reading child fd %d",i); | |
793 if ( nread==0 ) { | |
794 /* EOF detected: close fd and indicate this with -1 */ | |
(gdb) print readfds | |
$5 = {fds_bits = {512, 0 <repeats 15 times>}} | |
(gdb) print child_pipefd | |
$6 = {{0, 0}, {-1, 8}, {9, 10}} | |
(gdb) print i | |
$7 = <optimized out> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment