Bug #1651: TBX: 0.7.8alpha: cqplib buffer overflow with long registry path parameter - Plateforme TXM - Forge du Centre Blaise Pascal

Bug #1651

TBX: 0.7.8alpha: cqplib buffer overflow with long registry path parameter

Ajouté par Matthieu Decorde il y a plus de 9 ans. Mis à jour il y a plus d'un an.

Statut:

Closed

Début:

04/02/2016

Priorité:

Normal

Echéance:

Assigné à:

% réalisé:

100%

Catégorie:

SearchEngine

Temps passé:

Version cible:

TXM 0.7.8

Description

Java_org_txm_searchengine_cqp_MemCqiServer_start: start
INIT CQILIB: 
 PARAM: /usr/lib/TXM/cwb/bin/cqpserver 
 PARAM: -I 
 PARAM: /usr/lib/TXM/cwb/cqpserver.init 
 PARAM: -r 
 PARAM: ... very long parameter ...
 PARAM: -b 
 PARAM: 1000000 
 PARAM: -d 
 PARAM: OFF 
 PARAM: -P 
 PARAM: 4877 
Parse options for app mode 3 
*** buffer overflow detected ***: /usr/lib/jvm/java-7-openjdk-amd64/bin/java terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7f58e974b38f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f58e97e2c9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7f58e97e1b60]
/usr/lib/TXM/cwb/bin/libcqpjni.so(+0x298c5)[0x7f58b64888c5]
/usr/lib/TXM/cwb/bin/libcqpjni.so(check_available_corpora+0x38)[0x7f58b6488a48]
/usr/lib/TXM/cwb/bin/libcqpjni.so(initialize_cqp+0x16b)[0x7f58b647c3eb]
/usr/lib/TXM/cwb/bin/libcqpjni.so(Java_org_txm_searchengine_cqp_MemCqiServer_start+0x14c)[0x7f58b64a961c]
[0x7f58dd012d98]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:11 1212219                            /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
00600000-00601000 r--p 00000000 08:11 1212219                            /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
00601000-00602000 rw-p 00001000 08:11 1212219                            /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
00a18000-00a39000 rw-p 00000000 00:00 0                                  [heap]

happen after I imported a "P1719" corpus, if I empty TXM corpora and let only the "P1719" corpus. There is no buffer overflow.

Solution 1¶

it seems that the bug is provoked when the registry path argument is too long or when there is too much loaded corpus.

Find the buffer that fails and change its size.

Validation tests¶

SJ: need more precisions about the validation tests but OK here (Win 7 x64) with this long param command line: Starting NullSearchEngineServer: [C:\Tools\Textometrie\TXM\TXM_0.7.8_64bit\TXM\plugins\CWBInstaller_1.0.0.201604041021\res\win64\cqpserver.exe, -I, C:\Tools\Textometrie\TXM\TXM_0.7.8_64bit\TXM\plugins\CWBInstaller_1.0.0.201604041021\res\cqpserver.init, -r, C:\Users\s\TXM\corpora\graal\registry;C:\Users\s\TXM\corpora\VOEUX\registry;C:\Users\s\TXM\corpora\ANNOTATION\registry;C:\Users\s\TXM\corpora\brown\registry;C:\Users\s\TXM\corpora\CORPUSESTOUT\registry;C:\Users\s\TXM\corpora\discours-back\registry;C:\Users\s\TXM\corpora\EDITONODD\registry;C:\Users\s\TXM\corpora\LIVRETOPERA\registry;C:\Users\s\TXM\corpora\LIVRETSOPERA\registry;C:\Users\s\TXM\corpora\LIVRETSOPERAORIGINAL\registry;C:\Users\s\TXM\corpora\OPERANORMAL\registry;C:\Users\s\TXM\corpora\OPERATESTS\registry;C:\Users\s\TXM\corpora\PARTHA\registry;C:\Users\s\TXM\corpora\PERFS1\registry;C:\Users\s\TXM\corpora\PERFS3\registry;C:\Users\s\TXM\corpora\PERFS4\registry;C:\Users\s\TXM\corpora\PERFS5\registry;C:\Users\s\TXM\corpora\PERFS50\registry;C:\Users\s\TXM\corpora\PERFS6\registry;C:\Users\s\TXM\corpora\PERFS7\registry;C:\Users\s\TXM\corpora\PERFS8\registry;C:\Users\s\TXM\corpora\pressepapier4\registry;C:\Users\s\TXM\corpora\rcorpora\registry;C:\Users\s\TXM\corpora\TESTBUGIMPORTCHINOIS14\registry;C:\Users\s\TXM\corpora\TESTBUGIMPORTCHINOIS16\registry;C:\Users\s\TXM\corpora\TESTBUGIMPORTCHINOIS4_temp\registry;C:\Users\s\TXM\corpora\TESTVI\registry;C:\Users\s\TXM\corpora\TESTVI2\registry, -b, 1000000, -d, OFF, -P, 4877]