Issue 33: recollindex buffer overflow

recollindex from "Recoll 1.13.01 + Xapian 1.0.18" on Ubuntu 10.04 crashes while indexing a smb share

Hello, and thanks for reporting this. I tried to reproduce it, and it seems I can’t.

Is there any possibility that you could at least re-run the indexing with loglevel set to 6 (loglevel = 6 in $HOME/.recoll/recoll.conf), or even better forward the relevant zipfile to me if it’s non confidential (email me at jf at recoll org) ?

Regards, jf

Hi thanks for looking into this! below is the log with loglevel=6 which file is causing the problem? the one above the crashdump? this is not a zip file but a real media file (.rm) which in fact is just a txt file with two url’s in it. moved it out of the way, now recollindex seems to run further (still running). I guess you could close this bug. I will email you the offending file anyhow, just in case. thanks again. :5:../rcldb/rcldb.cpp:916:Db::add: no prefix for field [md5], no indexing buffer overflow detected *: recollindex terminated ======= Backtrace: ========= /lib/libc.so.6(fortify_fail+0x37)[0x7f1907097217] /lib/libc.so.6(+0xfe0d0)[0x7f19070960d0] /lib/libc.so.6(+0xfd539)[0x7f1907095539] /lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f190700dd1c] /lib/libc.so.6(_IO_vfprintf+0xf3e)[0x7f1906fde2de] /lib/libc.so.6(vsprintf_chk+0x99)[0x7f19070955d9] /lib/libc.so.6(__sprintf_chk+0x7f)[0x7f190709551f] recollindex[0x42bd49] recollindex[0x457ac6] recollindex[0x44512d] recollindex[0x4450a1] ======= Memory map: ======== 00400000-004b6000 r-xp 00000000 07:00 135023 /usr/bin/recollindex 006b5000-006b6000 r—p 000b5000 07:00 135023 /usr/bin/recollindex 006b6000-006c4000 rw-p 000b6000 07:00 135023 /usr/bin/recollindex 006c4000-006c6000 rw-p 00000000 00:00 0 01453000-0320d000 rw-p 00000000 00:00 0 [heap] 7f1905f33000-7f1905f36000 r-xp 00000000 07:00 135297 /usr/lib/gconv/UTF-16.so 7f1905f36000-7f1906135000 ---p 00003000 07:00 135297 /usr/lib/gconv/UTF-16.so 7f1906135000-7f1906136000 r—p 00002000 07:00 135297 /usr/lib/gconv/UTF-16.so 7f1906136000-7f1906137000 rw-p 00003000 07:00 135297 /usr/lib/gconv/UTF-16.so 7f1906137000-7f1906143000 r-xp 00000000 07:00 1310610 /lib/libnss_files-2.11.1.so 7f1906143000-7f1906342000 ---p 0000c000 07:00 1310610 /lib/libnss_files-2.11.1.so 7f1906342000-7f1906343000 r—p 0000b000 07:00 1310610 /lib/libnss_files-2.11.1.so 7f1906343000-7f1906344000 rw-p 0000c000 07:00 1310610 /lib/libnss_files-2.11.1.so 7f1906344000-7f190634e000 r-xp 00000000 07:00 1310599 /lib/libnss_nis-2.11.1.so 7f190634e000-7f190654d000 ---p 0000a000 07:00 1310599 /lib/libnss_nis-2.11.1.so 7f190654d000-7f190654e000 r—p 00009000 07:00 1310599 /lib/libnss_nis-2.11.1.so 7f190654e000-7f190654f000 rw-p 0000a000 07:00 1310599 /lib/libnss_nis-2.11.1.so 7f190654f000-7f1906566000 r-xp 00000000 07:00 1310588 /lib/libnsl-2.11.1.so 7f1906566000-7f1906765000 ---p 00017000 07:00 1310588 /lib/libnsl-2.11.1.so 7f1906765000-7f1906766000 r—p 00016000 07:00 1310588 /lib/libnsl-2.11.1.so 7f1906766000-7f1906767000 rw-p 00017000 07:00 1310588 /lib/libnsl-2.11.1.so 7f1906767000-7f1906769000 rw-p 00000000 00:00 0 7f1906769000-7f1906771000 r-xp 00000000 07:00 1310597 /lib/libnss_compat-2.11.1.so 7f1906771000-7f1906970000 ---p 00008000 07:00 1310597 /lib/libnss_compat-2.11.1.so 7f1906970000-7f1906971000 r—p 00007000 07:00 1310597 /lib/libnss_compat-2.11.1.so 7f1906971000-7f1906972000 rw-p 00008000 07:00 1310597 /lib/libnss_compat-2.11.1.so 7f1906972000-7f1906977000 r-xp 00000000 07:00 135973 /usr/lib/libXdmcp.so.6.0.0 7f1906977000-7f1906b76000 ---p 00005000 07:00 135973 /usr/lib/libXdmcp.so.6.0.0 7f1906b76000-7f1906b77000 r—p 00004000 07:00 135973 /usr/lib/libXdmcp.so.6.0.0 7f1906b77000-7f1906b78000 rw-p 00005000 07:00 135973 /usr/lib/libXdmcp.so.6.0.0 7f1906b78000-7f1906b7a000 r-xp 00000000 07:00 135962 /usr/lib/libXau.so.6.0.0 7f1906b7a000-7f1906d7a000 ---p 00002000 07:00 135962 /usr/lib/libXau.so.6.0.0 7f1906d7a000-7f1906d7b000 r—p 00002000 07:00 135962 /usr/lib/libXau.so.6.0.0 7f1906d7b000-7f1906d7c000 rw-p 00003000 07:00 135962 /usr/lib/libXau.so.6.0.0 7f1906d7c000-7f1906d97000 r-xp 00000000 07:00 136968 /usr/lib/libxcb.so.1.1.0 7f1906d97000-7f1906f96000 ---p 0001b000 07:00 136968 /usr/lib/libxcb.so.1.1.0 7f1906f96000-7f1906f97000 r—p 0001a000 07:00 136968 /usr/lib/libxcb.so.1.1.0 7f1906f97000-7f1906f98000 rw-p 0001b000 07:00 136968 /usr/lib/libxcb.so.1.1.0 7f1906f98000-7f1907112000 r-xp 00000000 07:00 1310606 /lib/libc-2.11.1.so 7f1907112000-7f1907311000 ---p 0017a000 07:00 1310606 /lib/libc-2.11.1.so 7f1907311000-7f1907315000 r—p 00179000 07:00 1310606 /lib/libc-2.11.1.so 7f1907315000-7f1907316000 rw-p 0017d000 07:00 1310606 /lib/libc-2.11.1.so 7f1907316000-7f190731b000 rw-p 00000000 00:00 0 7f190731b000-7f1907331000 r-xp 00000000 07:00 1308240 /lib/libgcc_s.so.1 7f1907331000-7f1907530000 ---p 00016000 07:00 1308240 /lib/libgcc_s.so.1 7f1907530000-7f1907531000 r—p 00015000 07:00 1308240 /lib/libgcc_s.so.1 7f1907531000-7f1907532000 rw-p 00016000 07:00 1308240 /lib/libgcc_s.so.1 7f1907532000-7f19075b4000 r-xp 00000000 07:00 1309202 /lib/libm-2.11.1.so 7f19075b4000-7f19077b3000 ---p 00082000 07:00 1309202 /lib/libm-2.11.1.so 7f19077b3000-7f19077b4000 r—p 00081000 07:00 1309202 /lib/libm-2.11.1.so 7f19077b4000-7f19077b5000 rw-p 00082000 07:00 1309202 /lib/libm-2.11.1.so 7f19077b5000-7f19078ab000 r-xp 00000000 07:00 136867 /usr/lib/libstdc.so.6.0.13 7f19078ab000-7f1907aab000 ---p 000f6000 07:00 136867 /usr/lib/libstdc.so.6.0.13 7f1907aab000-7f1907ab2000 r—p 000f6000 07:00 136867 /usr/lib/libstdc.so.6.0.13 7f1907ab2000-7f1907ab4000 rw-p 000fd000 07:00 136867 /usr/lib/libstdc.so.6.0.13 7f1907ab4000-7f1907ac9000 rw-p 00000000 00:00 0 7f1907ac9000-7f1907acb000 r-xp 00000000 07:00 1310611 /lib/libdl-2.11.1.so 7f1907acb000-7f1907ccb000 ---p 00002000 07:00 1310611 /lib/libdl-2.11.1.so 7f1907ccb000-7f1907ccc000 r—p 00002000 07:00 1310611 /lib/libdl-2.11.1.so 7f1907ccc000-7f1907ccd000 rw-p 00003000 07:00 1310611 /lib/libdl-2.11.1.soRCLMFILT:Aborted rclzip : : EOF on input

Checked all the sprintf calls in recoll, only found very marginal possibilities of errors ("impossible" values in int64 fields), suppressed most calls and made sure the rest would behave. Not fully sure this is fixed as it could not be reproduced, but closing anyway as nothing useful can be further done for now.