GNU bug report logs -
#13627
cut: Commit 06aeeec reintroduced SEG_FAULT
Previous Next
Reported by: "Marcel Böhme" <hawkie <at> web.de>
Date: Mon, 4 Feb 2013 09:24:02 UTC
Severity: normal
Done: Pádraig Brady <P <at> draigBrady.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 13627 in the body.
You can then email your comments to 13627 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#13627; Package
coreutils.
(Mon, 04 Feb 2013 09:24:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
"Marcel Böhme" <hawkie <at> web.de>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Mon, 04 Feb 2013 09:24:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/html, inline)]
Reply sent
to
Pádraig Brady <P <at> draigBrady.com>:
You have taken responsibility.
(Mon, 04 Feb 2013 11:54:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
"Marcel Böhme" <hawkie <at> web.de>:
bug acknowledged by developer.
(Mon, 04 Feb 2013 11:54:01 GMT)
Full text and
rfc822 format available.
Message #10 received at 13627-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 02/04/2013 09:22 AM, Marcel Böhme wrote:
> Dear all,
> The current version of cut (after 6.12.2012) exposes a SEG_FAULT:
> $echo 123 | cut --output-del="." -b-1,999999999-
> How the commit introduces the bug:
> Earlier, memory of length eol_start_length was allocated for the array
> printable_field - if max_range_endpoint < eol_start_length. So the
> access at eol_start_length would succeed.
> Now, even if max_range_endpoint < eol_start_length, as long as
> max_range_endpoint > 0, just like before, memory of length
> max_range_endpoint is allocated for array printable_field which is
> accessed "out-of-bounds" at eol_start_length in line 534.
> Just for historical purposes:
> Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges:
> http://debbugs.gnu.org/7993.
> This bug was fixed in Commit 2e636af1which itself introduces a memory
> leak:
> https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html.
> This bug was fixed in Commit ec48bead which itself re-introduces the
> SEG_FAULT: reported here.
Nice one!
The attached should fix it.
thanks,
Pádraig.
[cut-fix-seg.patch (text/x-patch, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#13627; Package
coreutils.
(Mon, 04 Feb 2013 13:05:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 13627 <at> debbugs.gnu.org (full text, mbox):
On 02/04/2013 12:52 PM, Pádraig Brady wrote:
> On 02/04/2013 09:22 AM, Marcel Böhme wrote:
>> The current version of cut (after 6.12.2012) exposes a SEG_FAULT:
>> $echo 123 | cut --output-del="." -b-1,999999999-
> Nice one!
> The attached should fix it.
Hi Padraig,
thanks.
The fix looks okay, but syntax-check fails:
src/cut.c:534: && ((max_range_endpoint < eol_range_start) || !is_printable_field (eol_range_start)))
tests/misc/cut.pl:196: ['big-unbounded-b2a', '--output-d=:', '-b1,9-', {IN=>'123456789'}, {OUT=>"1:9\n"}],
maint.mk: line(s) with more than 80 characters; reindent
Have a nice day,
Berny
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#13627; Package
coreutils.
(Mon, 04 Feb 2013 13:22:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 13627-done <at> debbugs.gnu.org (full text, mbox):
Dear Pádraig,
For completeness, would it be possible to reference the bug introducing revision (ec48bead) in the commit message?
Otherwise, the commit looks good to me.
Best regards,
Marcel
On 4 Feb, 2013, at 7:52 PM, Pádraig Brady <P <at> draigBrady.com> wrote:
> On 02/04/2013 09:22 AM, Marcel Böhme wrote:
>> Dear all,
>> The current version of cut (after 6.12.2012) exposes a SEG_FAULT:
>> $echo 123 | cut --output-del="." -b-1,999999999-
>> How the commit introduces the bug:
>> Earlier, memory of length eol_start_length was allocated for the array
>> printable_field - if max_range_endpoint < eol_start_length. So the
>> access at eol_start_length would succeed.
>> Now, even if max_range_endpoint < eol_start_length, as long as
>> max_range_endpoint > 0, just like before, memory of length
>> max_range_endpoint is allocated for array printable_field which is
>> accessed "out-of-bounds" at eol_start_length in line 534.
>> Just for historical purposes:
>> Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges:
>> http://debbugs.gnu.org/7993.
>> This bug was fixed in Commit 2e636af1which itself introduces a memory
>> leak:
>> https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html.
>> This bug was fixed in Commit ec48bead which itself re-introduces the
>> SEG_FAULT: reported here.
>
> Nice one!
> The attached should fix it.
>
> thanks,
> Pádraig.
> <cut-fix-seg.patch>
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#13627; Package
coreutils.
(Mon, 04 Feb 2013 14:00:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 13627 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 02/04/2013 01:23 PM, Marcel Boehme wrote:
> Dear Pádraig,
>
> For completeness, would it be possible to reference the bug introducing revision (ec48bead) in the commit message?
>
> Otherwise, the commit looks good to me.
Cool thanks.
Updated patch attached.
[cut-fix-seg.patch (text/x-patch, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#13627; Package
coreutils.
(Mon, 04 Feb 2013 17:15:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 13627 <at> debbugs.gnu.org (full text, mbox):
Pádraig Brady wrote:
> On 02/04/2013 09:22 AM, Marcel Böhme wrote:
>> Dear all,
>> The current version of cut (after 6.12.2012) exposes a SEG_FAULT:
>> $echo 123 | cut --output-del="." -b-1,999999999-
>> How the commit introduces the bug:
>> Earlier, memory of length eol_start_length was allocated for the array
>> printable_field - if max_range_endpoint < eol_start_length. So the
>> access at eol_start_length would succeed.
>> Now, even if max_range_endpoint < eol_start_length, as long as
>> max_range_endpoint > 0, just like before, memory of length
>> max_range_endpoint is allocated for array printable_field which is
>> accessed "out-of-bounds" at eol_start_length in line 534.
>> Just for historical purposes:
>> Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges:
>> http://debbugs.gnu.org/7993.
>> This bug was fixed in Commit 2e636af1which itself introduces a memory
>> leak:
>> https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html.
>> This bug was fixed in Commit ec48bead which itself re-introduces the
>> SEG_FAULT: reported here.
>
> Nice one!
> The attached should fix it.
Nice analysis.
The patch looks fine. Thank you both!
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 05 Mar 2013 12:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 11 years and 48 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.