GNU bug report logs -
#25023
Bug PR utility with -S option
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 25023 in the body.
You can then email your comments to 25023 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org
:
bug#25023
; Package
coreutils
.
(Fri, 25 Nov 2016 02:38:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marcel Böhme <boehme.marcel <at> gmail.com>
:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org
.
(Fri, 25 Nov 2016 02:38:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Dear all,
The following input to PR does not crash the program but ASAN reports a buffer overflow.
The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham.
$ echo a > a
$ pr "-S$(printf "\t\t\t")" a -m a > /dev/null
=================================================================
==102438==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000041b622 at pc 0x00000040506b bp 0x7ffc95917160 sp 0x7ffc95917158
READ of size 1 at 0x00000041b622 thread T0
#0 0x40506a in print_sep_string ../src/pr.c:2241
#1 0x407ec4 in read_line ../src/pr.c:2493
#2 0x40985c in print_page ../src/pr.c:1802
#3 0x40985c in print_files ../src/pr.c:1618
#4 0x4036e0 in main ../src/pr.c:1136
#5 0x7ff29fa67f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#6 0x404209 (/home/ubuntu/subjects/coreutils_fixed/obj-asan/src/pr+0x404209)
0x00000041b622 is located 62 bytes to the left of global variable '*.LC12' defined in '../src/pr.c' (0x41b660) of size 4
'*.LC12' is ascii string '%*d'
0x00000041b622 is located 0 bytes to the right of global variable '*.LC11' defined in '../src/pr.c' (0x41b620) of size 2
'*.LC11' is ascii string ' '
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pr.c:2241 in print_sep_string
Best regards,
- Marcel
Reply sent
to
Pádraig Brady <P <at> draigBrady.com>
:
You have taken responsibility.
(Fri, 25 Nov 2016 14:11:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Marcel Böhme <boehme.marcel <at> gmail.com>
:
bug acknowledged by developer.
(Fri, 25 Nov 2016 14:11:01 GMT)
Full text and
rfc822 format available.
Message #10 received at 25023-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 25/11/16 02:36, Marcel Böhme wrote:
> Dear all,
>
> The following input to PR does not crash the program but ASAN reports a buffer overflow.
> The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham.
>
> $ echo a > a
> $ pr "-S$(printf "\t\t\t")" a -m a > /dev/null
>
> =================================================================
> ==102438==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000041b622 at pc 0x00000040506b bp 0x7ffc95917160 sp 0x7ffc95917158
> READ of size 1 at 0x00000041b622 thread T0
> #0 0x40506a in print_sep_string ../src/pr.c:2241
> #1 0x407ec4 in read_line ../src/pr.c:2493
> #2 0x40985c in print_page ../src/pr.c:1802
> #3 0x40985c in print_files ../src/pr.c:1618
> #4 0x4036e0 in main ../src/pr.c:1136
> #5 0x7ff29fa67f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
> #6 0x404209 (/home/ubuntu/subjects/coreutils_fixed/obj-asan/src/pr+0x404209)
>
> 0x00000041b622 is located 62 bytes to the left of global variable '*.LC12' defined in '../src/pr.c' (0x41b660) of size 4
> '*.LC12' is ascii string '%*d'
> 0x00000041b622 is located 0 bytes to the right of global variable '*.LC11' defined in '../src/pr.c' (0x41b620) of size 2
> '*.LC11' is ascii string ' '
> SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pr.c:2241 in print_sep_string
Fixed in that attached.
thanks!
[pr-S-error.patch (text/x-patch, attachment)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sat, 24 Dec 2016 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 96 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.