[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #45062] Enabling CACHE_IDS causes segfaults
From: |
James Youngman |
Subject: |
[bug #45062] Enabling CACHE_IDS causes segfaults |
Date: |
Sat, 09 May 2015 22:03:59 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36 |
URL:
<http://savannah.gnu.org/bugs/?45062>
Summary: Enabling CACHE_IDS causes segfaults
Project: findutils
Submitted by: jay
Submitted on: Sat 09 May 2015 22:03:56 GMT
Category: find
Severity: 5 - Blocker
Item Group: Wrong result
Status: In Progress
Privacy: Public
Assigned to: jay
Originator Name: Tobias Stoeckmann
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Release: 4.1.7
Fixed Release: None
_______________________________________________________
Details:
Hi,
if id caching is activated during compilation, findutils is prone to two
segmentation faults. First, it fails to validate a range check in file
find/parser.c line 1750. If the group in /etc/groups has a gid that is
close to 2^32, the variable overflows in xmalloc and reserves not enough
memory, which will then be overridden with ones.
The other one happens when find encounters a group id that is higher
than the highest one in /etc/group. It uses the gid of the file as index
without validating ranges.
I would recommend to just remove the --enable-id-cache/CACHE_IDS code.
It has to be activated and I didn't encounter a Linux distribution that
activated it so far.
This shows how to reproduce the segfault pathes with group ids. The
same is true for user ids:
$ ./configure --enable-id-cache && make
$ ./find/find --version
find (GNU findutils) 4.5.15-git
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Eric B. Decker, James Youngman, and Kevin Dalley.
Features enabled: CACHE_IDS D_TYPE O_NOFOLLOW(enabled) LEAF_OPTIMISATION
FTS(FTS_CWDFD) CBO(level=2)
$ sudo groupadd -g 4294965248 crash
$ ./find/find -nogroup
Segmentation fault
$ sudo groupdel crash
$ touch myfile
$ sudo chgrp 2000000 myfile
$ ./find/find -nogroup
Segmentation fault
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?45062>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #45062] Enabling CACHE_IDS causes segfaults,
James Youngman <=