emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#25023: closed (Bug PR utility with -S option)

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#25023: closed (Bug PR utility with -S option)
Date: Fri, 25 Nov 2016 14:11:01 +0000 
Your message dated Fri, 25 Nov 2016 14:10:21 +0000
with message-id <address@hidden>
and subject line Re: bug#25023: Bug PR utility with -S option
has caused the debbugs.gnu.org bug report #25023,
regarding Bug PR utility with -S option
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
25023: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=25023
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: Bug PR utility with -S option Date: Fri, 25 Nov 2016 10:36:47 +0800 
Dear all,

The following input to PR does not crash the program but ASAN reports a buffer 
overflow.
The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham.

$ echo a > a
$ pr "-S$(printf "\t\t\t")" a -m a > /dev/null

=================================================================
==102438==ERROR: AddressSanitizer: global-buffer-overflow on address 
0x00000041b622 at pc 0x00000040506b bp 0x7ffc95917160 sp 0x7ffc95917158
READ of size 1 at 0x00000041b622 thread T0
    #0 0x40506a in print_sep_string ../src/pr.c:2241
    #1 0x407ec4 in read_line ../src/pr.c:2493
    #2 0x40985c in print_page ../src/pr.c:1802
    #3 0x40985c in print_files ../src/pr.c:1618
    #4 0x4036e0 in main ../src/pr.c:1136
    #5 0x7ff29fa67f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #6 0x404209  
(/home/ubuntu/subjects/coreutils_fixed/obj-asan/src/pr+0x404209)

0x00000041b622 is located 62 bytes to the left of global variable '*.LC12' 
defined in '../src/pr.c' (0x41b660) of size 4
  '*.LC12' is ascii string '%*d'
0x00000041b622 is located 0 bytes to the right of global variable '*.LC11' 
defined in '../src/pr.c' (0x41b620) of size 2
  '*.LC11' is ascii string ' '
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pr.c:2241 in 
print_sep_string

Best regards,
- Marcel

--- End Message ---
--- Begin Message --- Subject: Re: bug#25023: Bug PR utility with -S option Date: Fri, 25 Nov 2016 14:10:21 +0000 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 
On 25/11/16 02:36, Marcel Böhme wrote:
> Dear all,
> 
> The following input to PR does not crash the program but ASAN reports a 
> buffer overflow.
> The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham.
> 
> $ echo a > a
> $ pr "-S$(printf "\t\t\t")" a -m a > /dev/null
> 
> =================================================================
> ==102438==ERROR: AddressSanitizer: global-buffer-overflow on address 
> 0x00000041b622 at pc 0x00000040506b bp 0x7ffc95917160 sp 0x7ffc95917158
> READ of size 1 at 0x00000041b622 thread T0
>     #0 0x40506a in print_sep_string ../src/pr.c:2241
>     #1 0x407ec4 in read_line ../src/pr.c:2493
>     #2 0x40985c in print_page ../src/pr.c:1802
>     #3 0x40985c in print_files ../src/pr.c:1618
>     #4 0x4036e0 in main ../src/pr.c:1136
>     #5 0x7ff29fa67f44 in __libc_start_main 
> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #6 0x404209  
> (/home/ubuntu/subjects/coreutils_fixed/obj-asan/src/pr+0x404209)
> 
> 0x00000041b622 is located 62 bytes to the left of global variable '*.LC12' 
> defined in '../src/pr.c' (0x41b660) of size 4
>   '*.LC12' is ascii string '%*d'
> 0x00000041b622 is located 0 bytes to the right of global variable '*.LC11' 
> defined in '../src/pr.c' (0x41b620) of size 2
>   '*.LC11' is ascii string ' '
> SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pr.c:2241 in 
> print_sep_string

Fixed in that attached.

thanks!

Attachment: pr-S-error.patch
Description: Text Data


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]