emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#28860: closed (Segmentation fault with out-of-boun

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#28860: closed (Segmentation fault with out-of-bound read in 'b2sum')
Date: Mon, 16 Oct 2017 08:09:01 +0000 
Your message dated Mon, 16 Oct 2017 01:08:05 -0700
with message-id <address@hidden>
and subject line Re: bug#28860: Segmentation fault with out-of-bound read in 
'b2sum'
has caused the debbugs.gnu.org bug report #28860,
regarding Segmentation fault with out-of-bound read in 'b2sum'
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
28860: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=28860
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: Segmentation fault with out-of-bound read in 'b2sum' Date: Mon, 16 Oct 2017 10:04:20 +0900 
Dear GNU team,

While testing coreutils for a research purpose, we found the following
segfault in 'b2sum'. Running b2sum with --check option, and simply
providing a string "BLAKE2" with no trailing character raises the
crash as below.

address@hidden:~$ tar -xf coreutils-8.28.tar.xz
address@hidden:~$ cd coreutils-8.28/
address@hidden:~/coreutils-8.28$ mkdir obj
address@hidden:~/coreutils-8.28$ cd obj
address@hidden:~/coreutils-8.28/obj$ ../configure --disable-nls && make
...
address@hidden:~/coreutils-8.28/obj$ gdb ./src/b2sum -q
Reading symbols from ./src/b2sum...done.
(gdb) run --check <<< BLAKE2
Starting program: /home/jason/coreutils-8.28/obj/src/b2sum --check <<< BLAKE2

Program received signal SIGSEGV, Segmentation fault.
split_3 (file_name=<synthetic pointer>, binary=<synthetic pointer>,
hex_digest=<synthetic pointer>, s_len=<optimized out>, s=0x60dfe0
"BLAKE2") at ../src/md5sum.c:433
433           while (! ISWHITE (s[i]) && s[i] != '-' && s[i] != '(')
(gdb) x/i $rip
=> 0x401d0e <main+1262>:        movzbl (%r12,%rbx,1),%ebp
(gdb) info reg r12 rbx
r12            0x60dfe0 6348768
rbx            0x20020  131104
(gdb)

We could reproduce the bug in coreutils from version 8.26 to 8.28.
Also, the bug was reproducible in both Ubuntu 16.04 and Debian 9.1,
but the b2sum program pre-built in Debian 9.1 did not crash with this
input. We assume it is due to a difference in the configuration before
build.

Please let us know if you have a problem in reproducing the bug.

Thank you.

Sincerely,
Jaeseung

--- End Message ---
--- Begin Message --- Subject: Re: bug#28860: Segmentation fault with out-of-bound read in 'b2sum' Date: Mon, 16 Oct 2017 01:08:05 -0700 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 
On 15/10/17 18:04, Jaeseung Choi wrote:
> Dear GNU team,
> 
> While testing coreutils for a research purpose, we found the following
> segfault in 'b2sum'. Running b2sum with --check option, and simply
> providing a string "BLAKE2" with no trailing character raises the
> crash as below.

Wow thanks! Were you fuzzing the inputs?
Can you give more details on your testing?

The attached should fix this case.

thanks!
Pádraig

Attachment: b2sum-crash.patch
Description: Text Data


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]