GNU bug report logs - #21213
Fwd: crash in colcrt util-linux

Previous Next

Package: coreutils;

Reported by: Alaa Mubaied <alaamubaied <at> gmail.com>

Date: Fri, 7 Aug 2015 21:24:02 UTC

Severity: normal

Tags: notabug

Done: Eric Blake <eblake <at> redhat.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 21213 in the body.
You can then email your comments to 21213 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#21213; Package coreutils. (Fri, 07 Aug 2015 21:24:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Alaa Mubaied <alaamubaied <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Fri, 07 Aug 2015 21:24:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Alaa Mubaied <alaamubaied <at> gmail.com>
To: bug-coreutils <at> gnu.org
Subject: Fwd: crash in colcrt util-linux
Date: Fri, 7 Aug 2015 13:41:18 -0700

[Message part 1 (text/plain, inline)]
Hi,

I found a crash in colcrt, (filter nroff output for CRT previewing) . - The
colcrt command is part of the util-linux package and is available from
Linux Kernel Archive
http://man7.org/linux/man-pages/man1/colcrt.1.html
https://www.kernel.org/pub/linux/utils/util-linux/v2.27/

*Details:*

platform: Linux x86/x64
Version: colcrt from util-linux-2.27

colcrt from util-linux-2.27 and below crashed by the use of colcrt command
line. the crash caused in colcrt.

when running colcrt with the following file (attached), it crashes because
i believe when colcrt.c:213 is called in colcrt.c, c returned it will
dereferencing pointer "cp" because "cp = &page[outline][outcol];" at line
205 where "cp" may point to element beyond "page" as buffer overrun. here
is the backtrace from gdb:

-bash-4.2$ gdb /opt/linuxtools/bin/colcrt
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-51.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/linuxtools/bin/colcrt...done.
(gdb) r file
Starting program: /opt/linuxtools/bin/colcrt file

*Program received signal SIGSEGV, Segmentation fault.*

*216 cp[i] = c;*
colcrt (f=0x62b060) at text-utils/colcrt.c:216
Missing separate debuginfos, use: debuginfo-install
glibc-2.17-55.el7_0.5.x86_64
(gdb) bt full
#0  colcrt (f=0x62b060) at text-utils/colcrt.c:216
        c = <optimized out>
        cp = 0x606fe8 L""
        dp = <optimized out>
        i = 0
        w = 1
#1  0x00000000004015bc in main (argc=0, argv=0x7fffffffe5f8) at
text-utils/colcrt.c:139
        f = 0x62b060
        i = <optimized out>
        opt = <optimized out>
        longopts = {{name = 0x405d67 "no-underlining", has_arg = 0, flag =
0x0, val = 128}, {name = 0x405d76 "half-lines", has_arg = 0, flag = 0x0,
val = 50}, {
            name = 0x405d81 "version", has_arg = 0, flag = 0x0, val = 86},
{name = 0x405d89 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x0,
has_arg = 0, flag = 0x0, val = 0}}

Thanks
Ala'a

[Message part 2 (text/html, inline)]
[file (application/octet-stream, attachment)]
Added tag(s) notabug. Request was from Eric Blake <eblake <at> redhat.com> to control <at> debbugs.gnu.org. (Fri, 07 Aug 2015 21:53:01 GMT) Full text and rfc822 format available.
Reply sent to Eric Blake <eblake <at> redhat.com>:
You have taken responsibility. (Fri, 07 Aug 2015 21:53:02 GMT) Full text and rfc822 format available.
Notification sent to Alaa Mubaied <alaamubaied <at> gmail.com>:
bug acknowledged by developer. (Fri, 07 Aug 2015 21:53:03 GMT) Full text and rfc822 format available.

Message #12 received at 21213-done <at> debbugs.gnu.org (full text, mbox):

From: Eric Blake <eblake <at> redhat.com>
To: Alaa Mubaied <alaamubaied <at> gmail.com>, 21213-done <at> debbugs.gnu.org,
 GNU bug control <control <at> debbugs.gnu.org>
Subject: Re: bug#21213: Fwd: crash in colcrt util-linux
Date: Fri, 7 Aug 2015 15:52:06 -0600

[Message part 1 (text/plain, inline)]
tag 21213 notabug
thanks

On 08/07/2015 02:41 PM, Alaa Mubaied wrote:
> Hi,
> 
> I found a crash in colcrt, (filter nroff output for CRT previewing) . - The
> colcrt command is part of the util-linux package and is available from
> Linux Kernel Archive

As you so aptly noted, colcrt is NOT part of coreutils, but part of
util-linux.  As this is not the util-linux mailing list, we can't help
you here, so I'm closing this as not a bug in the coreutils database.
However, that does not negate the fact that you have identified a
problem, nor does it prevent you from replying to this thread with more
details.

And if you do manage to report the bug correctly to the util-linux
folks, I would suggest that you also let them know that 'colcrt --help'
could be made more useful by displaying correct bug reporting
information, the way all of the coreutils already do.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[signature.asc (application/pgp-signature, attachment)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 05 Sep 2015 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 9 years and 348 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.