GNU bug report logs -
#25003
Bug in SPLIT utility
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#25003: Bug in SPLIT utility
which was filed against the coreutils package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 25003 <at> debbugs.gnu.org.
--
25003: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=25003
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
On 23/11/16 22:16, Pádraig Brady wrote:
> On 23/11/16 17:30, Jim Meyering wrote:
>> On Wed, Nov 23, 2016 at 5:22 AM, Marcel Böhme <boehme.marcel <at> gmail.com> wrote:
>>> Dear all,
>>>
>>> We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
>>> We’ll be reporting each found bug separately.
>>>
>>> On Coreutils v8.25 and trunk, the following input crashes.
>>> Option -n was introduced with v8.8.
>>>
>>> $ ./split -n7/75 7
>>> Segmentation fault
>>>
>>> ASAN says:
>>> =================================================================
>>> ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
>>> #0 0x7f8820eb9a10 in memmove (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
>>> #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
>>> #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
>>> #3 0x404d12 in main ../src/split.c:1625
>>> #4 0x7f881fd9cf44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>>> #5 0x4064a9 (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
>>>
>>> 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region [0x7f8821f99800,0x7f8821fba800)
>>> allocated by thread T0 here:
>>> #0 0x7f8820f193a8 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
>>> #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
>>>
>>> SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
>>
>> Thank you for the report.
>> Would you please provide the contents of your file named "7"?
>
> That's immaterial I think. I can reproduce with:
> src/split -n2/3 /dev/null
> I'll dig into these
Patch attached.
thanks!
Pádraig
[split-n-corruption.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
Dear all,
We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
We’ll be reporting each found bug separately.
On Coreutils v8.25 and trunk, the following input crashes.
Option -n was introduced with v8.8.
$ ./split -n7/75 7
Segmentation fault
ASAN says:
=================================================================
==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
#0 0x7f8820eb9a10 in memmove (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
#1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
#2 0x404d12 in bytes_chunk_extract ../src/split.c:987
#3 0x404d12 in main ../src/split.c:1625
#4 0x7f881fd9cf44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#5 0x4064a9 (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region [0x7f8821f99800,0x7f8821fba800)
allocated by thread T0 here:
#0 0x7f8820f193a8 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
#1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
Best regards,
- Marcel
This bug report was last modified 8 years and 239 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.