GNU bug report logs - #25003
Bug in SPLIT utility

Previous Next

Package: coreutils;

Reported by: Marcel Böhme <boehme.marcel <at> gmail.com>

Date: Wed, 23 Nov 2016 16:30:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #19 received at 25003-done <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Pádraig Brady <P <at> draigbrady.com>
Cc: Marcel Böhme <boehme.marcel <at> gmail.com>,
 25003-done <at> debbugs.gnu.org
Subject: Re: bug#25003: Bug in SPLIT utility
Date: Wed, 23 Nov 2016 17:34:29 -0800

On Wed, Nov 23, 2016 at 4:21 PM, Pádraig Brady <P <at> draigbrady.com> wrote:
> On 23/11/16 22:16, Pádraig Brady wrote:
>> On 23/11/16 17:30, Jim Meyering wrote:
>>> On Wed, Nov 23, 2016 at 5:22 AM, Marcel Böhme <boehme.marcel <at> gmail.com> wrote:
>>>> Dear all,
>>>>
>>>> We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
>>>> We’ll be reporting each found bug separately.
>>>>
>>>> On Coreutils v8.25 and trunk, the following input crashes.
>>>> Option -n was introduced with v8.8.
>>>>
>>>> $ ./split -n7/75 7
>>>> Segmentation fault
>>>>
>>>> ASAN says:
>>>> =================================================================
>>>> ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
>>>>     #0 0x7f8820eb9a10 in memmove (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
>>>>     #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
>>>>     #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
>>>>     #3 0x404d12 in main ../src/split.c:1625
>>>>     #4 0x7f881fd9cf44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>>>>     #5 0x4064a9  (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
>>>>
>>>> 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region [0x7f8821f99800,0x7f8821fba800)
>>>> allocated by thread T0 here:
>>>>     #0 0x7f8820f193a8 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
>>>>     #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
>>>>
>>>> SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
>>>
>>> Thank you for the report.
>>> Would you please provide the contents of your file named "7"?
>>
>> That's immaterial I think. I can reproduce with:
>>   src/split -n2/3 /dev/null
>> I'll dig into these

Looks perfect.
Thanks!
This bug report was last modified 8 years and 239 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.