GNU bug report logs - #25003
Bug in SPLIT utility

Previous Next

Full log

View this message in rfc822 format

From: Jim Meyering <jim <at> meyering.net>
To: Marcel Böhme <boehme.marcel <at> gmail.com>
Cc: 25003 <at> debbugs.gnu.org
Subject: bug#25003: Bug in SPLIT utility
Date: Wed, 23 Nov 2016 09:30:59 -0800

On Wed, Nov 23, 2016 at 5:22 AM, Marcel Böhme <boehme.marcel <at> gmail.com> wrote:
> Dear all,
>
> We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
> We’ll be reporting each found bug separately.
>
> On Coreutils v8.25 and trunk, the following input crashes.
> Option -n was introduced with v8.8.
>
> $ ./split -n7/75 7
> Segmentation fault
>
> ASAN says:
> =================================================================
> ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
>     #0 0x7f8820eb9a10 in memmove (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
>     #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
>     #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
>     #3 0x404d12 in main ../src/split.c:1625
>     #4 0x7f881fd9cf44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #5 0x4064a9  (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
>
> 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region [0x7f8821f99800,0x7f8821fba800)
> allocated by thread T0 here:
>     #0 0x7f8820f193a8 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
>     #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
>
> SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove

Thank you for the report.
Would you please provide the contents of your file named "7"?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.