GNU bug report logs - #25004
Bug in OD utility

Previous Next

Package: coreutils;

Reported by: Marcel Böhme <boehme.marcel <at> gmail.com>

Date: Wed, 23 Nov 2016 16:30:03 UTC

Severity: normal

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 25004 in the body.
You can then email your comments to 25004 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Wed, 23 Nov 2016 16:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Marcel Böhme <boehme.marcel <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Wed, 23 Nov 2016 16:30:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Marcel Böhme <boehme.marcel <at> gmail.com>
To: bug-coreutils <at> gnu.org
Subject: Bug in OD utility
Date: Wed, 23 Nov 2016 21:56:03 +0800
Dear all,

The following input crashes the od utility 3 out of 10 times. 
Seems to depend on startup timing: Couldn’t reproduce it within GDB or Valgrind. Not sure if its a bug in GNULIB (ftoastr.c) or OD (od.c).

$ printf "abcde\x00\x00\x00a " | od -tazfL -
Segmentation fault

ASAN says:
==91757==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f757ec161c0 bp 0x7ffc048a5ff0 sp 0x7ffc048a5208 T0)
    #0 0x7f757ec161bf  (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf)
    #1 0x7f757ec16e77 in __printf_fp (/lib/x86_64-linux-gnu/libc.so.6+0x4fe77)
    #2 0x7f757ec156d2 in vfprintf (/lib/x86_64-linux-gnu/libc.so.6+0x4e6d2)
    #3 0x7f757ecd0164 in __vsnprintf_chk (/lib/x86_64-linux-gnu/libc.so.6+0x109164)
    #4 0x7f757ecd00c7 in __snprintf_chk (/lib/x86_64-linux-gnu/libc.so.6+0x1090c7)
    #5 0x40ce1a in snprintf /usr/include/x86_64-linux-gnu/bits/stdio2.h:64
    #6 0x40ce1a in ldtoastr ../lib/ftoastr.c:131
    #7 0x408e69 in print_long_double ../src/od.c:479
    #8 0x40a2f1 in write_block ../src/od.c:1221
    #9 0x403eec in dump ../src/od.c:1436
    #10 0x403eec in main ../src/od.c:1978
    #11 0x7f757ebe8f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #12 0x405bd9  (/home/ubuntu/subjects/coreutils/obj-asan/src/od+0x405bd9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf) 

This bug was found by AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham!

Best regards,
- Marcel






Information forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Thu, 24 Nov 2016 00:46:02 GMT) Full text and rfc822 format available.

Message #8 received at 25004 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Marcel Böhme <boehme.marcel <at> gmail.com>,
 25004 <at> debbugs.gnu.org
Subject: Re: bug#25004: Bug in OD utility
Date: Thu, 24 Nov 2016 00:45:44 +0000
On 23/11/16 13:56, Marcel Böhme wrote:
> Dear all,
> 
> The following input crashes the od utility 3 out of 10 times. 
> Seems to depend on startup timing: Couldn’t reproduce it within GDB or Valgrind. Not sure if its a bug in GNULIB (ftoastr.c) or OD (od.c).
> 
> $ printf "abcde\x00\x00\x00a " | od -tazfL -
> Segmentation fault
> 
> ASAN says:
> ==91757==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f757ec161c0 bp 0x7ffc048a5ff0 sp 0x7ffc048a5208 T0)
>     #0 0x7f757ec161bf  (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf)
>     #1 0x7f757ec16e77 in __printf_fp (/lib/x86_64-linux-gnu/libc.so.6+0x4fe77)
>     #2 0x7f757ec156d2 in vfprintf (/lib/x86_64-linux-gnu/libc.so.6+0x4e6d2)
>     #3 0x7f757ecd0164 in __vsnprintf_chk (/lib/x86_64-linux-gnu/libc.so.6+0x109164)
>     #4 0x7f757ecd00c7 in __snprintf_chk (/lib/x86_64-linux-gnu/libc.so.6+0x1090c7)
>     #5 0x40ce1a in snprintf /usr/include/x86_64-linux-gnu/bits/stdio2.h:64
>     #6 0x40ce1a in ldtoastr ../lib/ftoastr.c:131
>     #7 0x408e69 in print_long_double ../src/od.c:479
>     #8 0x40a2f1 in write_block ../src/od.c:1221
>     #9 0x403eec in dump ../src/od.c:1436
>     #10 0x403eec in main ../src/od.c:1978
>     #11 0x7f757ebe8f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #12 0x405bd9  (/home/ubuntu/subjects/coreutils/obj-asan/src/od+0x405bd9)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf) 
> 
> This bug was found by AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham!

Since coreutils-8.24 we have relied on gnulib to indicate
whether the system printf routines are safe to use (i.e. crash or not).

  http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.23-81-gf57bfbb
  http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.23-176-gb817f62

It seems like we'll have to add another check to gnulib to detect
this issue in the system libs?

I can't reproduce the issue here BTW with ASAN and running in a tight
loop for a few minutes.  So perhaps it has been fixed in glibc already?
I have glibc-2.22-10.fc23.x86_64
Depending on how widespread the issue is will determine if it's worth
adding the check to gnulib.

What libc are you using?

thanks,
Pádraig

p.s. I tested od with AFL a lot on this system a while back
and didn't find any issues.




Information forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Thu, 24 Nov 2016 01:17:02 GMT) Full text and rfc822 format available.

Message #11 received at 25004 <at> debbugs.gnu.org (full text, mbox):

From: Marcel Böhme <boehme.marcel <at> gmail.com>
To: Pádraig Brady <P <at> draigBrady.com>
Cc: 25004 <at> debbugs.gnu.org
Subject: Re: bug#25004: Bug in OD utility
Date: Thu, 24 Nov 2016 09:16:34 +0800
Hi Pádraig,

> On 24 Nov 2016, at 8:45 AM, Pádraig Brady <P <at> draigBrady.com> wrote:
> 
> I can't reproduce the issue here BTW with ASAN and running in a tight
> loop for a few minutes.  So perhaps it has been fixed in glibc already?
> I have glibc-2.22-10.fc23.x86_64
> Depending on how widespread the issue is will determine if it's worth
> adding the check to gnulib.

I can reproduce the crash on Ubuntu 14.04 x86_64 with preinstalled od version 8.21 and the version in trunk.

> What libc are you using?

$ /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.9) stable release version 2.19, by Roland McGrath et al.
Copyright (C) 2014 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.8.4.
Compiled on a Linux 3.13.11 system on 2016-05-26.
Available extensions:
	crypt add-on version 2.1 by Michael Glad and others
	GNU Libidn by Simon Josefsson
	Native POSIX Threads Library by Ulrich Drepper et al
	BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
<https://bugs.launchpad.net/ubuntu/+source/eglibc/+bugs>.








Information forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Thu, 24 Nov 2016 01:56:02 GMT) Full text and rfc822 format available.

Message #14 received at 25004 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Marcel Böhme <boehme.marcel <at> gmail.com>
Cc: 25004 <at> debbugs.gnu.org
Subject: Re: bug#25004: Bug in OD utility
Date: Thu, 24 Nov 2016 01:55:43 +0000
On 24/11/16 01:16, Marcel Böhme wrote:
> Hi Pádraig,
> 
>> On 24 Nov 2016, at 8:45 AM, Pádraig Brady <P <at> draigBrady.com> wrote:
>>
>> I can't reproduce the issue here BTW with ASAN and running in a tight
>> loop for a few minutes.  So perhaps it has been fixed in glibc already?
>> I have glibc-2.22-10.fc23.x86_64
>> Depending on how widespread the issue is will determine if it's worth
>> adding the check to gnulib.
> 
> I can reproduce the crash on Ubuntu 14.04 x86_64 with preinstalled od version 8.21 and the version in trunk.
> 
>> What libc are you using?
> 
> $ /lib/x86_64-linux-gnu/libc.so.6
> GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.9) stable release version 2.19, by Roland McGrath et al.
> Copyright (C) 2014 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> Compiled by GNU CC version 4.8.4.
> Compiled on a Linux 3.13.11 system on 2016-05-26.
> Available extensions:
> 	crypt add-on version 2.1 by Michael Glad and others
> 	GNU Libidn by Simon Josefsson
> 	Native POSIX Threads Library by Ulrich Drepper et al
> 	BIND-8.2.3-T5B
> libc ABIs: UNIQUE IFUNC
> For bug reporting instructions, please see:
> <https://bugs.launchpad.net/ubuntu/+source/eglibc/+bugs>.

For completeness, where we discussed the this in relation to gnulib last was:
  https://sourceware.org/ml/libc-alpha/2015-02/threads.html#00181
and drilling down to there is the reference to original crash bug:
  https://sourceware.org/bugzilla/show_bug.cgi?id=4586
That was fixed in 2007 so this must be something else.

thanks,
Pádraig




Information forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Thu, 24 Nov 2016 03:58:01 GMT) Full text and rfc822 format available.

Message #17 received at 25004 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Marcel Böhme <boehme.marcel <at> gmail.com>,
 Pádraig Brady <P <at> draigBrady.com>
Cc: 25004 <at> debbugs.gnu.org
Subject: Re: bug#25004: Bug in OD utility
Date: Wed, 23 Nov 2016 19:57:02 -0800
Marcel Böhme wrote:
> I can reproduce the crash on Ubuntu 14.04 x86_64 with preinstalled od version 8.21 and the version in trunk.

I can't reproduce it in Ubuntu 16.04.1 x86-64 with preinstalled od. This is 
glibc 2.23-0ubuntu4. I hope the bug, whatever it was, was fixed in glibc so that 
we no longer have to worry about it.




Information forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Thu, 24 Nov 2016 04:51:02 GMT) Full text and rfc822 format available.

Message #20 received at 25004 <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Marcel Böhme <boehme.marcel <at> gmail.com>
Cc: 25004 <at> debbugs.gnu.org, Pádraig Brady <P <at> draigbrady.com>
Subject: Re: bug#25004: Bug in OD utility
Date: Wed, 23 Nov 2016 20:49:57 -0800
On Wed, Nov 23, 2016 at 5:16 PM, Marcel Böhme <boehme.marcel <at> gmail.com> wrote:
> Hi Pádraig,
>
>> On 24 Nov 2016, at 8:45 AM, Pádraig Brady <P <at> draigBrady.com> wrote:
>>
>> I can't reproduce the issue here BTW with ASAN and running in a tight
>> loop for a few minutes.  So perhaps it has been fixed in glibc already?
>> I have glibc-2.22-10.fc23.x86_64
>> Depending on how widespread the issue is will determine if it's worth
>> adding the check to gnulib.
>
> I can reproduce the crash on Ubuntu 14.04 x86_64 with preinstalled od version 8.21 and the version in trunk.
>
>> What libc are you using?
>
> $ /lib/x86_64-linux-gnu/libc.so.6
> GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.9) stable release version 2.19, by Roland McGrath et al.
> Copyright (C) 2014 Free Software Foundation, Inc.
...
> Compiled by GNU CC version 4.8.4.
...

Both gcc-4.8.4 and EGLIBC 2.19 are showing their age.
I too have failed to reproduce this. I used a Fedora 25 system, which
has glibc-2.24.




Information forwarded to bug-coreutils <at> gnu.org:
bug#25004; Package coreutils. (Sun, 28 Oct 2018 07:26:02 GMT) Full text and rfc822 format available.

Message #23 received at 25004 <at> debbugs.gnu.org (full text, mbox):

From: Assaf Gordon <assafgordon <at> gmail.com>
To: 25004 <at> debbugs.gnu.org
Subject: Re: bug#25004: Bug in OD utility
Date: Sun, 28 Oct 2018 01:25:27 -0600
close 25004
stop

(triaging old bugs)

On 2016-11-23 9:49 p.m., Jim Meyering wrote:
> On Wed, Nov 23, 2016 at 5:16 PM, Marcel Böhme <boehme.marcel <at> gmail.com> wrote:
>>
>>> On 24 Nov 2016, at 8:45 AM, Pádraig Brady <P <at> draigBrady.com> wrote:
>>>
>>> I can't reproduce the issue here BTW with ASAN and running in a tight
>>> loop for a few minutes.  So perhaps it has been fixed in glibc already?
>>> I have glibc-2.22-10.fc23.x86_64
>>> Depending on how widespread the issue is will determine if it's worth
>>> adding the check to gnulib.
>>
>> I can reproduce the crash on Ubuntu 14.04 x86_64 with preinstalled od version 8.21 and the version in trunk.
>>
>>> What libc are you using?
>>
>> $ /lib/x86_64-linux-gnu/libc.so.6
>> GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.9) stable release version 2.19, by Roland McGrath et al.
>> Copyright (C) 2014 Free Software Foundation, Inc.
> ...
>> Compiled by GNU CC version 4.8.4.
> ...
> 
> Both gcc-4.8.4 and EGLIBC 2.19 are showing their age.
> I too have failed to reproduce this. I used a Fedora 25 system, which
> has glibc-2.24.

Given the above (and other comments in the thread indicating it's
a too-old-glibc issue), I'm closing this bug.
Discussion can continue by replying to this thread.

-assaf







bug closed, send any further explanations to 25004 <at> debbugs.gnu.org and Marcel Böhme <boehme.marcel <at> gmail.com> Request was from Assaf Gordon <assafgordon <at> gmail.com> to control <at> debbugs.gnu.org. (Sun, 28 Oct 2018 07:26:02 GMT) Full text and rfc822 format available.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 25 Nov 2018 12:24:04 GMT) Full text and rfc822 format available.

This bug report was last modified 6 years and 263 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.