GNU bug report logs - #25004
Bug in OD utility

Previous Next

Package: coreutils;

Reported by: Marcel Böhme <boehme.marcel <at> gmail.com>

Date: Wed, 23 Nov 2016 16:30:03 UTC

Severity: normal

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: Marcel Böhme <boehme.marcel <at> gmail.com>, 25004 <at> debbugs.gnu.org
Subject: bug#25004: Bug in OD utility
Date: Thu, 24 Nov 2016 00:45:44 +0000

On 23/11/16 13:56, Marcel Böhme wrote:
> Dear all,
> 
> The following input crashes the od utility 3 out of 10 times. 
> Seems to depend on startup timing: Couldn’t reproduce it within GDB or Valgrind. Not sure if its a bug in GNULIB (ftoastr.c) or OD (od.c).
> 
> $ printf "abcde\x00\x00\x00a " | od -tazfL -
> Segmentation fault
> 
> ASAN says:
> ==91757==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f757ec161c0 bp 0x7ffc048a5ff0 sp 0x7ffc048a5208 T0)
>     #0 0x7f757ec161bf  (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf)
>     #1 0x7f757ec16e77 in __printf_fp (/lib/x86_64-linux-gnu/libc.so.6+0x4fe77)
>     #2 0x7f757ec156d2 in vfprintf (/lib/x86_64-linux-gnu/libc.so.6+0x4e6d2)
>     #3 0x7f757ecd0164 in __vsnprintf_chk (/lib/x86_64-linux-gnu/libc.so.6+0x109164)
>     #4 0x7f757ecd00c7 in __snprintf_chk (/lib/x86_64-linux-gnu/libc.so.6+0x1090c7)
>     #5 0x40ce1a in snprintf /usr/include/x86_64-linux-gnu/bits/stdio2.h:64
>     #6 0x40ce1a in ldtoastr ../lib/ftoastr.c:131
>     #7 0x408e69 in print_long_double ../src/od.c:479
>     #8 0x40a2f1 in write_block ../src/od.c:1221
>     #9 0x403eec in dump ../src/od.c:1436
>     #10 0x403eec in main ../src/od.c:1978
>     #11 0x7f757ebe8f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #12 0x405bd9  (/home/ubuntu/subjects/coreutils/obj-asan/src/od+0x405bd9)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf) 
> 
> This bug was found by AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham!

Since coreutils-8.24 we have relied on gnulib to indicate
whether the system printf routines are safe to use (i.e. crash or not).

  http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.23-81-gf57bfbb
  http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.23-176-gb817f62

It seems like we'll have to add another check to gnulib to detect
this issue in the system libs?

I can't reproduce the issue here BTW with ASAN and running in a tight
loop for a few minutes.  So perhaps it has been fixed in glibc already?
I have glibc-2.22-10.fc23.x86_64
Depending on how widespread the issue is will determine if it's worth
adding the check to gnulib.

What libc are you using?

thanks,
Pádraig

p.s. I tested od with AFL a lot on this system a while back
and didn't find any issues.
This bug report was last modified 6 years and 264 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.