GNU bug report logs -
#25023
Bug PR utility with -S option
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#25023: Bug PR utility with -S option
which was filed against the coreutils package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 25023 <at> debbugs.gnu.org.
--
25023: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=25023
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
On 25/11/16 02:36, Marcel Böhme wrote:
> Dear all,
>
> The following input to PR does not crash the program but ASAN reports a buffer overflow.
> The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham.
>
> $ echo a > a
> $ pr "-S$(printf "\t\t\t")" a -m a > /dev/null
>
> =================================================================
> ==102438==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000041b622 at pc 0x00000040506b bp 0x7ffc95917160 sp 0x7ffc95917158
> READ of size 1 at 0x00000041b622 thread T0
> #0 0x40506a in print_sep_string ../src/pr.c:2241
> #1 0x407ec4 in read_line ../src/pr.c:2493
> #2 0x40985c in print_page ../src/pr.c:1802
> #3 0x40985c in print_files ../src/pr.c:1618
> #4 0x4036e0 in main ../src/pr.c:1136
> #5 0x7ff29fa67f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
> #6 0x404209 (/home/ubuntu/subjects/coreutils_fixed/obj-asan/src/pr+0x404209)
>
> 0x00000041b622 is located 62 bytes to the left of global variable '*.LC12' defined in '../src/pr.c' (0x41b660) of size 4
> '*.LC12' is ascii string '%*d'
> 0x00000041b622 is located 0 bytes to the right of global variable '*.LC11' defined in '../src/pr.c' (0x41b620) of size 2
> '*.LC11' is ascii string ' '
> SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pr.c:2241 in print_sep_string
Fixed in that attached.
thanks!
[pr-S-error.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
Dear all,
The following input to PR does not crash the program but ASAN reports a buffer overflow.
The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham.
$ echo a > a
$ pr "-S$(printf "\t\t\t")" a -m a > /dev/null
=================================================================
==102438==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000041b622 at pc 0x00000040506b bp 0x7ffc95917160 sp 0x7ffc95917158
READ of size 1 at 0x00000041b622 thread T0
#0 0x40506a in print_sep_string ../src/pr.c:2241
#1 0x407ec4 in read_line ../src/pr.c:2493
#2 0x40985c in print_page ../src/pr.c:1802
#3 0x40985c in print_files ../src/pr.c:1618
#4 0x4036e0 in main ../src/pr.c:1136
#5 0x7ff29fa67f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#6 0x404209 (/home/ubuntu/subjects/coreutils_fixed/obj-asan/src/pr+0x404209)
0x00000041b622 is located 62 bytes to the left of global variable '*.LC12' defined in '../src/pr.c' (0x41b660) of size 4
'*.LC12' is ascii string '%*d'
0x00000041b622 is located 0 bytes to the right of global variable '*.LC11' defined in '../src/pr.c' (0x41b620) of size 2
'*.LC11' is ascii string ' '
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pr.c:2241 in print_sep_string
Best regards,
- Marcel
This bug report was last modified 8 years and 177 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.