GNU bug report logs - #28859
Segmentation fault with NULL pointer dereference in 'stty'

Previous Next

Package: coreutils;

Reported by: Jaeseung Choi <jschoi.2022 <at> gmail.com>

Date: Mon, 16 Oct 2017 07:14:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jim Meyering <jim <at> meyering.net>
To: 28859 <at> debbugs.gnu.org, Pádraig Brady <P <at> draigbrady.com>,  jschoi.2022 <at> gmail.com
Cc: 28859-done <at> debbugs.gnu.org
Subject: bug#28859: Segmentation fault with NULL pointer dereference in 'stty'
Date: Mon, 16 Oct 2017 10:49:32 -0700

On Mon, Oct 16, 2017 at 2:30 AM, Pádraig Brady <P <at> draigbrady.com> wrote:
> On 15/10/17 18:07, Jaeseung Choi wrote:
>> Dear GNU team,
>>
>> While testing coreutils for a research purpose, we found the following
>> crash in 'stty'. Running stty with the command-line "stty eol -F AA"
>> raises a crash as below. We did not change any terminal setting, and
>> believe the bug is irrelevant from any specific terminal
>> configuration.
>>
>> jason <at> ubuntu:~$ tar -xf coreutils-8.28.tar.xz
>> jason <at> ubuntu:~$ cd coreutils-8.28/
>> jason <at> ubuntu:~/coreutils-8.28$ mkdir obj
>> jason <at> ubuntu:~/coreutils-8.28$ cd obj
>> jason <at> ubuntu:~/coreutils-8.28/obj$ ../configure --disable-nls && make
>> ...
>> jason <at> ubuntu:~/coreutils-8.28/obj$ gdb ./src/stty -q
>> Reading symbols from ./src/stty...done.
>> (gdb) run eol -F AA
>> Starting program: /home/jason/coreutils-8.28/obj/src/stty eol -F AA
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> set_control_char (info=0x40a6f8 <control_info+120>, info=0x40a6f8
>> <control_info+120>, mode=0x6103c0 <check_mode>, arg=0x0) at
>> ../src/stty.c:1695
>> 1695      else if (arg[0] == '\0' || arg[1] == '\0')
>> (gdb) x/i $rip
>> => 0x40387a <apply_settings+746>:       movzbl (%rbx),%r14d
>> (gdb) info reg rbx
>> rbx            0x0      0
>> (gdb)
>>
>> We could reproduce the bug in coreutils from version 8.27 to 8.28.
>> Also, the bug was reproducible in both Ubuntu 16.04 and Debian 9.1.
>> But the stty program pre-built in Debian 9.1 did not crash because
>> currently 8.26 version is installed in Debian.
>
> This is actually an old bug which you can reproduce with -F /dev/tty.
> The attached should fix it up.

Thank you!
If it's not too hard to determine, would you please mention in the log
the commit that introduced the bug?
This bug report was last modified 7 years and 275 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.