GNU bug report logs -
#28859
Segmentation fault with NULL pointer dereference in 'stty'
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#28859: Segmentation fault with NULL pointer dereference in 'stty'
which was filed against the coreutils package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 28859 <at> debbugs.gnu.org.
--
28859: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=28859
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
On 15/10/17 18:07, Jaeseung Choi wrote:
> Dear GNU team,
>
> While testing coreutils for a research purpose, we found the following
> crash in 'stty'. Running stty with the command-line "stty eol -F AA"
> raises a crash as below. We did not change any terminal setting, and
> believe the bug is irrelevant from any specific terminal
> configuration.
>
> jason <at> ubuntu:~$ tar -xf coreutils-8.28.tar.xz
> jason <at> ubuntu:~$ cd coreutils-8.28/
> jason <at> ubuntu:~/coreutils-8.28$ mkdir obj
> jason <at> ubuntu:~/coreutils-8.28$ cd obj
> jason <at> ubuntu:~/coreutils-8.28/obj$ ../configure --disable-nls && make
> ...
> jason <at> ubuntu:~/coreutils-8.28/obj$ gdb ./src/stty -q
> Reading symbols from ./src/stty...done.
> (gdb) run eol -F AA
> Starting program: /home/jason/coreutils-8.28/obj/src/stty eol -F AA
>
> Program received signal SIGSEGV, Segmentation fault.
> set_control_char (info=0x40a6f8 <control_info+120>, info=0x40a6f8
> <control_info+120>, mode=0x6103c0 <check_mode>, arg=0x0) at
> ../src/stty.c:1695
> 1695 else if (arg[0] == '\0' || arg[1] == '\0')
> (gdb) x/i $rip
> => 0x40387a <apply_settings+746>: movzbl (%rbx),%r14d
> (gdb) info reg rbx
> rbx 0x0 0
> (gdb)
>
> We could reproduce the bug in coreutils from version 8.27 to 8.28.
> Also, the bug was reproducible in both Ubuntu 16.04 and Debian 9.1.
> But the stty program pre-built in Debian 9.1 did not crash because
> currently 8.26 version is installed in Debian.
This is actually an old bug which you can reproduce with -F /dev/tty.
The attached should fix it up.
thanks!
Pádraig
[stty-crash.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
Dear GNU team,
While testing coreutils for a research purpose, we found the following
crash in 'stty'. Running stty with the command-line "stty eol -F AA"
raises a crash as below. We did not change any terminal setting, and
believe the bug is irrelevant from any specific terminal
configuration.
jason <at> ubuntu:~$ tar -xf coreutils-8.28.tar.xz
jason <at> ubuntu:~$ cd coreutils-8.28/
jason <at> ubuntu:~/coreutils-8.28$ mkdir obj
jason <at> ubuntu:~/coreutils-8.28$ cd obj
jason <at> ubuntu:~/coreutils-8.28/obj$ ../configure --disable-nls && make
...
jason <at> ubuntu:~/coreutils-8.28/obj$ gdb ./src/stty -q
Reading symbols from ./src/stty...done.
(gdb) run eol -F AA
Starting program: /home/jason/coreutils-8.28/obj/src/stty eol -F AA
Program received signal SIGSEGV, Segmentation fault.
set_control_char (info=0x40a6f8 <control_info+120>, info=0x40a6f8
<control_info+120>, mode=0x6103c0 <check_mode>, arg=0x0) at
../src/stty.c:1695
1695 else if (arg[0] == '\0' || arg[1] == '\0')
(gdb) x/i $rip
=> 0x40387a <apply_settings+746>: movzbl (%rbx),%r14d
(gdb) info reg rbx
rbx 0x0 0
(gdb)
We could reproduce the bug in coreutils from version 8.27 to 8.28.
Also, the bug was reproducible in both Ubuntu 16.04 and Debian 9.1.
But the stty program pre-built in Debian 9.1 did not crash because
currently 8.26 version is installed in Debian.
Please let us know if you have a problem in reproducing the bug.
Thank you.
Sincerely,
Jaeseung
This bug report was last modified 7 years and 275 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.