GNU bug report logs - #29564
Segmentation fault if print command is issued

Previous Next

Package: parted;

Reported by: Nils Bars <nils.bars <at> rub.de>

Date: Mon, 4 Dec 2017 16:27:02 UTC

Severity: normal

To reply to this bug, email your comments to 29564 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-parted <at> gnu.org:
bug#29564; Package parted. (Mon, 04 Dec 2017 16:27:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Nils Bars <nils.bars <at> rub.de>:
New bug report received and forwarded. Copy sent to bug-parted <at> gnu.org. (Mon, 04 Dec 2017 16:27:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Nils Bars <nils.bars <at> rub.de>
To: bug-parted <at> gnu.org
Subject: Segmentation fault if print command is issued
Date: Mon, 4 Dec 2017 12:49:48 +0100

[Message part 1 (text/plain, inline)]
Hello,

I found a bug while fuzzing parted. A test case that triggers the
segmentation fault is attached.

Is there any way for me to track the issue status on some sort of bug
tracker?


- Trigger the bug
parted 'f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33' print


- parted --version
parted (GNU parted) 3.2
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by
<http://git.debian.org/?p=parted/parted.git;a=blob_plain;f=AUTHORS>.


Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0xd31bc09c
RBX: 0x7fffffffcd00 ("44444444\023")
RCX: 0x7ffff7bc5be0 --> 0x7707309600000000
RDX: 0x67 ('g')
RSI: 0x7fffffffcd13 ('4' <repeats 143 times>, ":", '4' <repeats 41
times>, "$", '4' <repeats 14 times>...)
RDI: 0x7ffffffff000
RBP: 0x13
RSP: 0x7fffffffc6c8 --> 0x7ffff7baff6a (cmp    DWORD PTR [rbx+0x10],eax)
RIP: 0x7ffff7bb58f8 (<__efi_crc32+24>:    movzx  edx,BYTE PTR [rdi])
R8 : 0x5555557cb040 --> 0x5555557cb470 --> 0x0
R9 : 0x555555790f70
(".../filtered/f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33")
R10: 0x7ffff74cdbe0 --> 0x0
R11: 0x0
R12: 0x10
R13: 0x555555791798 --> 0x555555769980 --> 0x0
R14: 0x7fffffffc6f0 --> 0x100000089
R15: 0x7fffffffcd00 ("44444444\023")
EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff7bb58ec <__efi_crc32+12>:    add    rsi,rdi
   0x7ffff7bb58ef <__efi_crc32+15>:    mov    eax,edx
   0x7ffff7bb58f1 <__efi_crc32+17>:    nop    DWORD PTR [rax+0x0]
=> 0x7ffff7bb58f8 <__efi_crc32+24>:    movzx  edx,BYTE PTR [rdi]
   0x7ffff7bb58fb <__efi_crc32+27>:    add    rdi,0x1
   0x7ffff7bb58ff <__efi_crc32+31>:    xor    edx,eax
   0x7ffff7bb5901 <__efi_crc32+33>:    shr    eax,0x8
   0x7ffff7bb5904 <__efi_crc32+36>:    movzx  edx,dl
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffc6c8 --> 0x7ffff7baff6a (cmp    DWORD PTR [rbx+0x10],eax)
0008| 0x7fffffffc6d0 --> 0x7fffffffcd00 ("44444444\023")
0016| 0x7fffffffc6d8 --> 0x7fffffffc900 ('a' <repeats 180 times>,
"xaaaa]", 'a' <repeats 14 times>...)
0024| 0x7fffffffc6e0 --> 0x7fffffffd950 --> 0x7ffff7dd2530 -->
0x7ffff7dd23b0 --> 0x7ffff7dd23d0 --> 0x7ffff7dd23f0 (--> ...)
0032| 0x7fffffffc6e8 --> 0x7ffff7bb0100 (<nilfs2_probe+384>:    test  
eax,eax)
0040| 0x7fffffffc6f0 --> 0x100000089
0048| 0x7fffffffc6f8 --> 0x555555776da0 --> 0x555555776dd8 ("INTERNAL")
0056| 0x7fffffffc700 --> 0x7fffffffd820 ('a' <repeats 22 times>, "@",
'a' <repeats 177 times>...)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff7bb58f8 in __efi_crc32 () from /usr/lib/libparted.so.2


[f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33 (application/octet-stream, attachment)]
Information forwarded to bug-parted <at> gnu.org:
bug#29564; Package parted. (Fri, 08 Dec 2017 14:18:02 GMT) Full text and rfc822 format available.

Message #8 received at 29564 <at> debbugs.gnu.org (full text, mbox):

From: Phil Susi <psusi <at> ubuntu.com>
To: Nils Bars <nils.bars <at> rub.de>, 29564 <at> debbugs.gnu.org
Subject: Re: bug#29564: Segmentation fault if print command is issued
Date: Fri, 8 Dec 2017 09:17:32 -0500

[Message part 1 (text/plain, inline)]
On 12/4/2017 6:49 AM, Nils Bars wrote:
> Hello,
> 
> I found a bug while fuzzing parted. A test case that triggers the
> segmentation fault is attached.
> 
> Is there any way for me to track the issue status on some sort of bug
> tracker?

You can view the bug status in a web page at debbugs.gnu.org.

> 
> - Trigger the bug
> parted 'f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33' print

I can't parse that string at all.  What the heck is it supposed to do?




[signature.asc (application/pgp-signature, attachment)]
Information forwarded to bug-parted <at> gnu.org:
bug#29564; Package parted. (Fri, 08 Dec 2017 16:19:01 GMT) Full text and rfc822 format available.

Message #11 received at 29564 <at> debbugs.gnu.org (full text, mbox):

From: Håkon Løvdal <hlovdal <at> gmail.com>
To: Phil Susi <psusi <at> ubuntu.com>
Cc: 29564 <at> debbugs.gnu.org, Nils Bars <nils.bars <at> rub.de>
Subject: Re: bug#29564: Segmentation fault if print command is issued
Date: Fri, 8 Dec 2017 17:18:39 +0100

On 8 December 2017 at 15:17, Phil Susi <psusi <at> ubuntu.com> wrote:
> On 12/4/2017 6:49 AM, Nils Bars wrote:
>> - Trigger the bug
>> parted 'f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33' print
>
> What the heck is it supposed to do?

Nothing, It is just some fuzzing input that triggered a bug.

https://stackoverflow.com/tags/fuzzing/info:
Fuzzing or Fuzz-testing is a type of software test where the software is
presented with invalid input to find errors in input validation and handling.
Information forwarded to bug-parted <at> gnu.org:
bug#29564; Package parted. (Fri, 08 Dec 2017 17:37:01 GMT) Full text and rfc822 format available.

Message #14 received at 29564 <at> debbugs.gnu.org (full text, mbox):

From: Phil Susi <psusi <at> ubuntu.com>
To: Håkon Løvdal <hlovdal <at> gmail.com>
Cc: 29564 <at> debbugs.gnu.org, Nils Bars <nils.bars <at> rub.de>
Subject: Re: bug#29564: Segmentation fault if print command is issued
Date: Fri, 8 Dec 2017 12:36:30 -0500

[Message part 1 (text/plain, inline)]
On 12/8/2017 11:18 AM, Håkon Løvdal wrote:
> On 8 December 2017 at 15:17, Phil Susi <psusi <at> ubuntu.com> wrote:
>> On 12/4/2017 6:49 AM, Nils Bars wrote:
>>> - Trigger the bug
>>> parted 'f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33' print
>>
>> What the heck is it supposed to do?
> 
> Nothing, It is just some fuzzing input that triggered a bug.

So it is just the file name that is the issue, not its contents?



[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 7 years and 195 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.