GNU bug report logs -
#50611
one-byte (write) heap-buffer-underrun
Previous Next
Reported by: Jim Meyering <jim <at> meyering.net>
Date: Thu, 16 Sep 2021 00:30:02 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50611 in the body.
You can then email your comments to 50611 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#50611; Package
coreutils.
(Thu, 16 Sep 2021 00:30:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jim Meyering <jim <at> meyering.net>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Thu, 16 Sep 2021 00:30:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Thanks for all your recent changes! I built+tested with ASAN on Fedora 34:
Configure and build as usual, then "make clean" and do this:
> san='-fsanitize-address-use-after-scope -fsanitize=address -static-libasan'; ASAN_OPTIONS=detect_leaks=0 , CFLAGS='-O -ggdb3' AM_CFLAGS="$san" AM_LDFLAGS="$san" check
(but that first -f option may be obsolete, because it seems to provoke
spurious failure of the stdbuf test and help-version tests)
That exposed this (and similar in an md5sum tests):
md5sum: test ck-strict-1: stderr mismatch, comparing ck-strict-1.2
(expected) and ck-strict-1.E (actual)
*** ck-strict-1.2 Wed Sep 15 17:16:39 2021
--- ck-strict-1.E Wed Sep 15 17:16:39 2021
***************
*** 1 ****
! md5sum: WARNING: 1 line is improperly formatted
--- 1,47 ----
! =================================================================
! ==1752792==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60c00000003f at pc 0x0000004d7387 bp 0x7fff29bac390 sp
0x7fff29bac388
! READ of size 1 at 0x60c00000003f thread T0
! #0 0x4d7386 in digest_check src/digest.c:1076
! #1 0x4d7386 in main src/digest.c:1492
! #2 0x7ff1f089db74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
! #3 0x40754d in _start (/home/j/w/co/cu/src/md5sum+0x40754d)
!
! 0x60c00000003f is located 1 bytes to the left of 120-byte region
[0x60c000000040,0x60c0000000b8)
! allocated by thread T0 here:
! #0 0x492417 in __interceptor_malloc
/home/j/w/co/gcc/libsanitizer/asan/asan_malloc_linux.cpp:129
! #1 0x7ff1f08ec903 in _IO_getdelim (/lib64/libc.so.6+0x76903)
! #2 0x49208f (/home/j/w/co/cu/src/md5sum+0x49208f)
!
! SUMMARY: AddressSanitizer: heap-buffer-overflow src/digest.c:1076 in
digest_check
! Shadow bytes around the buggy address:
! 0x0c187fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! =>0x0c187fff8000: fa fa fa fa fa fa fa[fa]00 00 00 00 00 00 00 00
! 0x0c187fff8010: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
! 0x0c187fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! Shadow byte legend (one shadow byte represents 8 application bytes):
! Addressable: 00
! Partially addressable: 01 02 03 04 05 06 07
! Heap left redzone: fa
! Freed heap region: fd
! Stack left redzone: f1
! Stack mid redzone: f2
! Stack right redzone: f3
! Stack after return: f5
! Stack use after scope: f8
! Global redzone: f9
! Global init order: f6
! Poisoned by user: f7
! Container overflow: fc
! Array cookie: ac
! Intra object redzone: bb
! ASan internal: fe
! Left alloca redzone: ca
! Right alloca redzone: cb
! ==1752792==ABORTING
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility.
(Thu, 16 Sep 2021 07:27:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jim Meyering <jim <at> meyering.net>:
bug acknowledged by developer.
(Thu, 16 Sep 2021 07:27:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 50611-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thanks for reporting that. I installed the attached to fix it.
[0001-cksum-fix-off-by-1-bug-with-r-stripping.patch (text/x-patch, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#50611; Package
coreutils.
(Thu, 16 Sep 2021 11:35:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 50611 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 16/09/2021 08:26, Paul Eggert wrote:
> Thanks for reporting that. I installed the attached to fix it.
Thanks to you both.
The fix looks good.
It got me thinking though, that we should not we warning/failing on blank lines.
I.e., we should be treating blank lines like comments.
The attached does that.
cheers,
Pádraig
[digest-blank-lines.patch (text/x-patch, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#50611; Package
coreutils.
(Thu, 16 Sep 2021 18:52:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 50611 <at> debbugs.gnu.org (full text, mbox):
On 9/16/21 4:34 AM, Pádraig Brady wrote:
> It got me thinking though, that we should not we warning/failing on
> blank lines.
> I.e., we should be treating blank lines like comments.
> The attached does that.
Thaks, a good improvement. The nerd in me also suggests changing this:
line[line_length] = '\0';
/* Ignore blank lines. */
if (line_length == 0)
continue;
to this:
/* Ignore empty lines. */
if (line_length == 0)
continue;
line[line_length] = '\0';
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#50611; Package
coreutils.
(Thu, 16 Sep 2021 19:44:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 50611 <at> debbugs.gnu.org (full text, mbox):
On 16/09/2021 19:51, Paul Eggert wrote:
> On 9/16/21 4:34 AM, Pádraig Brady wrote:
>> It got me thinking though, that we should not we warning/failing on
>> blank lines.
>> I.e., we should be treating blank lines like comments.
>> The attached does that.
>
> Thaks, a good improvement. The nerd in me also suggests changing this:
>
> line[line_length] = '\0';
>
> /* Ignore blank lines. */
> if (line_length == 0)
> continue;
>
> to this:
>
> /* Ignore empty lines. */
> if (line_length == 0)
> continue;
>
> line[line_length] = '\0';
Pushed with that adjustment.
cheers,
Pádraig
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 15 Oct 2021 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 245 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.