GNU bug report logs - #70232
Bug in argument handling may lead to segfault if --debug is passed after any compile step

Previous Next

Package: sed;

Reported by: 37 <at> cmail.nu

Date: Sat, 6 Apr 2024 06:39:03 UTC

Severity: normal

To reply to this bug, email your comments to 70232 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-sed <at> gnu.org:
bug#70232; Package sed. (Sat, 06 Apr 2024 06:39:03 GMT) Full text and rfc822 format available.
Acknowledgement sent to 37 <at> cmail.nu:
New bug report received and forwarded. Copy sent to bug-sed <at> gnu.org. (Sat, 06 Apr 2024 06:39:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: 37 <at> cmail.nu
To: bug-sed <at> gnu.org
Subject: Bug in argument handling may lead to segfault if --debug is passed
 after any compile step
Date: Sat, 06 Apr 2024 00:40:08 -0400

[Message part 1 (text/plain, inline)]
Hi,

This affects every version with the --debug flag to my knowledge. Tested 
on version 4.8. Reasonably simple reproducer is attached. Run with `sed 
-f repro.sed --debug`.

I believe the root cause is that sed will compile scripts *before* 
setting the debug flag, which leads to cmd->x.label_name being garbage 
since next_cmd_entry doesn't zero out the auxiliary data structure. When 
sed then tries to print the label through debug_print_program at the end 
of main, a segfault is possible due to the uninitialized read.
[repro.sed (text/plain, attachment)]
This bug report was last modified 1 year and 68 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.