GNU bug report logs - #7992
cut segmentation fault with unbounded ranges

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
Subject: bug#7992: closed (Re: bug#7992: cut segmentation fault with
 unbounded ranges)
Date: Fri, 22 Jul 2011 21:55:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#7992: cut segmentation fault with unbounded ranges

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 7992 <at> debbugs.gnu.org.

-- 
7992: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7992
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Jim Meyering <jim <at> meyering.net>
To: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
Cc: 7992-done <at> debbugs.gnu.org
Subject: Re: bug#7992: cut segmentation fault with unbounded ranges
Date: Fri, 22 Jul 2011 23:54:45 +0200

Jim Meyering wrote:
> Paul Marinescu wrote:
>> In coreutils 8.9 (latest), the following commands trigger an invalid
>> memory access.
>>
>> cut -c1234567890- --output-d=: foo
>> cut -f1234567890- --output-d=: foo
>> cut -b1234567890- --output-d=: foo
>>
>> The number 1234567890 is just a random number 'big enough' to make the
>> invalid access generate a segmentation fault but the invalid access
>> happens for values as low as 8 (valgrind)
>>
>> The problem is that ranges going to end of line (i.e., 'x-') are not
>> taken into account when calculating the size of the printable_field
>> vector, but their lower bound is used as an index on line 525:
>>
>>   if (output_delimiter_specified
>>       && !complement
>>       && eol_range_start && !is_printable_field (eol_range_start))
>
> Thanks a lot for the report.
> Here's a fix:
>
...
> Subject: [PATCH] cut: don't segfault for large unbounded range
>
> * src/cut.c (set_fields): When computing the maximum range endpoint,
> take into consideration the start of any unbounded range, like "999-".
> * NEWS (Bug fixes): Mention it.
> * tests/misc/cut (big-unbounded-b,c,f): Add tests.
> Reported by Paul Marinescu in http://debbugs.gnu.org/7993
> The bug was introduced on 2004-12-04 via commit 7380cf79.
...
>  * Noteworthy changes in release ?.? (????-??-??) [?]
>
> +** Bug fixes
> +
> +  cut could segfault when invoked with a user-specified output
> +  delimiter and an unbounded range like "-f1234567890-".
> +  [bug introduced in coreutils-5.3.0]
> +

Fixed, so closing.

[Message part 3 (message/rfc822, inline)]

From: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
To: bug-coreutils <at> gnu.org
Subject: cut segmentation fault with unbounded ranges
Date: Sun, 06 Feb 2011 16:15:30 +0000

In coreutils 8.9 (latest), the following commands trigger an invalid
memory access.

cut -c1234567890- --output-d=: foo
cut -f1234567890- --output-d=: foo
cut -b1234567890- --output-d=: foo

The number 1234567890 is just a random number 'big enough' to make the
invalid access generate a segmentation fault but the invalid access
happens for values as low as 8 (valgrind)

The problem is that ranges going to end of line (i.e., 'x-') are not
taken into account when calculating the size of the printable_field
vector, but their lower bound is used as an index on line 525:

  if (output_delimiter_specified
      && !complement
      && eol_range_start && !is_printable_field (eol_range_start))


Paul

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.