GNU bug report logs - #7993
cut segmentation fault with unbounded ranges

Previous Next

Package: coreutils;

Reported by: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>

Date: Sun, 6 Feb 2011 18:27:02 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
Subject: bug#7993: closed (Re: bug#7993: Acknowledgement (cut segmentation
 fault with unbounded ranges))
Date: Mon, 07 Feb 2011 07:37:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#7993: cut segmentation fault with unbounded ranges

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 7993 <at> debbugs.gnu.org.

-- 
7993: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7993
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Jim Meyering <jim <at> meyering.net>
To: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
Cc: 7993-done <at> debbugs.gnu.org
Subject: Re: bug#7993: Acknowledgement (cut segmentation fault with unbounded
	ranges)
Date: Mon, 07 Feb 2011 08:45:36 +0100

> Please ignore this. It's a duplicate submission of bug# 7992

Ok.  marking it closed.


[Message part 3 (message/rfc822, inline)]
From: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
To: bug-coreutils <at> gnu.org
Subject: cut segmentation fault with unbounded ranges
Date: Sun, 06 Feb 2011 18:20:11 +0000

In coreutils 8.9 (latest), the following commands trigger an invalid
memory access.

cut -c1234567890- --output-d=: foo
cut -f1234567890- --output-d=: foo
cut -b1234567890- --output-d=: foo

The number 1234567890 is just a random number 'big enough' to make the
invalid access generate a segmentation fault but the invalid access
happens for values as low as 8 (valgrind)

The problem is that ranges going to end of line (i.e., 'x-') are not
taken into account when calculating the size of the printable_field
vector, but their lower bound is used as an index on line 525:

  if (output_delimiter_specified
      && !complement
      && eol_range_start && !is_printable_field (eol_range_start))


Paul
This bug report was last modified 14 years and 109 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.