[findutils-4.5.2] NULL pointer dereferencing, and a trivial patch

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[findutils-4.5.2] NULL pointer dereferencing, and a trivial patch

From:	Nelson H. F. Beebe
Subject:	[findutils-4.5.2] NULL pointer dereferencing, and a trivial patch
Date:	Fri, 12 Sep 2008 14:07:14 -0600 (MDT)

Yesterday, I installed findutils-4.5.2 on about 25 flavors of Unix
in our labs.  Today, we found that it gets a segment violation
on Sun Solaris SPARC, easily replicated like this:

        find ~/.cshrc -printf '%TY'

The backtrace of the core dump shows

#0  0xff209678 in doformat () from /lib/libc.so.1
#1  0xff209710 in strftime () from /lib/libc.so.1
#2  0x0001734c in format_date (ts={tv_sec = 1221016463, tv_nsec = 381255880},
    kind=89) at pred.c:2097
#3  0x000180a0 in pred_fprintf (pathname=0x59778 "ThingsToDo",
    stat_buf=0xffbff5e0, pred_ptr=0x59268) at pred.c:1108
#4  0x0001b044 in apply_predicate (pathname=0x59778 "ThingsToDo",
    stat_buf=0xffbff5e0, p=0x59268) at util.c:988
#5  0x00016dd8 in pred_and (pathname=0x59778 "ThingsToDo",
    stat_buf=0xffbff5e0, pred_ptr=0x59188) at pred.c:327
#6  0x0001b044 in apply_predicate (pathname=0x59778 "ThingsToDo",
    stat_buf=0xffbff5e0, p=0x59188) at util.c:988
#7  0x00015430 in find (arg=<value optimized out>) at ftsfind.c:237
#8  0x00015674 in main (argc=<value optimized out>, argv=<value optimized out>)
    at ftsfind.c:637

The installation tests did not catch this error: all of them passed.

I made this trivial patch:

% diff -c find/pred.c.~1~ find/pred.c
*** find/pred.c.~1~     Sat Jun 21 06:02:51 2008
--- find/pred.c Fri Sep 12 14:00:31 2008
***************
*** 2073,2078 ****
--- 2073,2083 ----
    boolean done = false;
    struct tm altered_time;

+   if (buf_size == 0u)
+   {
+       buf_size = 1024u;
+       buf = xmalloc(buf_size);
+   }

    /* If the format expands to nothing (%p in some locales, for
     * example), strftime can return 0.  We actually want to distinguish

This may not logically be the desired thing (e.g., a 1KB size is
arbitrary), but it allows the simple test to complete correctly, and
prevents a NULL pointer being passed to strftime().

I've reinstalled this patched version on our Solaris SPARC systems and
we'll see if further problems arise.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: address@hidden  -
- 155 S 1400 E RM 233                       address@hidden  address@hidden -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------

[Prev in Thread]

Current Thread

[Next in Thread]

[findutils-4.5.2] NULL pointer dereferencing, and a trivial patch, Nelson H. F. Beebe <=
- Re: [findutils-4.5.2] NULL pointer dereferencing, and a trivial patch, James Youngman, 2008/09/13

Prev by Date: Re: findutils -- feature request for database with relative pathnames
Next by Date: Re: [findutils-4.5.2] NULL pointer dereferencing, and a trivial patch
Previous by thread: problema
Next by thread: Re: [findutils-4.5.2] NULL pointer dereferencing, and a trivial patch
Index(es):
- Date
- Thread