|
From: | GNU bug Tracking System |
Subject: | [debbugs-tracker] bug#13627: closed (cut: Commit 06aeeec reintroduced SEG_FAULT) |
Date: | Mon, 04 Feb 2013 11:54:01 +0000 |
Your message dated Mon, 04 Feb 2013 11:52:28 +0000 with message-id <address@hidden> and subject line Re: bug#13627: cut: Commit 06aeeec reintroduced SEG_FAULT has caused the debbugs.gnu.org bug report #13627, regarding cut: Commit 06aeeec reintroduced SEG_FAULT to be marked as done. (If you believe you have received this mail in error, please contact address@hidden) -- 13627: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13627 GNU Bug Tracking System Contact address@hidden with problems
--- Begin Message ---Subject: cut: Commit 06aeeec reintroduced SEG_FAULT Date: Mon, 4 Feb 2013 10:22:02 +0100 (CET) Dear all,The current version of cut (after 6.12.2012) exposes a SEG_FAULT:$echo 123 | cut --output-del="." -b-1,999999999-How the commit introduces the bug:Earlier, memory of length eol_start_length was allocated for the array printable_field - if max_range_endpoint < eol_start_length. So the access at eol_start_length would succeed.Now, even if max_range_endpoint < eol_start_length, as long as max_range_endpoint > 0, just like before, memory of length max_range_endpoint is allocated for array printable_field which is accessed "out-of-bounds" at eol_start_length in line 534.Just for historical purposes:Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges: http://debbugs.gnu.org/7993.This bug was fixed in Commit 2e636af1which itself introduces a memory leak: https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html.This bug was fixed in Commit ec48bead which itself re-introduces the SEG_FAULT: reported here.Best regards,Marcel
--- End Message ---
--- Begin Message ---Subject: Re: bug#13627: cut: Commit 06aeeec reintroduced SEG_FAULT Date: Mon, 04 Feb 2013 11:52:28 +0000 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 On 02/04/2013 09:22 AM, Marcel Böhme wrote:Dear all, The current version of cut (after 6.12.2012) exposes a SEG_FAULT: $echo 123 | cut --output-del="." -b-1,999999999- How the commit introduces the bug: Earlier, memory of length eol_start_length was allocated for the array printable_field - if max_range_endpoint < eol_start_length. So the access at eol_start_length would succeed. Now, even if max_range_endpoint < eol_start_length, as long as max_range_endpoint > 0, just like before, memory of length max_range_endpoint is allocated for array printable_field which is accessed "out-of-bounds" at eol_start_length in line 534. Just for historical purposes: Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges: http://debbugs.gnu.org/7993. This bug was fixed in Commit 2e636af1which itself introduces a memory leak: https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html. This bug was fixed in Commit ec48bead which itself re-introduces the SEG_FAULT: reported here.Nice one! The attached should fix it. thanks, Pádraig.cut-fix-seg.patch
Description: Text Data
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |