emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#13627: closed (cut: Commit 06aeeec reintroduced SE

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#13627: closed (cut: Commit 06aeeec reintroduced SEG_FAULT)
Date: Mon, 04 Feb 2013 11:54:01 +0000 
Your message dated Mon, 04 Feb 2013 11:52:28 +0000
with message-id <address@hidden>
and subject line Re: bug#13627: cut: Commit 06aeeec reintroduced SEG_FAULT
has caused the debbugs.gnu.org bug report #13627,
regarding cut: Commit 06aeeec reintroduced SEG_FAULT
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
13627: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13627
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: cut: Commit 06aeeec reintroduced SEG_FAULT Date: Mon, 4 Feb 2013 10:22:02 +0100 (CET)
Dear all,

The current version of cut (after 6.12.2012) exposes a SEG_FAULT:
$echo 123 | cut --output-del="." -b-1,999999999-

How the commit introduces the bug:
Earlier, memory of length eol_start_length was allocated for the array printable_field - if max_range_endpoint < eol_start_length. So the access at eol_start_length would succeed.
Now, even if max_range_endpoint < eol_start_length, as long as max_range_endpoint > 0, just like before, memory of length max_range_endpoint is allocated for array printable_field which is accessed "out-of-bounds" at eol_start_length in line 534.

Just for historical purposes:
Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges: http://debbugs.gnu.org/7993.
This bug was fixed in Commit 2e636af1which itself introduces a memory leak: https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html.
This bug was fixed in Commit ec48bead which itself re-introduces the SEG_FAULT: reported here.

Best regards,
 Marcel

--- End Message ---
--- Begin Message --- Subject: Re: bug#13627: cut: Commit 06aeeec reintroduced SEG_FAULT Date: Mon, 04 Feb 2013 11:52:28 +0000 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 
On 02/04/2013 09:22 AM, Marcel Böhme wrote:

    Dear all,
    The current version of cut (after 6.12.2012) exposes a SEG_FAULT:
    $echo 123 | cut --output-del="." -b-1,999999999-
    How the commit introduces the bug:
    Earlier, memory of length eol_start_length was allocated for the array
    printable_field - if max_range_endpoint < eol_start_length. So the
    access at eol_start_length would succeed.
    Now, even if max_range_endpoint < eol_start_length, as long as
    max_range_endpoint > 0, just like before, memory of length
    max_range_endpoint is allocated for array printable_field which is
    accessed "out-of-bounds" at eol_start_length in line 534.
    Just for historical purposes:
    Commit 7380cf79 introduces a SEG_FAULT on large open-ended ranges:
    http://debbugs.gnu.org/7993.
    This bug was fixed in Commit 2e636af1which itself introduces a memory
    leak:
    https://lists.gnu.org/archive/html/bug-coreutils/2012-12/msg00017.html.
    This bug was fixed in Commit ec48bead which itself re-introduces the
    SEG_FAULT: reported here.


Nice one!
The attached should fix it.

thanks,
Pádraig.

Attachment: cut-fix-seg.patch
Description: Text Data


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]