[debbugs-tracker] bug#25003: closed (Bug in SPLIT utility)

[GNU bug Tracking System]

Your message dated Thu, 24 Nov 2016 00:21:24 +0000
with message-id <address@hidden>
and subject line Re: bug#25003: Bug in SPLIT utility
has caused the debbugs.gnu.org bug report #25003,
regarding Bug in SPLIT utility
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
25003: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=25003
GNU Bug Tracking System
Contact address@hidden with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> Bug in SPLIT utility
>
>
>
>
> Date: 
>
> Wed, 23 Nov 2016 21:22:30 +0800
>
>
>
>
> Dear all,
>
> We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
> We’ll be reporting each found bug separately.
>
> On Coreutils v8.25 and trunk, the following input crashes.
> Option -n was introduced with v8.8.
>
> $ ./split -n7/75 7
> Segmentation fault
>
> ASAN says:
> =================================================================
> ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
>     #0 0x7f8820eb9a10 in memmove 
> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
>     #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
>     #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
>     #3 0x404d12 in main ../src/split.c:1625
>     #4 0x7f881fd9cf44 in __libc_start_main 
> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #5 0x4064a9  (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
>
> 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region 
> [0x7f8821f99800,0x7f8821fba800)
> allocated by thread T0 here:
>     #0 0x7f8820f193a8 in __interceptor_malloc 
> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
>     #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
>
> SUMMARY: AddressSanitizer: negative-size-param 
> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
>
> Best regards,
> - Marcel
>
>
> --- End Message ---

--- Begin Message --- Subject: Re: bug#25003: Bug in SPLIT utility Date: Thu, 24 Nov 2016 00:21:24 +0000 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 23/11/16 22:16, Pádraig Brady wrote:
> On 23/11/16 17:30, Jim Meyering wrote:
>> On Wed, Nov 23, 2016 at 5:22 AM, Marcel Böhme <address@hidden> wrote:
>>> Dear all,
>>>
>>> We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
>>> We’ll be reporting each found bug separately.
>>>
>>> On Coreutils v8.25 and trunk, the following input crashes.
>>> Option -n was introduced with v8.8.
>>>
>>> $ ./split -n7/75 7
>>> Segmentation fault
>>>
>>> ASAN says:
>>> =================================================================
>>> ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
>>>     #0 0x7f8820eb9a10 in memmove 
>>> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
>>>     #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
>>>     #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
>>>     #3 0x404d12 in main ../src/split.c:1625
>>>     #4 0x7f881fd9cf44 in __libc_start_main 
>>> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>>>     #5 0x4064a9  
>>> (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
>>>
>>> 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region 
>>> [0x7f8821f99800,0x7f8821fba800)
>>> allocated by thread T0 here:
>>>     #0 0x7f8820f193a8 in __interceptor_malloc 
>>> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
>>>     #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
>>>
>>> SUMMARY: AddressSanitizer: negative-size-param 
>>> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
>>
>> Thank you for the report.
>> Would you please provide the contents of your file named "7"?
> 
> That's immaterial I think. I can reproduce with:
>   src/split -n2/3 /dev/null
> I'll dig into these

Patch attached.

thanks!
Pádraig

split-n-corruption.patch
Description: Text Data

--- End Message ---