[sr #106430] grep 2.5.1 with `-ri' segfaults when parsing binary

bug-grep

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #106430] grep 2.5.1 with `-ri' segfaults when parsing binary

From:	anonymous
Subject:	[sr #106430] grep 2.5.1 with `-ri' segfaults when parsing binary
Date:	Tue, 08 Jul 2008 01:51:42 +0000
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

URL:
  <http://savannah.gnu.org/support/?106430>

                 Summary: grep 2.5.1 with `-ri' segfaults when parsing binary
                 Project: grep
            Submitted by: None
            Submitted on: Tuesday 07/08/2008 at 01:51 UTC
                Category: None
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: GNU/Linux

    _______________________________________________________

Details:

I can only reproduce this issue when scanning this file, and as such I've
attached the bad binary and the coredump (both files are tar/gzipped).

This issue occurs regardless of where I grep the file from, so the issue is
most certainly the file.

strace grep -ri 'make tests as root' *

# ...

open("testcases/kernel/mem/shmt/shmt07", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=14124, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\2\0\3\0\1\0\0\0L\211\4"..., 626688)
= 14124
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++
Process 22977 detached
bash-3.00$ grep --version
grep (GNU grep) 2.5.1

Copyright 1988, 1992-1999, 2000, 2001 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

bash-3.00$ uname -a
Linux sjc-lds-252 2.6.9-42.7.ELsmp #1 SMP Tue Sep 5 18:29:39 EDT 2006 i686
i686 i386 GNU/Linux
bash-3.00$ cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 4)
bash-3.00$ grep -ri 'make tests as root' "testcases/kernel/mem/shmt/shmt07"
*** glibc detected *** corrupted double-linked list: 0x08e750d0 ***
Aborted (core dumped)
gdb `which grep` core.grep.23837
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols
found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `grep -ri make tests as root
testcases/kernel/mem/shmt/shmt07'.
Program terminated with signal 6, Aborted.
Reading symbols from /lib/libpcre.so.0...(no debugging symbols
found)...done.
Loaded symbols for /lib/libpcre.so.0
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.2

#0  0x002757a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) where
#0  0x002757a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x002dd7a5 in raise () from /lib/tls/libc.so.6
#2  0x002df209 in abort () from /lib/tls/libc.so.6
#3  0x0031171a in __libc_message () from /lib/tls/libc.so.6
#4  0x00319c9a in _int_realloc () from /lib/tls/libc.so.6
#5  0x0031aad6 in realloc () from /lib/tls/libc.so.6
#6  0x003579f5 in extend_buffers () from /lib/tls/libc.so.6
#7  0x00360da7 in re_search_internal () from /lib/tls/libc.so.6
#8  0x003621b3 in re_search_stub () from /lib/tls/libc.so.6
#9  0x00362623 in re_search () from /lib/tls/libc.so.6
#10 0x080546df in ?? ()
#11 0x088e7970 in ?? ()
#12 0x088ec015 in ?? ()
#13 0x000002e6 in ?? ()
#14 0x00000000 in ?? ()
(gdb) q
bash-3.00$ ls -l /lib/libc.so.6
lrwxrwxrwx  1 root root 13 Mar 31 08:16 /lib/libc.so.6 -> libc-2.3.4.so
/ws/garrcoop/test_int2main_stable/contrib/ltp/obj-ppc/ltp-full-20080430
bash-3.00$ cp $PWD/testcases/kernel/mem/shmt/shmt07 /tmp/
bash-3.00$ grep -ri 'make tests as root' /tmp/shmt07
*** glibc detected *** corrupted double-linked list: 0x09dcd0d0 ***
Aborted (core dumped)



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tuesday 07/08/2008 at 01:51 UTC  Name: grep_coredump.tgz  Size: 27kB  
By: None

<http://savannah.gnu.org/support/download.php?file_id=16025>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?106430>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[sr #106430] grep 2.5.1 with `-ri' segfaults when parsing binary, anonymous <=

Prev by Date: Small bug in grep 2.5.3 on AIX (probably for all platforms)
Next by Date: [bug #23814] Result wrong in multibyte locale
Previous by thread: Small bug in grep 2.5.3 on AIX (probably for all platforms)
Next by thread: [bug #23814] Result wrong in multibyte locale
Index(es):
- Date
- Thread