[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25003: Bug in SPLIT utility
From: |
Pádraig Brady |
Subject: |
bug#25003: Bug in SPLIT utility |
Date: |
Wed, 23 Nov 2016 22:16:40 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 23/11/16 17:30, Jim Meyering wrote:
> On Wed, Nov 23, 2016 at 5:22 AM, Marcel Böhme <address@hidden> wrote:
>> Dear all,
>>
>> We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
>> We’ll be reporting each found bug separately.
>>
>> On Coreutils v8.25 and trunk, the following input crashes.
>> Option -n was introduced with v8.8.
>>
>> $ ./split -n7/75 7
>> Segmentation fault
>>
>> ASAN says:
>> =================================================================
>> ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
>> #0 0x7f8820eb9a10 in memmove
>> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10)
>> #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
>> #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
>> #3 0x404d12 in main ../src/split.c:1625
>> #4 0x7f881fd9cf44 in __libc_start_main
>> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>> #5 0x4064a9
>> (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)
>>
>> 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region
>> [0x7f8821f99800,0x7f8821fba800)
>> allocated by thread T0 here:
>> #0 0x7f8820f193a8 in __interceptor_malloc
>> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
>> #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41
>>
>> SUMMARY: AddressSanitizer: negative-size-param
>> (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
>
> Thank you for the report.
> Would you please provide the contents of your file named "7"?
That's immaterial I think. I can reproduce with:
src/split -n2/3 /dev/null
I'll dig into these