[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #51841] find buffer-overflow with -printf '%T+'
From: |
Andreas Metzler |
Subject: |
[bug #51841] find buffer-overflow with -printf '%T+' |
Date: |
Thu, 24 Aug 2017 13:54:39 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 |
URL:
<http://savannah.gnu.org/bugs/?51841>
Summary: find buffer-overflow with -printf '%T+'
Project: findutils
Submitted by: ametzler
Submitted on: Thu 24 Aug 2017 07:54:37 PM CEST
Category: find
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: None
Fixed Release: None
_______________________________________________________
Details:
Hello,
this is https://bugs.debian.org/873032 reported by Ryan <address@hidden>:
-------------------------------------
The findutils/find version now in buster 4.6.0+git+20170729-2 fails when I use
find with -printf '%T+'. If I change the time format away from + to @, it
works fine.
Example bad run:
➜ find . -mindepth 1 -maxdepth 1 -printf '%T+=%p\n'
*** buffer overflow detected ***: find terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7efe96d69bfb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7efe96df21e7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7320)[0x7efe96df0320]
find(+0xe56b)[0x558ab5db156b]
find(+0xf273)[0x558ab5db2273]
find(+0xdbe9)[0x558ab5db0be9]
find(+0xdbe9)[0x558ab5db0be9]
find(+0x7de9)[0x558ab5daade9]
find(+0x74d1)[0x558ab5daa4d1]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7efe96d192e1]
find(+0x761a)[0x558ab5daa61a]
======= Memory map: ========
558ab5da3000-558ab5ddb000 r-xp 00000000 fe:01 6554946
/usr/bin/find
558ab5fdb000-558ab5fdd000 r--p 00038000 fe:01 6554946
/usr/bin/find
558ab5fdd000-558ab5fde000 rw-p 0003a000 fe:01 6554946
/usr/bin/find
558ab5fde000-558ab5fdf000 rw-p 00000000 00:00 0
558ab6b5b000-558ab6b7c000 rw-p 00000000 00:00 0
[heap]
7efe9644e000-7efe96464000 r-xp 00000000 fe:01 6422603
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96464000-7efe96663000 ---p 00016000 fe:01 6422603
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96663000-7efe96664000 r--p 00015000 fe:01 6422603
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96664000-7efe96665000 rw-p 00016000 fe:01 6422603
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96665000-7efe9667d000 r-xp 00000000 fe:01 6422812
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9667d000-7efe9687c000 ---p 00018000 fe:01 6422812
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9687c000-7efe9687d000 r--p 00017000 fe:01 6422812
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9687d000-7efe9687e000 rw-p 00018000 fe:01 6422812
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9687e000-7efe96882000 rw-p 00000000 00:00 0
7efe96882000-7efe96884000 r-xp 00000000 fe:01 6422773
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96884000-7efe96a84000 ---p 00002000 fe:01 6422773
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96a84000-7efe96a85000 r--p 00002000 fe:01 6422773
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96a85000-7efe96a86000 rw-p 00003000 fe:01 6422773
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96a86000-7efe96af8000 r-xp 00000000 fe:01 6422696
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96af8000-7efe96cf7000 ---p 00072000 fe:01 6422696
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96cf7000-7efe96cf8000 r--p 00071000 fe:01 6422696
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96cf8000-7efe96cf9000 rw-p 00072000 fe:01 6422696
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96cf9000-7efe96e8c000 r-xp 00000000 fe:01 6422769
/lib/x86_64-linux-gnu/libc-2.24.so
7efe96e8c000-7efe9708c000 ---p 00193000 fe:01 6422769
/lib/x86_64-linux-gnu/libc-2.24.so
7efe9708c000-7efe97090000 r--p 00193000 fe:01 6422769
/lib/x86_64-linux-gnu/libc-2.24.so
7efe97090000-7efe97092000 rw-p 00197000 fe:01 6422769
/lib/x86_64-linux-gnu/libc-2.24.so
7efe97092000-7efe97096000 rw-p 00000000 00:00 0
7efe97096000-7efe97199000 r-xp 00000000 fe:01 6422783
/lib/x86_64-linux-gnu/libm-2.24.so
7efe97199000-7efe97398000 ---p 00103000 fe:01 6422783
/lib/x86_64-linux-gnu/libm-2.24.so
7efe97398000-7efe97399000 r--p 00102000 fe:01 6422783
/lib/x86_64-linux-gnu/libm-2.24.so
7efe97399000-7efe9739a000 rw-p 00103000 fe:01 6422783
/lib/x86_64-linux-gnu/libm-2.24.so
7efe9739a000-7efe973bf000 r-xp 00000000 fe:01 6422612
/lib/x86_64-linux-gnu/libselinux.so.1
7efe973bf000-7efe975be000 ---p 00025000 fe:01 6422612
/lib/x86_64-linux-gnu/libselinux.so.1
7efe975be000-7efe975bf000 r--p 00024000 fe:01 6422612
/lib/x86_64-linux-gnu/libselinux.so.1
7efe975bf000-7efe975c0000 rw-p 00025000 fe:01 6422612
/lib/x86_64-linux-gnu/libselinux.so.1
7efe975c0000-7efe975c2000 rw-p 00000000 00:00 0
7efe975c2000-7efe975e5000 r-xp 00000000 fe:01 6422605
/lib/x86_64-linux-gnu/ld-2.24.so
7efe97629000-7efe977c4000 r--p 00000000 fe:01 6567535
/usr/lib/locale/locale-archive
7efe977c4000-7efe977c9000 rw-p 00000000 00:00 0
7efe977e1000-7efe977e5000 rw-p 00000000 00:00 0
7efe977e5000-7efe977e6000 r--p 00023000 fe:01 6422605
/lib/x86_64-linux-gnu/ld-2.24.so
7efe977e6000-7efe977e7000 rw-p 00024000 fe:01 6422605
/lib/x86_64-linux-gnu/ld-2.24.so
7efe977e7000-7efe977e8000 rw-p 00000000 00:00 0
7ffda1b71000-7ffda1b92000 rw-p 00000000 00:00 0
[stack]
7ffda1bf8000-7ffda1bfb000 r--p 00000000 00:00 0
[vvar]
7ffda1bfb000-7ffda1bfd000 r-xp 00000000 00:00 0
[vdso]
[1] 29180 abort find . -mindepth 1 -maxdepth 1 -printf '%T+=%p\n'
-------------------------------------
Reproducing requires building find with -D_FORTIFY_SOURCE=2 in CPPFLAGS. I
have bisected the issue, the point of breakage is not very surprising:
95816b29d46fb6b64754d4a66e7d918b3f134a1f is the first bad commit
commit 95816b29d46fb6b64754d4a66e7d918b3f134a1f
Author: James Youngman <address@hidden>
Date: Sun Jul 23 22:19:42 2017 +0100
find: avoid strftime's non-portable %F specifier.
* find/print.c (format_date): Avoid passing %F to strftime since
some implementation lack it. Pass the synonymous %Y-%m-%d
instead. This fixes a bug manifesting on HP Tru64 UNIX V5.1B.
Reported by Steven M. Schweda <address@hidden>.
cu Andreas
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51841>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #51841] find buffer-overflow with -printf '%T+',
Andreas Metzler <=