[bug #51841] find buffer-overflow with -printf '%T+'

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #51841] find buffer-overflow with -printf '%T+'

From:	Andreas Metzler
Subject:	[bug #51841] find buffer-overflow with -printf '%T+'
Date:	Thu, 24 Aug 2017 13:54:39 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0

URL:
  <http://savannah.gnu.org/bugs/?51841>

                 Summary: find buffer-overflow with -printf '%T+'
                 Project: findutils
            Submitted by: ametzler
            Submitted on: Thu 24 Aug 2017 07:54:37 PM CEST
                Category: find
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: None
           Fixed Release: None

    _______________________________________________________

Details:

Hello,

this is https://bugs.debian.org/873032 reported by Ryan <address@hidden>:
-------------------------------------
The findutils/find version now in buster 4.6.0+git+20170729-2 fails when I use
find with -printf '%T+'.  If I change the time format away from + to @, it
works fine.

Example bad run:
➜  find . -mindepth 1 -maxdepth 1 -printf '%T+=%p\n'
*** buffer overflow detected ***: find terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7efe96d69bfb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7efe96df21e7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7320)[0x7efe96df0320]
find(+0xe56b)[0x558ab5db156b]
find(+0xf273)[0x558ab5db2273]
find(+0xdbe9)[0x558ab5db0be9]
find(+0xdbe9)[0x558ab5db0be9]
find(+0x7de9)[0x558ab5daade9]
find(+0x74d1)[0x558ab5daa4d1]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7efe96d192e1]
find(+0x761a)[0x558ab5daa61a]
======= Memory map: ========
558ab5da3000-558ab5ddb000 r-xp 00000000 fe:01 6554946                   
/usr/bin/find
558ab5fdb000-558ab5fdd000 r--p 00038000 fe:01 6554946                   
/usr/bin/find
558ab5fdd000-558ab5fde000 rw-p 0003a000 fe:01 6554946                   
/usr/bin/find
558ab5fde000-558ab5fdf000 rw-p 00000000 00:00 0 
558ab6b5b000-558ab6b7c000 rw-p 00000000 00:00 0                         
[heap]
7efe9644e000-7efe96464000 r-xp 00000000 fe:01 6422603                   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96464000-7efe96663000 ---p 00016000 fe:01 6422603                   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96663000-7efe96664000 r--p 00015000 fe:01 6422603                   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96664000-7efe96665000 rw-p 00016000 fe:01 6422603                   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7efe96665000-7efe9667d000 r-xp 00000000 fe:01 6422812                   
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9667d000-7efe9687c000 ---p 00018000 fe:01 6422812                   
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9687c000-7efe9687d000 r--p 00017000 fe:01 6422812                   
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9687d000-7efe9687e000 rw-p 00018000 fe:01 6422812                   
/lib/x86_64-linux-gnu/libpthread-2.24.so
7efe9687e000-7efe96882000 rw-p 00000000 00:00 0 
7efe96882000-7efe96884000 r-xp 00000000 fe:01 6422773                   
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96884000-7efe96a84000 ---p 00002000 fe:01 6422773                   
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96a84000-7efe96a85000 r--p 00002000 fe:01 6422773                   
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96a85000-7efe96a86000 rw-p 00003000 fe:01 6422773                   
/lib/x86_64-linux-gnu/libdl-2.24.so
7efe96a86000-7efe96af8000 r-xp 00000000 fe:01 6422696                   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96af8000-7efe96cf7000 ---p 00072000 fe:01 6422696                   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96cf7000-7efe96cf8000 r--p 00071000 fe:01 6422696                   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96cf8000-7efe96cf9000 rw-p 00072000 fe:01 6422696                   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7efe96cf9000-7efe96e8c000 r-xp 00000000 fe:01 6422769                   
/lib/x86_64-linux-gnu/libc-2.24.so
7efe96e8c000-7efe9708c000 ---p 00193000 fe:01 6422769                   
/lib/x86_64-linux-gnu/libc-2.24.so
7efe9708c000-7efe97090000 r--p 00193000 fe:01 6422769                   
/lib/x86_64-linux-gnu/libc-2.24.so
7efe97090000-7efe97092000 rw-p 00197000 fe:01 6422769                   
/lib/x86_64-linux-gnu/libc-2.24.so
7efe97092000-7efe97096000 rw-p 00000000 00:00 0 
7efe97096000-7efe97199000 r-xp 00000000 fe:01 6422783                   
/lib/x86_64-linux-gnu/libm-2.24.so
7efe97199000-7efe97398000 ---p 00103000 fe:01 6422783                   
/lib/x86_64-linux-gnu/libm-2.24.so
7efe97398000-7efe97399000 r--p 00102000 fe:01 6422783                   
/lib/x86_64-linux-gnu/libm-2.24.so
7efe97399000-7efe9739a000 rw-p 00103000 fe:01 6422783                   
/lib/x86_64-linux-gnu/libm-2.24.so
7efe9739a000-7efe973bf000 r-xp 00000000 fe:01 6422612                   
/lib/x86_64-linux-gnu/libselinux.so.1
7efe973bf000-7efe975be000 ---p 00025000 fe:01 6422612                   
/lib/x86_64-linux-gnu/libselinux.so.1
7efe975be000-7efe975bf000 r--p 00024000 fe:01 6422612                   
/lib/x86_64-linux-gnu/libselinux.so.1
7efe975bf000-7efe975c0000 rw-p 00025000 fe:01 6422612                   
/lib/x86_64-linux-gnu/libselinux.so.1
7efe975c0000-7efe975c2000 rw-p 00000000 00:00 0 
7efe975c2000-7efe975e5000 r-xp 00000000 fe:01 6422605                   
/lib/x86_64-linux-gnu/ld-2.24.so
7efe97629000-7efe977c4000 r--p 00000000 fe:01 6567535                   
/usr/lib/locale/locale-archive
7efe977c4000-7efe977c9000 rw-p 00000000 00:00 0 
7efe977e1000-7efe977e5000 rw-p 00000000 00:00 0 
7efe977e5000-7efe977e6000 r--p 00023000 fe:01 6422605                   
/lib/x86_64-linux-gnu/ld-2.24.so
7efe977e6000-7efe977e7000 rw-p 00024000 fe:01 6422605                   
/lib/x86_64-linux-gnu/ld-2.24.so
7efe977e7000-7efe977e8000 rw-p 00000000 00:00 0 
7ffda1b71000-7ffda1b92000 rw-p 00000000 00:00 0                         
[stack]
7ffda1bf8000-7ffda1bfb000 r--p 00000000 00:00 0                         
[vvar]
7ffda1bfb000-7ffda1bfd000 r-xp 00000000 00:00 0                         
[vdso]
[1]    29180 abort      find . -mindepth 1 -maxdepth 1 -printf '%T+=%p\n'
-------------------------------------

Reproducing requires building find with -D_FORTIFY_SOURCE=2 in CPPFLAGS. I
have bisected the issue, the point of breakage is not very surprising:

95816b29d46fb6b64754d4a66e7d918b3f134a1f is the first bad commit
commit 95816b29d46fb6b64754d4a66e7d918b3f134a1f
Author: James Youngman <address@hidden>
Date:   Sun Jul 23 22:19:42 2017 +0100

    find: avoid strftime's non-portable %F specifier.

    * find/print.c (format_date): Avoid passing %F to strftime since
    some implementation lack it.  Pass the synonymous %Y-%m-%d
    instead.  This fixes a bug manifesting on HP Tru64 UNIX V5.1B.
    Reported by Steven M. Schweda <address@hidden>.

cu Andreas





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51841>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #51841] find buffer-overflow with -printf '%T+', Andreas Metzler <=
- [bug #51841] find buffer-overflow with -printf '%T+', Kamil Dudka, 2017/08/25
  - [bug #51841] find buffer-overflow with -printf '%T+', Bernhard Voelker, 2017/08/28

Prev by Date: [bug #51711] non-helping error output with find
Next by Date: [bug #51841] find buffer-overflow with -printf '%T+'
Previous by thread: SIGSEGV in partial_quotearg_n()
Next by thread: [bug #51841] find buffer-overflow with -printf '%T+'
Index(es):
- Date
- Thread