On 23/11/16 13:56, Marcel Böhme wrote: > Dear all, > > The following input crashes the od utility 3 out of 10 times. > Seems to depend on startup timing: Couldn’t reproduce it within GDB or > Valgrind. Not sure if its a bug in GNULIB (ftoastr.c) or OD (od.c). > > $ printf "abcde\x00\x00\x00a " | od -tazfL - > Segmentation fault > > ASAN says: > ==91757==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc > 0x7f757ec161c0 bp 0x7ffc048a5ff0 sp 0x7ffc048a5208 T0) > #0 0x7f757ec161bf (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf) > #1 0x7f757ec16e77 in __printf_fp (/lib/x86_64-linux-gnu/libc.so.6+0x4fe77) > #2 0x7f757ec156d2 in vfprintf (/lib/x86_64-linux-gnu/libc.so.6+0x4e6d2) > #3 0x7f757ecd0164 in __vsnprintf_chk > (/lib/x86_64-linux-gnu/libc.so.6+0x109164) > #4 0x7f757ecd00c7 in __snprintf_chk > (/lib/x86_64-linux-gnu/libc.so.6+0x1090c7) > #5 0x40ce1a in snprintf /usr/include/x86_64-linux-gnu/bits/stdio2.h:64 > #6 0x40ce1a in ldtoastr ../lib/ftoastr.c:131 > #7 0x408e69 in print_long_double ../src/od.c:479 > #8 0x40a2f1 in write_block ../src/od.c:1221 > #9 0x403eec in dump ../src/od.c:1436 > #10 0x403eec in main ../src/od.c:1978 > #11 0x7f757ebe8f44 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) > #12 0x405bd9 (/home/ubuntu/subjects/coreutils/obj-asan/src/od+0x405bd9) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x4f1bf) > > This bug was found by AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham!
Since coreutils-8.24 we have relied on gnulib to indicate whether the system printf routines are safe to use (i.e. crash or not). http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.23-81-gf57bfbb http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.23-176-gb817f62 It seems like we'll have to add another check to gnulib to detect this issue in the system libs? I can't reproduce the issue here BTW with ASAN and running in a tight loop for a few minutes. So perhaps it has been fixed in glibc already? I have glibc-2.22-10.fc23.x86_64 Depending on how widespread the issue is will determine if it's worth adding the check to gnulib. What libc are you using? thanks, Pádraig p.s. I tested od with AFL a lot on this system a while back and didn't find any issues.
