On 2019-12-22 09:05:42, Frederic Cambus <[email protected]> wrote:
> CVSROOT: /cvs
> Module name: ports
> Changes by: [email protected] 2019/12/22 09:05:42
>
> Modified files:
> productivity/ledger: Makefile distinfo
> productivity/ledger/patches: patch-src_CMakeLists_txt
> productivity/ledger/pkg: PLIST
> Removed files:
> productivity/ledger/patches: patch-src_item_h
>
> Log message:
> Update ledger to 3.1.3.
>
> This fixes CVE-2017-2807, CVE-2017-2808, CVE-2017-12481, CVE-2017-12482.
>
> OK jca@, Sergey Bronnikov (MAINTAINER)
>
This update causes ledger to segfault when processing commodities.
I can reproduce this with a file consisting of the following
snippet from ledger's manual.
---------8<----------
9/29 Get some stuff at the Inn
Places:Black's Tavern -3 Apples
Places:Black's Tavern -5 Steaks
EverQuest:Inventory
---------8<----------
To reproduce, simply copy the above 4 lines to a file and run
ledger. E.g. "ledger --file test.txt balance"
If I remove the commodities from my (much longer) journal, ledger
works fine when dealing with cash transactions so the bug must be
specific to commodities.
Can anyone else reproduce this?
Unfortunately, I don't see any commits in ledger's GitHub that
stand out as fixing this issue. I do see several commits to
commodity handling in between the previous 3.1.1 release and the
current 3.1.3 release. However, I don't currently have time to
attempt to bisect this.
Backtrace follows.
% sysctl kern.version
kern.version=OpenBSD 6.6-current (GENERIC.MP) #559: Sun Dec 22 23:03:43 MST 2019
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
% ledger bal
zsh: segmentation fault (core dumped) ledger bal
% egdb `which ledger` ledger.core
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-openbsd6.6".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/ledger...done.
[New process 605898]
Core was generated by `ledger'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000dbd4413389 in
std::__1::__hash_table<std::__1::__hash_value_type<ledger::commodity_t*,
ledger::amount_t>, std::__1::__unordered_map_hasher<ledger::commodity_t*,
std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
std::__1::hash<ledger::commodity_t*>, true>,
std::__1::__unordered_map_equal<ledger::commodity_t*,
std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
std::__1::equal_to<ledger::commodity_t*>, true>,
std::__1::allocator<std::__1::__hash_value_type<ledger::commodity_t*,
ledger::amount_t> > >::__deallocate_node (this=0xddd5619520, __np=0x2)
at /usr/include/c++/v1/__hash_table:1584
1584 __next_pointer __next = __np->__next_;
(gdb) bt
#0 0x000000dbd4413389 in
std::__1::__hash_table<std::__1::__hash_value_type<ledger::commodity_t*,
ledger::amount_t>, std::__1::__unordered_map_hasher<ledger::commodity_t*,
std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
std::__1::hash<ledger::commodity_t*>, true>,
std::__1::__unordered_map_equal<ledger::commodity_t*,
std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
std::__1::equal_to<ledger::commodity_t*>, true>,
std::__1::allocator<std::__1::__hash_value_type<ledger::commodity_t*,
ledger::amount_t> > >::__deallocate_node (this=0xddd5619520, __np=0x2)
at /usr/include/c++/v1/__hash_table:1584
#1 0x000000dbd441332c in
std::__1::__hash_table<std::__1::__hash_value_type<ledger::commodity_t*,
ledger::amount_t>, std::__1::__unordered_map_hasher<ledger::commodity_t*,
std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
std::__1::hash<ledger::commodity_t*>, true>,
std::__1::__unordered_map_equal<ledger::commodity_t*,
std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
std::__1::equal_to<ledger::commodity_t*>, true>,
std::__1::allocator<std::__1::__hash_value_type<ledger::commodity_t*,
ledger::amount_t> > >::~__hash_table (this=0xddd5619520)
at /usr/include/c++/v1/__hash_table:1540
#2 0x000000dbd44132cf in std::__1::unordered_map<ledger::commodity_t*,
ledger::amount_t, std::__1::hash<ledger::commodity_t*>,
std::__1::equal_to<ledger::commodity_t*>,
std::__1::allocator<std::__1::pair<ledger::commodity_t* const,
ledger::amount_t> > >::~unordered_map (this=0xddd5619520)
at /usr/include/c++/v1/unordered_map:842
#3 0x000000dbd441328f in ledger::balance_t::~balance_t (this=0xddd5619520)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/balance.h:140
#4 0x000000dbd4413144 in boost::checked_delete<ledger::balance_t>
(x=0xddd5619520)
at /usr/local/include/boost/core/checked_delete.hpp:34
#5 0x000000dbd44130b2 in ledger::value_t::storage_t::destroy
(this=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:219
#6 0x000000dbd4412ff6 in ledger::value_t::storage_t::~storage_t
(this=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:172
#7 0x000000dbd4412fa4 in boost::checked_delete<ledger::value_t::storage_t
const> (x=0xde5ab16300)
at /usr/local/include/boost/core/checked_delete.hpp:34
#8 0x000000dbd4412f4c in ledger::value_t::storage_t::release
(this=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:203
#9 0x000000dbd4412eef in ledger::intrusive_ptr_release
(storage_ptr=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:210
#10 0x000000dbd4404977 in
boost::intrusive_ptr<ledger::value_t::storage_t>::~intrusive_ptr (
this=0x7f7ffffdc510) at
/usr/local/include/boost/smart_ptr/intrusive_ptr.hpp:98
#11 0x000000de062bcf76 in ledger::xact_base_t::finalize() () from
/usr/local/lib/libledger.so.0.0
#12 0x000000de062ada46 in ledger::journal_t::add_xact(ledger::xact_t*) ()
from /usr/local/lib/libledger.so.0.0
#13 0x000000de06293a0e in ledger::(anonymous
namespace)::instance_t::read_next_directive(bool&) ()
from /usr/local/lib/libledger.so.0.0
---Type <return> to continue, or q <return> to quit---
#14 0x000000de0629037b in ledger::(anonymous namespace)::instance_t::parse() ()
from /usr/local/lib/libledger.so.0.0
#15 0x000000de0628fe8a in
ledger::journal_t::read_textual(ledger::parse_context_stack_t&) ()
from /usr/local/lib/libledger.so.0.0
#16 0x000000de062aef7b in
ledger::journal_t::read(ledger::parse_context_stack_t&) ()
from /usr/local/lib/libledger.so.0.0
#17 0x000000de0627ae66 in
ledger::session_t::read_data(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> > const&) () from
/usr/local/lib/libledger.so.0.0
#18 0x000000de0627b90b in ledger::session_t::read_journal_files() ()
from /usr/local/lib/libledger.so.0.0
#19 0x000000dbd43f7ffb in ledger::global_scope_t::execute_command
(this=0xde89ca9000, args=...,
at_repl=false) at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/global.cc:226
#20 0x000000dbd43f8e6c in ledger::global_scope_t::execute_command_wrapper
(this=0xde89ca9000,
args=..., at_repl=false) at
/usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/global.cc:271
#21 0x000000dbd43d998f in main (argc=4, argv=0x7f7ffffe0688,
envp=0x7f7ffffe06b0)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/main.cc:122
(gdb) q
--
Bryan
