On Tue, Dec 24 2019, Bryan Linton <[email protected]> wrote:
> On 2019-12-22 09:05:42, Frederic Cambus <[email protected]> wrote:
>> CVSROOT: /cvs
>> Module name: ports
>> Changes by: [email protected] 2019/12/22 09:05:42
>>
>> Modified files:
>> productivity/ledger: Makefile distinfo
>> productivity/ledger/patches: patch-src_CMakeLists_txt
>> productivity/ledger/pkg: PLIST
>> Removed files:
>> productivity/ledger/patches: patch-src_item_h
>>
>> Log message:
>> Update ledger to 3.1.3.
>>
>> This fixes CVE-2017-2807, CVE-2017-2808, CVE-2017-12481, CVE-2017-12482.
>>
>> OK jca@, Sergey Bronnikov (MAINTAINER)
>>
>
> This update causes ledger to segfault when processing commodities.
>
> I can reproduce this with a file consisting of the following
> snippet from ledger's manual.
>
> ---------8<----------
>
> 9/29 Get some stuff at the Inn
> Places:Black's Tavern -3 Apples
> Places:Black's Tavern -5 Steaks
> EverQuest:Inventory
>
> ---------8<----------
>
> To reproduce, simply copy the above 4 lines to a file and run
> ledger. E.g. "ledger --file test.txt balance"
>
> If I remove the commodities from my (much longer) journal, ledger
> works fine when dealing with cash transactions so the bug must be
> specific to commodities.
>
> Can anyone else reproduce this?
Using your testcase, nope:
--8<--
ritchie ~/tmp$ ledger -f testcase balance; echo "status: $?"; ledger --version
| head -n1
3 Apples
5 Steaks EverQuest:Inventory
-3 Apples
-5 Steaks Places:Black's Tavern
--------------------
0
status: 0
Ledger 3.1.3-20190331, the command-line accounting tool
-->8--
> Unfortunately, I don't see any commits in ledger's GitHub that
> stand out as fixing this issue. I do see several commits to
> commodity handling in between the previous 3.1.1 release and the
> current 3.1.3 release. However, I don't currently have time to
> attempt to bisect this.
>
> Backtrace follows.
>
> % sysctl kern.version
> kern.version=OpenBSD 6.6-current (GENERIC.MP) #559: Sun Dec 22 23:03:43 MST
> 2019
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> % ledger bal
> zsh: segmentation fault (core dumped) ledger bal
>
> % egdb `which ledger` ledger.core
> GNU gdb (GDB) 7.12.1
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-openbsd6.6".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from /usr/local/bin/ledger...done.
> [New process 605898]
> Core was generated by `ledger'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x000000dbd4413389 in
> std::__1::__hash_table<std::__1::__hash_value_type<ledger::commodity_t*,
> ledger::amount_t>, std::__1::__unordered_map_hasher<ledger::commodity_t*,
> std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
> std::__1::hash<ledger::commodity_t*>, true>,
> std::__1::__unordered_map_equal<ledger::commodity_t*,
> std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
> std::__1::equal_to<ledger::commodity_t*>, true>,
> std::__1::allocator<std::__1::__hash_value_type<ledger::commodity_t*,
> ledger::amount_t> > >::__deallocate_node (this=0xddd5619520, __np=0x2)
> at /usr/include/c++/v1/__hash_table:1584
> 1584 __next_pointer __next = __np->__next_;
> (gdb) bt
> #0 0x000000dbd4413389 in
> std::__1::__hash_table<std::__1::__hash_value_type<ledger::commodity_t*,
> ledger::amount_t>, std::__1::__unordered_map_hasher<ledger::commodity_t*,
> std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
> std::__1::hash<ledger::commodity_t*>, true>,
> std::__1::__unordered_map_equal<ledger::commodity_t*,
> std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
> std::__1::equal_to<ledger::commodity_t*>, true>,
> std::__1::allocator<std::__1::__hash_value_type<ledger::commodity_t*,
> ledger::amount_t> > >::__deallocate_node (this=0xddd5619520, __np=0x2)
> at /usr/include/c++/v1/__hash_table:1584
> #1 0x000000dbd441332c in
> std::__1::__hash_table<std::__1::__hash_value_type<ledger::commodity_t*,
> ledger::amount_t>, std::__1::__unordered_map_hasher<ledger::commodity_t*,
> std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
> std::__1::hash<ledger::commodity_t*>, true>,
> std::__1::__unordered_map_equal<ledger::commodity_t*,
> std::__1::__hash_value_type<ledger::commodity_t*, ledger::amount_t>,
> std::__1::equal_to<ledger::commodity_t*>, true>,
> std::__1::allocator<std::__1::__hash_value_type<ledger::commodity_t*,
> ledger::amount_t> > >::~__hash_table (this=0xddd5619520)
> at /usr/include/c++/v1/__hash_table:1540
> #2 0x000000dbd44132cf in std::__1::unordered_map<ledger::commodity_t*,
> ledger::amount_t, std::__1::hash<ledger::commodity_t*>,
> std::__1::equal_to<ledger::commodity_t*>,
> std::__1::allocator<std::__1::pair<ledger::commodity_t* const,
> ledger::amount_t> > >::~unordered_map (this=0xddd5619520)
> at /usr/include/c++/v1/unordered_map:842
> #3 0x000000dbd441328f in ledger::balance_t::~balance_t (this=0xddd5619520)
> at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/balance.h:140
> #4 0x000000dbd4413144 in boost::checked_delete<ledger::balance_t>
> (x=0xddd5619520)
> at /usr/local/include/boost/core/checked_delete.hpp:34
> #5 0x000000dbd44130b2 in ledger::value_t::storage_t::destroy
> (this=0xde5ab16300)
> at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:219
> #6 0x000000dbd4412ff6 in ledger::value_t::storage_t::~storage_t
> (this=0xde5ab16300)
> at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:172
> #7 0x000000dbd4412fa4 in boost::checked_delete<ledger::value_t::storage_t
> const> (x=0xde5ab16300)
> at /usr/local/include/boost/core/checked_delete.hpp:34
> #8 0x000000dbd4412f4c in ledger::value_t::storage_t::release
> (this=0xde5ab16300)
> at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:203
> #9 0x000000dbd4412eef in ledger::intrusive_ptr_release
> (storage_ptr=0xde5ab16300)
> at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:210
> #10 0x000000dbd4404977 in
> boost::intrusive_ptr<ledger::value_t::storage_t>::~intrusive_ptr (
> this=0x7f7ffffdc510) at
> /usr/local/include/boost/smart_ptr/intrusive_ptr.hpp:98
> #11 0x000000de062bcf76 in ledger::xact_base_t::finalize() () from
> /usr/local/lib/libledger.so.0.0
> #12 0x000000de062ada46 in ledger::journal_t::add_xact(ledger::xact_t*) ()
> from /usr/local/lib/libledger.so.0.0
> #13 0x000000de06293a0e in ledger::(anonymous
> namespace)::instance_t::read_next_directive(bool&) ()
> from /usr/local/lib/libledger.so.0.0
> ---Type <return> to continue, or q <return> to quit---
> #14 0x000000de0629037b in ledger::(anonymous namespace)::instance_t::parse()
> ()
> from /usr/local/lib/libledger.so.0.0
> #15 0x000000de0628fe8a in
> ledger::journal_t::read_textual(ledger::parse_context_stack_t&) ()
> from /usr/local/lib/libledger.so.0.0
> #16 0x000000de062aef7b in
> ledger::journal_t::read(ledger::parse_context_stack_t&) ()
> from /usr/local/lib/libledger.so.0.0
> #17 0x000000de0627ae66 in
> ledger::session_t::read_data(std::__1::basic_string<char,
> std::__1::char_traits<char>, std::__1::allocator<char> > const&) () from
> /usr/local/lib/libledger.so.0.0
> #18 0x000000de0627b90b in ledger::session_t::read_journal_files() ()
> from /usr/local/lib/libledger.so.0.0
> #19 0x000000dbd43f7ffb in ledger::global_scope_t::execute_command
> (this=0xde89ca9000, args=...,
> at_repl=false) at
> /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/global.cc:226
> #20 0x000000dbd43f8e6c in ledger::global_scope_t::execute_command_wrapper
> (this=0xde89ca9000,
> args=..., at_repl=false) at
> /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/global.cc:271
> #21 0x000000dbd43d998f in main (argc=4, argv=0x7f7ffffe0688,
> envp=0x7f7ffffe06b0)
> at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/main.cc:122
> (gdb) q
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
