Re: Wget crash in printf - bugfix
Hi Tim, Thank you for your response. In a Launchpad bug I've marked this bug as confirmed but, not security relevant: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/2029930/ Kind regards, Mark
Re: Wget crash in printf - bugfix
Hey Mark, On 8/8/23 23:38, Mark Esler wrote: Hi Tim, Will this issue receive a CVE? Would you like help assigning a CVE? We, the maintainers, are understaffed and not even able to fix all incoming bugs. So while we appreciate when you request a CVE for the issue, please understand that we can't be of much help here. Sorry about that :| Regards, Tim Thank you, Mark Esler OpenPGP_signature Description: OpenPGP digital signature
Re: Wget crash in printf - bugfix
Hi Tim, Will this issue receive a CVE? Would you like help assigning a CVE? Thank you, Mark Esler
Re: Wget crash in printf - bugfix
Thanks, your patch is correct. I also added a unit test for retr_rate() to reproduce the issue. Regards, Tim On 8/2/23 15:31, Wiebe Cazemier wrote: Hi, We're getting the following segfault. We haven't been able to reproduce it with debug builds or builds from 'apt-get source wget', so here's a trace from the release build 1.21.2-2ubuntu1 (from Ubuntu 22.04): dmesg line: wget[3522173]: segfault at 1 ip 7f17a81a023c sp 7fff7b14e7f8 error 4 in libc.so.6[7f17a8016000+195000] #0 __strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77 #1 0x7f111424cdb1 in __vfprintf_internal (s=s@entry=0x7ffc2e5c50d0, format=format@entry=0x55e763577735 "%.*f %s", ap=ap@entry=0x7ffc2e5c5250, mode_flags=mode_flags@entry=2) at ./stdio-common/vfprintf-internal.c:1517 #2 0x7f111425e51a in __vsnprintf_internal (string=0x55e763591080 "7.95 GB/s", maxlen=, format=0x55e763577735 "%.*f %s", args=args@entry=0x7ffc2e5c5250, mode_flags=2) at ./libio/vsnprintf.c:114 #3 0x7f111430ace5 in ___snprintf_chk (s=, maxlen=, flag=, slen=, format=) at ./debug/snprintf_chk.c:38 #4 0x55e76353d69c in ?? () #5 0x55e763538656 in ?? () #6 0x55e763542c8b in ?? () #7 0x55e763545482 in ?? () #8 0x55e763517cee in ?? () #9 0x7f11141ffd90 in __libc_start_call_main (main=main@entry=0x55e763516260, argc=argc@entry=4, argv=argv@entry=0x7ffc2e5c5cd8) at ../sysdeps/nptl/libc_start_call_main.h:58 #10 0x7f11141ffe40 in __libc_start_main_impl (main=0x55e763516260, argc=4, argv=0x7ffc2e5c5cd8, init=, fini=, rtld_fini=, stack_end=0x7ffc2e5c5cc8) at ../csu/libc-start.c:392 #11 0x55e7635192d5 in ?? () Attached is a patch to fix something that at least looks like it can cause a crash, but looking at this stack trace, which already shows the formatted string "7.95 GB/s" in the output string, I'm not sure if that is really the fix/cause. Regards, Wiebe OpenPGP_signature Description: OpenPGP digital signature
Wget crash in printf - bugfix
Hi, We're getting the following segfault. We haven't been able to reproduce it with debug builds or builds from 'apt-get source wget', so here's a trace from the release build 1.21.2-2ubuntu1 (from Ubuntu 22.04): dmesg line: wget[3522173]: segfault at 1 ip 7f17a81a023c sp 7fff7b14e7f8 error 4 in libc.so.6[7f17a8016000+195000] #0 __strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77 #1 0x7f111424cdb1 in __vfprintf_internal (s=s@entry=0x7ffc2e5c50d0, format=format@entry=0x55e763577735 "%.*f %s", ap=ap@entry=0x7ffc2e5c5250, mode_flags=mode_flags@entry=2) at ./stdio-common/vfprintf-internal.c:1517 #2 0x7f111425e51a in __vsnprintf_internal (string=0x55e763591080 "7.95 GB/s", maxlen=, format=0x55e763577735 "%.*f %s", args=args@entry=0x7ffc2e5c5250, mode_flags=2) at ./libio/vsnprintf.c:114 #3 0x7f111430ace5 in ___snprintf_chk (s=, maxlen=, flag=, slen=, format=) at ./debug/snprintf_chk.c:38 #4 0x55e76353d69c in ?? () #5 0x55e763538656 in ?? () #6 0x55e763542c8b in ?? () #7 0x55e763545482 in ?? () #8 0x55e763517cee in ?? () #9 0x7f11141ffd90 in __libc_start_call_main (main=main@entry=0x55e763516260, argc=argc@entry=4, argv=argv@entry=0x7ffc2e5c5cd8) at ../sysdeps/nptl/libc_start_call_main.h:58 #10 0x7f11141ffe40 in __libc_start_main_impl (main=0x55e763516260, argc=4, argv=0x7ffc2e5c5cd8, init=, fini=, rtld_fini=, stack_end=0x7ffc2e5c5cc8) at ../csu/libc-start.c:392 #11 0x55e7635192d5 in ?? () Attached is a patch to fix something that at least looks like it can cause a crash, but looking at this stack trace, which already shows the formatted string "7.95 GB/s" in the output string, I'm not sure if that is really the fix/cause. Regards, Wiebe 0001-Fix-missing-speed-category-and-possible-crash.patch Description: application/mbox