Bug#739752: bug#17010: Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
On 03/14/2014 03:44 AM, Jim Meyering wrote: On Thu, Mar 13, 2014 at 7:22 PM, Pádraig Brady p...@draigbrady.com wrote: Interesting. So canonicalize_filename_mode() can fail in this case, even with CAN_MISSING. It's unexpected that c_f_m() sets errno=ENOENT when CAN_MISSING is set. I wonder should we change that instead in gnulib? With CAN_MISSING I would expect this function to work on arbitrary strings, including the empty string. What would you have c_f_m(, CAN_MISSING) return? I know of no absolute name corresponding to the dot-relative empty string. Since with CAN_MISSING we should be just degenerating to string processing, I would think it slightly better to return xstrdup(), to avoid special casing that in each caller. I also notice that c_f_m() can return ENOMEM (from areadlink_with_size). It's arguable that we should xalloc_die() within c_f_m() for consistency in that case. However I also notice that c_f_m(, CAN_MISSING) can return ENOENT if the current working dir is unlinked. I'm not sure there is anything else we could do within c_f_m() to handle that. Hence since c_f_m() can validly fail even with CAN_MISSING, I agree your patch is correct. Please push. thanks! Pádraig. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739752: bug#17010: Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
On Fri, Mar 14, 2014 at 4:49 AM, Pádraig Brady p...@draigbrady.com wrote: ... Hence since c_f_m() can validly fail even with CAN_MISSING, I agree your patch is correct. Please push. Done. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739752: bug#17010: Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
On Fri, Mar 14, 2014 at 9:27 AM, Jim Meyering j...@meyering.net wrote: On Fri, Mar 14, 2014 at 4:49 AM, Pádraig Brady p...@draigbrady.com wrote: ... Hence since c_f_m() can validly fail even with CAN_MISSING, I agree your patch is correct. Please push. Done. Hmm... For the record, I also pushed (accidentally) two additional changes that had been languishing in the affected repository. Here they are: From 42d2377b813507d50f5a67076bb20134ceb2fc10 Mon Sep 17 00:00:00 2001 From: Jim Meyering j...@meyering.net Date: Mon, 5 Aug 2013 07:28:34 -0700 Subject: [PATCH 1/2] scripts: autotools-install: update * scripts/autotools-install: Update version numbers of latest automake and gettext packages. --- scripts/autotools-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/autotools-install b/scripts/autotools-install index 403644f..c6a8e36 100755 --- a/scripts/autotools-install +++ b/scripts/autotools-install @@ -24,9 +24,9 @@ tarballs=' http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz http://ftp.gnu.org/gnu/m4/m4-1.4.16.tar.gz http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz - http://ftp.gnu.org/gnu/automake/automake-1.12.6.tar.gz + http://ftp.gnu.org/gnu/automake/automake-1.14.tar.gz http://ftp.gnu.org/gnu/libtool/libtool-2.4.2.tar.gz - http://ftp.gnu.org/gnu/gettext/gettext-0.18.2.tar.gz + http://ftp.gnu.org/gnu/gettext/gettext-0.18.3.tar.gz ' usage() { -- 1.9.0.167.g384364b From 4f2118221777dc915f2df4e2ed3b65c68301 Mon Sep 17 00:00:00 2001 From: Jim Meyering meyer...@fb.com Date: Mon, 18 Nov 2013 10:13:06 -0800 Subject: [PATCH 2/2] maint: avoid attribute-const-suggesting warning from gcc * gl/lib/fadvise.c: Use a pragma to turn off this warning option: -Wsuggest-attribute=const. Without this change, building with --enable-gcc-warnings would evoke this error: lib/fadvise.c:25:1: error: function might be candidate for\ attribute 'const' [-Werror=suggest-attribute=const] --- gl/lib/fadvise.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/gl/lib/fadvise.c b/gl/lib/fadvise.c index 3456ce1..562f1eb 100644 --- a/gl/lib/fadvise.c +++ b/gl/lib/fadvise.c @@ -14,6 +14,12 @@ You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. */ +/* Without this pragma, gcc suggests that (given !HAVE_POSIX_FADVISE) + the the fdadvise function might be candidate for attribute 'const'. */ +#if (__GNUC__ == 4 6 = __GNUC_MINOR__) || 4 __GNUC__ +# pragma GCC diagnostic ignored -Wsuggest-attribute=const +#endif + #include config.h #include fadvise.h -- 1.9.0.167.g384364b
Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
On Sat, Feb 22, 2014 at 1:57 AM, Erik Bernstein e...@fscking.org wrote: Package: coreutils Version: 8.21-1 Severity: normal Hi, when ln is run with --relative --symbolic and and empty string as the target, it ungracefully dies with a segmentation fault. The memory violation appears to happen in src/relpath.c:38 when the two input paths are checked for leading slashes: if ((path1[1] == '/') != (path2[1] == '/')) How to reproduce: [1] Open a terminal [2] run: ln -sr '' foobar Result: segmentation fault ln -sr '' foobar Expected result: Some kind of error message ... Thank you for the bug report! That also affected the very latest code in git. Here is a patch: From a6d2db8b6dfe15344aba4aefe9545eb3a4876d45 Mon Sep 17 00:00:00 2001 From: Jim Meyering meyer...@fb.com Date: Thu, 13 Mar 2014 17:05:04 -0700 Subject: [PATCH] ln: with -sr, don't segfault for a TARGET of '' Prior to this change, ln -sr '' F would segfault, attempting to read path2[1] in relpath.c's path_common_prefix function. This problem arises whenever canonicalize_filename_mode returns NULL. * src/ln.c (convert_abs_rel): Call relpath only when both canonicalize_filename_mode calls return non-NULL. * tests/ln/relative.sh: Add a test to trigger this failure. * THANKS.in: List reporter's name/address. * NEWS (Bug fixes): Mention it. Reported by Erik Bernstein in 739...@bugs.debian.org. --- NEWS | 2 ++ THANKS.in| 1 + src/ln.c | 16 ++-- tests/ln/relative.sh | 5 + 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 62966b2..b3ad65c 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,8 @@ GNU coreutils NEWS-*- outline -*- it would display an error, requiring --no-dereference to avoid the issue. [bug introduced in coreutils-5.3.0] + ln -sr '' F no longer segfaults: now it fails with the expected diagnostic + shuf --repeat no longer dumps core if the input is empty. [bug introduced with the --repeat feature in coreutils-8.22] diff --git a/THANKS.in b/THANKS.in index 561d18c..2670265 100644 --- a/THANKS.in +++ b/THANKS.in @@ -193,6 +193,7 @@ Eric G. Miller e...@jps.net Eric Pementepeme...@northpark.edu Eric S. Raymond e...@snark.thyrsus.com Erik Bennettbenn...@cvo.oneworld.com +Erik Bernstein e...@fscking.org Erik Corry e...@kroete2.freinet.de Felix Lee f...@teleport.com Felix Rauch Valenti fra...@cse.unsw.edu.au diff --git a/src/ln.c b/src/ln.c index aab9cf2..6726699 100644 --- a/src/ln.c +++ b/src/ln.c @@ -149,13 +149,17 @@ convert_abs_rel (const char *from, const char *target) char *realdest = canonicalize_filename_mode (targetdir, CAN_MISSING); char *realfrom = canonicalize_filename_mode (from, CAN_MISSING); - /* Write to a PATH_MAX buffer. */ - char *relative_from = xmalloc (PATH_MAX); - - if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) + char *relative_from = NULL; + if (realdest realfrom) { - free (relative_from); - relative_from = NULL; + /* Write to a PATH_MAX buffer. */ + relative_from = xmalloc (PATH_MAX); + + if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) +{ + free (relative_from); + relative_from = NULL; +} } free (targetdir); diff --git a/tests/ln/relative.sh b/tests/ln/relative.sh index 7636695..e8c25dc 100755 --- a/tests/ln/relative.sh +++ b/tests/ln/relative.sh @@ -45,4 +45,9 @@ mkdir web ln -sr latest web/latest test $(readlink web/latest) = '../release2' || fail=1 +# Expect this to fail with exit status 1. +# Prior to coreutils-8.23, it would segfault. +ln -sr '' F +test $? = 1 || fail=1 + Exit $fail -- 1.9.0.167.g384364b
Bug#739752: bug#17010: Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
On 03/14/2014 01:42 AM, Jim Meyering wrote: From a6d2db8b6dfe15344aba4aefe9545eb3a4876d45 Mon Sep 17 00:00:00 2001 From: Jim Meyering meyer...@fb.com Date: Thu, 13 Mar 2014 17:05:04 -0700 Subject: [PATCH] ln: with -sr, don't segfault for a TARGET of '' Prior to this change, ln -sr '' F would segfault, attempting to read path2[1] in relpath.c's path_common_prefix function. This problem arises whenever canonicalize_filename_mode returns NULL. * src/ln.c (convert_abs_rel): Call relpath only when both canonicalize_filename_mode calls return non-NULL. * tests/ln/relative.sh: Add a test to trigger this failure. * THANKS.in: List reporter's name/address. * NEWS (Bug fixes): Mention it. Reported by Erik Bernstein in 739...@bugs.debian.org. We can amend with the now allocated: Fixes http://bugs.gnu.org/17010 diff --git a/NEWS b/NEWS index 62966b2..b3ad65c 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,8 @@ GNU coreutils NEWS-*- outline -*- it would display an error, requiring --no-dereference to avoid the issue. [bug introduced in coreutils-5.3.0] + ln -sr '' F no longer segfaults: now it fails with the expected diagnostic Probably should add: [bug introduced with the --relative feature in coreutils-8.16] diff --git a/src/ln.c b/src/ln.c index aab9cf2..6726699 100644 --- a/src/ln.c +++ b/src/ln.c @@ -149,13 +149,17 @@ convert_abs_rel (const char *from, const char *target) char *realdest = canonicalize_filename_mode (targetdir, CAN_MISSING); char *realfrom = canonicalize_filename_mode (from, CAN_MISSING); Interesting. So canonicalize_filename_mode() can fail in this case, even with CAN_MISSING. It's unexpected that c_f_m() sets errno=ENOENT when CAN_MISSING is set. I wonder should we change that instead in gnulib? With CAN_MISSING I would expect this function to work on arbitrary strings, including the empty string. - /* Write to a PATH_MAX buffer. */ - char *relative_from = xmalloc (PATH_MAX); - - if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) + char *relative_from = NULL; + if (realdest realfrom) { - free (relative_from); - relative_from = NULL; + /* Write to a PATH_MAX buffer. */ + relative_from = xmalloc (PATH_MAX); + + if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) +{ + free (relative_from); + relative_from = NULL; +} } free (targetdir); diff --git a/tests/ln/relative.sh b/tests/ln/relative.sh +# Expect this to fail with exit status 1. +# Prior to coreutils-8.23, it would segfault. +ln -sr '' F +test $? = 1 || fail=1 Won't the ln succeed on FreeBSD as per: http://bugs.gnu.org/13447 thanks, Pádraig. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739752: bug#17010: Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
On Thu, Mar 13, 2014 at 7:22 PM, Pádraig Brady p...@draigbrady.com wrote: On 03/14/2014 01:42 AM, Jim Meyering wrote: From a6d2db8b6dfe15344aba4aefe9545eb3a4876d45 Mon Sep 17 00:00:00 2001 From: Jim Meyering meyer...@fb.com Date: Thu, 13 Mar 2014 17:05:04 -0700 Subject: [PATCH] ln: with -sr, don't segfault for a TARGET of '' Prior to this change, ln -sr '' F would segfault, attempting to read path2[1] in relpath.c's path_common_prefix function. This problem arises whenever canonicalize_filename_mode returns NULL. * src/ln.c (convert_abs_rel): Call relpath only when both canonicalize_filename_mode calls return non-NULL. * tests/ln/relative.sh: Add a test to trigger this failure. * THANKS.in: List reporter's name/address. * NEWS (Bug fixes): Mention it. Reported by Erik Bernstein in 739...@bugs.debian.org. We can amend with the now allocated: Fixes http://bugs.gnu.org/17010 Done. diff --git a/NEWS b/NEWS ... + ln -sr '' F no longer segfaults: now it fails with the expected diagnostic Probably should add: [bug introduced with the --relative feature in coreutils-8.16] Definitely. Thanks. diff --git a/src/ln.c b/src/ln.c index aab9cf2..6726699 100644 --- a/src/ln.c +++ b/src/ln.c @@ -149,13 +149,17 @@ convert_abs_rel (const char *from, const char *target) char *realdest = canonicalize_filename_mode (targetdir, CAN_MISSING); char *realfrom = canonicalize_filename_mode (from, CAN_MISSING); Interesting. So canonicalize_filename_mode() can fail in this case, even with CAN_MISSING. It's unexpected that c_f_m() sets errno=ENOENT when CAN_MISSING is set. I wonder should we change that instead in gnulib? With CAN_MISSING I would expect this function to work on arbitrary strings, including the empty string. What would you have c_f_m(, CAN_MISSING) return? I know of no absolute name corresponding to the dot-relative empty string. diff --git a/tests/ln/relative.sh b/tests/ln/relative.sh +# Expect this to fail with exit status 1. +# Prior to coreutils-8.23, it would segfault. +ln -sr '' F +test $? = 1 || fail=1 Won't the ln succeed on FreeBSD as per: http://bugs.gnu.org/13447 You're right. Good catch. Adjusted as well. Thanks for the speedy and thorough review. Here's a revised patch: From 0093ac8d57a0f1a16fd09d98f6a524dddb6053e7 Mon Sep 17 00:00:00 2001 From: Jim Meyering meyer...@fb.com Date: Thu, 13 Mar 2014 17:05:04 -0700 Subject: [PATCH] ln: with -sr, don't segfault for a TARGET of '' Prior to this change, ln -sr '' F would segfault, attempting to read path2[1] in relpath.c's path_common_prefix function. This problem arises whenever canonicalize_filename_mode returns NULL. * src/ln.c (convert_abs_rel): Call relpath only when both canonicalize_filename_mode calls return non-NULL. * tests/ln/relative.sh: Add a test to trigger this failure. * THANKS.in: List reporter's name/address. * NEWS (Bug fixes): Mention it. Reported by Erik Bernstein in 739...@bugs.debian.org. Fixes http://bugs.gnu.org/17010. --- NEWS | 3 +++ THANKS.in| 1 + src/ln.c | 16 ++-- tests/ln/relative.sh | 5 + 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 62966b2..35d48e5 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,9 @@ GNU coreutils NEWS-*- outline -*- it would display an error, requiring --no-dereference to avoid the issue. [bug introduced in coreutils-5.3.0] + ln -sr '' F no longer segfaults. Now works as expected. + [bug introduced with the --relative feature in coreutils-8.16] + shuf --repeat no longer dumps core if the input is empty. [bug introduced with the --repeat feature in coreutils-8.22] diff --git a/THANKS.in b/THANKS.in index 561d18c..2670265 100644 --- a/THANKS.in +++ b/THANKS.in @@ -193,6 +193,7 @@ Eric G. Miller e...@jps.net Eric Pementepeme...@northpark.edu Eric S. Raymond e...@snark.thyrsus.com Erik Bennettbenn...@cvo.oneworld.com +Erik Bernstein e...@fscking.org Erik Corry e...@kroete2.freinet.de Felix Lee f...@teleport.com Felix Rauch Valenti fra...@cse.unsw.edu.au diff --git a/src/ln.c b/src/ln.c index aab9cf2..6726699 100644 --- a/src/ln.c +++ b/src/ln.c @@ -149,13 +149,17 @@ convert_abs_rel (const char *from, const char *target) char *realdest = canonicalize_filename_mode (targetdir, CAN_MISSING); char *realfrom = canonicalize_filename_mode (from, CAN_MISSING); - /* Write to a PATH_MAX buffer. */ - char *relative_from = xmalloc (PATH_MAX); - - if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) + char *relative_from = NULL; + if (realdest realfrom) { - free (relative_from); - relative_from = NULL; + /* Write to a PATH_MAX buffer. */ + relative_from = xmalloc (PATH_MAX); + + if
Bug#739752: coreutils: ln segfaults when run with --relative and an empty target
Package: coreutils Version: 8.21-1 Severity: normal Hi, when ln is run with --relative --symbolic and and empty string as the target, it ungracefully dies with a segmentation fault. The memory violation appears to happen in src/relpath.c:38 when the two input paths are checked for leading slashes: if ((path1[1] == '/') != (path2[1] == '/')) How to reproduce: [1] Open a terminal [2] run: ln -sr '' foobar Result: segmentation fault ln -sr '' foobar Expected result: Some kind of error message Trace: #0 0x00403370 in path_common_prefix (path1=0x611030 /root, path2=0x0) at src/relpath.c:38 #1 0x004034fe in relpath (can_fname=0x0, can_reldir=0x611030 /root, buf=0x611050 , len=4096) at src/relpath.c:93 #2 0x00402003 in convert_abs_rel (from=0x7fffe3df , target=0x7fffe3e0 foobar) at src/ln.c:144 #3 0x004025ca in do_link (source=0x7fffe3df , dest=0x7fffe3e0 foobar) at src/ln.c:284 #4 0x0040331c in main (argc=4, argv=0x7fffe108) at src/ln.c:631 cheers, erik -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages coreutils depends on: ii libacl1 2.2.52-1 ii libattr1 1:2.4.47-1 ii libc62.17-97 ii libselinux1 2.2.2-1 coreutils recommends no packages. coreutils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org