https://bugzilla.redhat.com/show_bug.cgi?id=1711098
Bug ID: 1711098
Summary: Segmentation Fault in UUlib.so (ScanData) used in
perl-Convert-UUlib
Product: Fedora EPEL
Version: epel7
Hardware: x86_64
OS: Linux
Status: NEW
Component: perl-Convert-UUlib
Severity: medium
Assignee: redhat-bugzi...@linuxnetz.de
Reporter: ndu...@jadeworld.com
QA Contact: extras...@fedoraproject.org
CC: perl-devel@lists.fedoraproject.org,
redhat-bugzi...@linuxnetz.de
Target Milestone: ---
Classification: Fedora
Description of problem:
When processing certain text, a segmentation fault is generated in the ScanData
method in UUlib.so.
Version-Release number of selected component (if applicable):
perl-Convert-UUlib-1.5-1.el7.x86_64
How reproducible:
Always
Steps to Reproduce:
1. The following Perl script uses UUlib to read files and process them.
-- >8 cut here --
use Convert::UUlib ':all';
LoadFile 'badfile';
-- >8 cut here --
2. The following input file, when passed to the above Perl, causes the
Segmentation Fault. Save this text to a file named "badfile".
-- >8 cut here --
a
a
Content-Type: text/plain
-- >8 cut here --
This is a hexdump of badfile to show the bytes.
$ hexdump -C badfile
00000000 61 0a 0a 61 0a 0a 43 6f 6e 74 65 6e 74 2d 54 79 |a..a..Content-Ty|
00000010 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0a |pe: text/plain.|
0000001f
$ wc badfile
5 4 31 badfile
3. With the Perl code saved in foo.pl and the text from step 2 saved in a file
named badfile, run:
$ perl foo.pl
Segmentation fault
Actual results:
Segmentation fault.
Expected results:
Library should read text and either produce an error if badly formed, otherwise
it should decode it.
Additional info:
This is what I see in gdb.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 (Maipo)
$ gdb perl
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/perl...Reading symbols from
/usr/lib/debug/usr/bin/perl.debug...done.
done.
(gdb) run foo.pl
Starting program: /usr/bin/perl foo.pl
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffefdb6972 in ScanData (datei=datei@entry=0x62a3c0,
errcode=errcode@entry=0x7fffffffdf78,
boundary=boundary@entry=0x0, ismime=<optimized out>,
checkheaders=checkheaders@entry=1,
result=result@entry=0x626c50, fname=0x6284e0 "badfile") at uuscan.c:821
821 while (!isspace (*p2) && *p2 != ';') p2++;
(gdb) print p2
$1 = 0x7ffff7f41c0d "text/plain"
(gdb) list
816 break;
817 }
818 if ((ptr = strchr (line, ':')) != NULL) {
819 ptr++;
820 while (isspace (*ptr)) ptr++; p2 = ptr;
821 while (!isspace (*p2) && *p2 != ';') p2++;
822 c = *p2; *p2 = '\0';
823 if (p2 != ptr) {
824 _FP_free (result->mimetype);
825 result->mimetype = _FP_strdup (ptr);
(gdb) bt
#0 0x00007fffefdb6972 in ScanData (datei=datei@entry=0x62a3c0,
errcode=errcode@entry=0x7fffffffdf78,
boundary=boundary@entry=0x0, ismime=<optimized out>,
checkheaders=checkheaders@entry=1,
result=result@entry=0x626c50, fname=0x6284e0 "badfile") at uuscan.c:821
#1 0x00007fffefdb878c in ScanPart (datei=datei@entry=0x62a3c0,
fname=fname@entry=0x6284e0 "badfile",
errcode=errcode@entry=0x7fffffffdf78) at uuscan.c:3141
#2 0x00007fffefda848a in UULoadFileWithPartNo
(filename=filename@entry=0x6284e0 "badfile",
fileid=0x6284e0 "badfile", fileid@entry=0x0, delflag=delflag@entry=0,
partno=partno@entry=-1,
partcount=partcount@entry=0x7fffffffe074) at uulib.c:790
#3 0x00007fffefda5181 in XS_Convert__UUlib_LoadFile (my_perl=<optimized out>,
cv=<optimized out>)
at UUlib.xs:382
#4 0x00007ffff7b0941f in Perl_pp_entersub (my_perl=0x603010) at pp_hot.c:2778
#5 0x00007ffff7b01b96 in Perl_runops_standard (my_perl=0x603010) at run.c:41
#6 0x00007ffff7a9e985 in S_run_body (oldscope=<optimized out>,
my_perl=<optimized out>) at perl.c:2402
#7 perl_run (my_perl=0x603010) at perl.c:2320
#8 0x0000000000400ce9 in main (argc=3, argv=0x7fffffffe398,
env=0x7fffffffe3b8) at perlmain.c:120
This bug is causing problems with Amavis for us because Amavis uses
perl-Convert-UUlib to decode some mime attachments, and one of them is now
causing crashes in the scanner. I've narrowed down the text in the attachment
as much as possible. Removing any line or even a character in the file means
the segmentation faults stop. The letter "a" in the first two lines can be
replaced with any character or group of characters, but the last line must
remain unchanged.
There are no funny characters in the input file, nor DOS line-endings, as shown
by the hexdump above.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
