Public bug reported: mawk corrupts memory and dumps core when processing recent tzdb releases. Although Ubuntu users can work around the problem by using 'make AWK=gawk', it would be better if ordinary 'make' worked (where AWK defaults to awk, and awk on Ubuntu defaults to mawk.
Since this is memory corruption there may well be a security vulnerability in mawk. I have not checked for this, though. A simple fix would be to upgrade mawk to the current upstream release. I see that there's already a request to do that; see Bug#1332114. I don't know why Debian and Ubuntu are wedged on an ancient upstream version. To reproduce the problem, download the most recent tzdb release and run 'make AWK=mawk vanguard.zi'. A shell transcript follows. I ran this on Ubuntu 16.04.4 LTS x86-64; 'dpkg -s mawk' reports 'Version: 1.3.3-17ubuntu2'. The shell commands I ran were: wget https://www.iana.org/time-zones/repository/releases/tzdb-2018e.tar.lz tar xf tzdb-2018e.tar.lz cd tzdb-2018e make AWK=mawk vanguard.zi Here's the behavior I observed: $ wget https://www.iana.org/time-zones/repository/releases/tzdb-2018e.tar.lz --2018-07-18 04:09:59-- https://www.iana.org/time-zones/repository/releases/tzdb-2018e.tar.lz Resolving www.iana.org (www.iana.org)... 192.0.32.8, 2620:0:2d0:200::8 Connecting to www.iana.org (www.iana.org)|192.0.32.8|:443... connected. HTTP request sent, awaiting response... 302 FOUND Location: https://data.iana.org/time-zones/releases/tzdb-2018e.tar.lz [following] --2018-07-18 04:10:00-- https://data.iana.org/time-zones/releases/tzdb-2018e.tar.lz Resolving data.iana.org (data.iana.org)... 72.21.81.189, 2606:2800:11f:bb5:f27:227f:1bbf:a0e Connecting to data.iana.org (data.iana.org)|72.21.81.189|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 437679 (427K) [application/x-tar] Saving to: ‘tzdb-2018e.tar.lz’ tzdb-2018e.tar.lz 100%[===================>] 427.42K --.-KB/s in 0.06s 2018-07-18 04:10:00 (6.49 MB/s) - ‘tzdb-2018e.tar.lz’ saved [437679/437679] $ tar xf tzdb-2018e.tar.lz $ cd tzdb-2018e $ make AWK=mawk vanguard.zi mawk -v DATAFORM=`expr vanguard.zi : '\(.*\).zi'` -f ziguard.awk \ africa antarctica asia australasia europe northamerica southamerica etcetera systemv factory backward >vanguard.zi.out *** Error in `mawk': malloc(): memory corruption: 0x0000000001ebc4f0 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fb09870f7e5] /lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7fb09871a13e] /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fb09871c184] mawk[0x40ff0f] mawk[0x405dff] mawk[0x40e1e0] mawk[0x406b6e] mawk[0x40185d] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fb0986b8830] mawk[0x40188d] ======= Memory map: ======== 00400000-0041b000 r-xp 00000000 08:01 2622228 /usr/bin/mawk 0061a000-0061b000 r--p 0001a000 08:01 2622228 /usr/bin/mawk 0061b000-0061d000 rw-p 0001b000 08:01 2622228 /usr/bin/mawk 0061d000-00621000 rw-p 00000000 00:00 0 01ea0000-01ec1000 rw-p 00000000 00:00 0 [heap] 7fb094000000-7fb094021000 rw-p 00000000 00:00 0 7fb094021000-7fb098000000 ---p 00000000 00:00 0 7fb098482000-7fb098498000 r-xp 00000000 08:01 3019293 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb098498000-7fb098697000 ---p 00016000 08:01 3019293 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb098697000-7fb098698000 rw-p 00015000 08:01 3019293 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb098698000-7fb098858000 r-xp 00000000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098858000-7fb098a58000 ---p 001c0000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098a58000-7fb098a5c000 r--p 001c0000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098a5c000-7fb098a5e000 rw-p 001c4000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098a5e000-7fb098a62000 rw-p 00000000 00:00 0 7fb098a62000-7fb098b6a000 r-xp 00000000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098b6a000-7fb098d69000 ---p 00108000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098d69000-7fb098d6a000 r--p 00107000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098d6a000-7fb098d6b000 rw-p 00108000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098d6b000-7fb098d91000 r-xp 00000000 08:01 3018860 /lib/x86_64-linux-gnu/ld-2.23.so 7fb098f69000-7fb098f6d000 rw-p 00000000 00:00 0 7fb098f8f000-7fb098f90000 rw-p 00000000 00:00 0 7fb098f90000-7fb098f91000 r--p 00025000 08:01 3018860 /lib/x86_64-linux-gnu/ld-2.23.so 7fb098f91000-7fb098f92000 rw-p 00026000 08:01 3018860 /lib/x86_64-linux-gnu/ld-2.23.so 7fb098f92000-7fb098f93000 rw-p 00000000 00:00 0 7ffc1066f000-7ffc10690000 rw-p 00000000 00:00 0 [stack] 7ffc106a1000-7ffc106a4000 r--p 00000000 00:00 0 [vvar] 7ffc106a4000-7ffc106a6000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) Makefile:565: recipe for target 'vanguard.zi' failed make: *** [vanguard.zi] Error 134 $ ** Affects: mawk (Ubuntu) Importance: Undecided Status: New ** Tags: testcase -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mawk in Ubuntu. https://bugs.launchpad.net/bugs/1782342 Title: mawk memory corruption on recent tzdb data Status in mawk package in Ubuntu: New Bug description: mawk corrupts memory and dumps core when processing recent tzdb releases. Although Ubuntu users can work around the problem by using 'make AWK=gawk', it would be better if ordinary 'make' worked (where AWK defaults to awk, and awk on Ubuntu defaults to mawk. Since this is memory corruption there may well be a security vulnerability in mawk. I have not checked for this, though. A simple fix would be to upgrade mawk to the current upstream release. I see that there's already a request to do that; see Bug#1332114. I don't know why Debian and Ubuntu are wedged on an ancient upstream version. To reproduce the problem, download the most recent tzdb release and run 'make AWK=mawk vanguard.zi'. A shell transcript follows. I ran this on Ubuntu 16.04.4 LTS x86-64; 'dpkg -s mawk' reports 'Version: 1.3.3-17ubuntu2'. The shell commands I ran were: wget https://www.iana.org/time-zones/repository/releases/tzdb-2018e.tar.lz tar xf tzdb-2018e.tar.lz cd tzdb-2018e make AWK=mawk vanguard.zi Here's the behavior I observed: $ wget https://www.iana.org/time-zones/repository/releases/tzdb-2018e.tar.lz --2018-07-18 04:09:59-- https://www.iana.org/time-zones/repository/releases/tzdb-2018e.tar.lz Resolving www.iana.org (www.iana.org)... 192.0.32.8, 2620:0:2d0:200::8 Connecting to www.iana.org (www.iana.org)|192.0.32.8|:443... connected. HTTP request sent, awaiting response... 302 FOUND Location: https://data.iana.org/time-zones/releases/tzdb-2018e.tar.lz [following] --2018-07-18 04:10:00-- https://data.iana.org/time-zones/releases/tzdb-2018e.tar.lz Resolving data.iana.org (data.iana.org)... 72.21.81.189, 2606:2800:11f:bb5:f27:227f:1bbf:a0e Connecting to data.iana.org (data.iana.org)|72.21.81.189|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 437679 (427K) [application/x-tar] Saving to: ‘tzdb-2018e.tar.lz’ tzdb-2018e.tar.lz 100%[===================>] 427.42K --.-KB/s in 0.06s 2018-07-18 04:10:00 (6.49 MB/s) - ‘tzdb-2018e.tar.lz’ saved [437679/437679] $ tar xf tzdb-2018e.tar.lz $ cd tzdb-2018e $ make AWK=mawk vanguard.zi mawk -v DATAFORM=`expr vanguard.zi : '\(.*\).zi'` -f ziguard.awk \ africa antarctica asia australasia europe northamerica southamerica etcetera systemv factory backward >vanguard.zi.out *** Error in `mawk': malloc(): memory corruption: 0x0000000001ebc4f0 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fb09870f7e5] /lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7fb09871a13e] /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fb09871c184] mawk[0x40ff0f] mawk[0x405dff] mawk[0x40e1e0] mawk[0x406b6e] mawk[0x40185d] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fb0986b8830] mawk[0x40188d] ======= Memory map: ======== 00400000-0041b000 r-xp 00000000 08:01 2622228 /usr/bin/mawk 0061a000-0061b000 r--p 0001a000 08:01 2622228 /usr/bin/mawk 0061b000-0061d000 rw-p 0001b000 08:01 2622228 /usr/bin/mawk 0061d000-00621000 rw-p 00000000 00:00 0 01ea0000-01ec1000 rw-p 00000000 00:00 0 [heap] 7fb094000000-7fb094021000 rw-p 00000000 00:00 0 7fb094021000-7fb098000000 ---p 00000000 00:00 0 7fb098482000-7fb098498000 r-xp 00000000 08:01 3019293 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb098498000-7fb098697000 ---p 00016000 08:01 3019293 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb098697000-7fb098698000 rw-p 00015000 08:01 3019293 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb098698000-7fb098858000 r-xp 00000000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098858000-7fb098a58000 ---p 001c0000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098a58000-7fb098a5c000 r--p 001c0000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098a5c000-7fb098a5e000 rw-p 001c4000 08:01 3018864 /lib/x86_64-linux-gnu/libc-2.23.so 7fb098a5e000-7fb098a62000 rw-p 00000000 00:00 0 7fb098a62000-7fb098b6a000 r-xp 00000000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098b6a000-7fb098d69000 ---p 00108000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098d69000-7fb098d6a000 r--p 00107000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098d6a000-7fb098d6b000 rw-p 00108000 08:01 3018856 /lib/x86_64-linux-gnu/libm-2.23.so 7fb098d6b000-7fb098d91000 r-xp 00000000 08:01 3018860 /lib/x86_64-linux-gnu/ld-2.23.so 7fb098f69000-7fb098f6d000 rw-p 00000000 00:00 0 7fb098f8f000-7fb098f90000 rw-p 00000000 00:00 0 7fb098f90000-7fb098f91000 r--p 00025000 08:01 3018860 /lib/x86_64-linux-gnu/ld-2.23.so 7fb098f91000-7fb098f92000 rw-p 00026000 08:01 3018860 /lib/x86_64-linux-gnu/ld-2.23.so 7fb098f92000-7fb098f93000 rw-p 00000000 00:00 0 7ffc1066f000-7ffc10690000 rw-p 00000000 00:00 0 [stack] 7ffc106a1000-7ffc106a4000 r--p 00000000 00:00 0 [vvar] 7ffc106a4000-7ffc106a6000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) Makefile:565: recipe for target 'vanguard.zi' failed make: *** [vanguard.zi] Error 134 $ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mawk/+bug/1782342/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
