[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#16171: ptx: heap buffer overrun, when run with two file arguments
From: |
Pádraig Brady |
Subject: |
bug#16171: ptx: heap buffer overrun, when run with two file arguments |
Date: |
Tue, 17 Dec 2013 10:29:28 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 12/17/2013 02:22 AM, Jim Meyering wrote:
> Hi,
>
> I built like this using just-built 4.9.0 20131216
> (but it probably would work as well with 4.8.x):
>
> make check AM_CFLAGS='-ggdb3 -static-libasan -fsanitize=address'
> AM_LDFLAGS='-fsanitize=address -static-libasan -lpthread -ldl'
>
> and then I ran this,
>
> echo a > a && echo b > b &&
> ./ptx -g1 -w1 a b 2>&1 | asan_symbolize.py -d
>
> and include its output below.
> That output shows a heap-read overrun bug that arises
> because ptx was designed to process only one input file, yet
> was later extended to process more than, but without some
> important adjustments.
>
> The underlying problem is that swallow_file_in_memory (called from main)
> is setting the contents of the global text_buffer for the first file,
> then updating it (clobbering old value) for the second file.
> Yet, some pointers to the initial buffer have been squirreled away
> and later, one of them (keyafter) is presumed to point into
> the new "text_buffer", which it does not. The subsequent
> SKIP_WHITE_BACKWARDS use backs up "cursor" until it is goes
> out of bounds.
Nice. This is a good illustration how test coverage
can be leveraged by (future) run time checks.
I see it here too (as the only failure in make check with -fsanitize=address
$ rpm -q gcc
gcc-4.8.2-1.fc20.x86_64
$ yum install libasan # http://bugzilla.redhat.com/991003
$ rm src/ptx.o
$ make check AM_CFLAGS='-fsanitize=address' TESTS=tests/misc/ptx.pl SUBDIRS=.
VERBOSE=yes
$ failure identified in tests/test-suite.log ...
$ src/ptx -g1 -w1 <(echo a) <(echo b) | asan_symbolize.py -d
thanks!
Pádraig.