gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GnuTLS 3.0.14 gnutls-serv segfaults when an invalid number is passed to

From: Matthew Hall
Subject: GnuTLS 3.0.14 gnutls-serv segfaults when an invalid number is passed to --debug
Date: Fri, 24 Feb 2012 18:59:47 -0800
User-agent: Mutt/1.5.21 (2010-09-15) 
While investigating some other bugs in GnuTLS I located this bug in the 
--debug=99999999 option in GnuTLS 3.0.14, which is not present in 3.0.11, due 
to some changes in the way that GnuTLS seems to handle its CLI options.

It is possible the bug is caused by the AutoOpts library.

It seems to be an issue with the format string or arg list used to attempt to 
report that the value passed to the --debug is out of the expected range up to 
9999. The bug triggers on any value > 9999.

Regards,
Matthew Hall

GDB OUTPUT:

address@hidden:~/src$ gdb /usr/local/bin/gnutls-serv
GNU gdb (GDB) 7.2-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/gnutls-serv...done.
(gdb) set args
(gdb) set args --debug=99999999
(gdb) run
Starting program: /usr/local/bin/gnutls-serv --debug=99999999
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00282b33 in _IO_vfprintf_internal (s=0xbfffed90, format=0x8067ad2 "%s error:  
%s option value ``%s'' is out of range.\n", 
    ap=0xbffff428 
"\263\370\377\277\022`\006\b\377\340\365\005\364\277\006\bh\364\377\277h\345\005\b\307\370\377\277\\\364\377\277߁\006\bPh\006\b\240\315\006\b\314\364\377\277\377\340\365\005\364\277\006\b")
 at vfprintf.c:1614
1614    vfprintf.c: No such file or directory.
        in vfprintf.c
(gdb) bt
#0  0x00282b33 in _IO_vfprintf_internal (s=0xbfffed90, format=0x8067ad2 "%s 
error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbffff428 
"\263\370\377\277\022`\006\b\377\340\365\005\364\277\006\bh\364\377\277h\345\005\b\307\370\377\277\\\364\377\277߁\006\bPh\006\b\240\315\006\b\314\364\377\277\377\340\365\005\364\277\006\b")
 at vfprintf.c:1614
#1  0x00284512 in buffered_vfprintf (s=0x39b580, format=0x5f5e0ff <Address 
0x5f5e0ff out of bounds>, args=0xffffffff <Address 0xffffffff out of bounds>)
    at vfprintf.c:2254
#2  0x0027f413 in _IO_vfprintf_internal (s=0x39b580, format=0x8067ad2 "%s 
error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbffff428 
"\263\370\377\277\022`\006\b\377\340\365\005\364\277\006\bh\364\377\277h\345\005\b\307\370\377\277\\\364\377\277߁\006\bPh\006\b\240\315\006\b\314\364\377\277\377\340\365\005\364\277\006\b")
 at vfprintf.c:1306
#3  0x00289a8f in __fprintf (stream=0x39b580, format=0x8067ad2 "%s error:  %s 
option value ``%s'' is out of range.\n") at fprintf.c:33
#4  0x0805e2e0 in optionShowRange (pOpts=0x806cda0, pOD=0x806c4e0, 
rng_table=0x8066850, rng_ct=1) at numeric.c:56
#5  0x080528b3 in doOptDebug (pOptions=0x806cda0, pOptDesc=0x806c4e0) at 
serv-args.c:1008
#6  0x08055400 in handle_opt (pOpts=0x806cda0, pOptState=0xbffff500) at 
autoopts.c:240
#7  0x08055927 in regular_opts (pOpts=0x806cda0) at autoopts.c:515
#8  0x08055b9b in optionProcess (pOpts=0x806cda0, argCt=2, argVect=0xbffff774) 
at autoopts.c:682
#9  0x0804f42f in cmd_parser (argc=2, argv=0xbffff774) at serv.c:1546
#10 0x0804d9d3 in main (argc=2, argv=0xbffff774) at serv.c:912
(gdb)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]