[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28859: Segmentation fault with NULL pointer dereference in 'stty'
From: |
Jim Meyering |
Subject: |
bug#28859: Segmentation fault with NULL pointer dereference in 'stty' |
Date: |
Mon, 16 Oct 2017 10:49:32 -0700 |
On Mon, Oct 16, 2017 at 2:30 AM, Pádraig Brady <address@hidden> wrote:
> On 15/10/17 18:07, Jaeseung Choi wrote:
>> Dear GNU team,
>>
>> While testing coreutils for a research purpose, we found the following
>> crash in 'stty'. Running stty with the command-line "stty eol -F AA"
>> raises a crash as below. We did not change any terminal setting, and
>> believe the bug is irrelevant from any specific terminal
>> configuration.
>>
>> address@hidden:~$ tar -xf coreutils-8.28.tar.xz
>> address@hidden:~$ cd coreutils-8.28/
>> address@hidden:~/coreutils-8.28$ mkdir obj
>> address@hidden:~/coreutils-8.28$ cd obj
>> address@hidden:~/coreutils-8.28/obj$ ../configure --disable-nls && make
>> ...
>> address@hidden:~/coreutils-8.28/obj$ gdb ./src/stty -q
>> Reading symbols from ./src/stty...done.
>> (gdb) run eol -F AA
>> Starting program: /home/jason/coreutils-8.28/obj/src/stty eol -F AA
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> set_control_char (info=0x40a6f8 <control_info+120>, info=0x40a6f8
>> <control_info+120>, mode=0x6103c0 <check_mode>, arg=0x0) at
>> ../src/stty.c:1695
>> 1695 else if (arg[0] == '\0' || arg[1] == '\0')
>> (gdb) x/i $rip
>> => 0x40387a <apply_settings+746>: movzbl (%rbx),%r14d
>> (gdb) info reg rbx
>> rbx 0x0 0
>> (gdb)
>>
>> We could reproduce the bug in coreutils from version 8.27 to 8.28.
>> Also, the bug was reproducible in both Ubuntu 16.04 and Debian 9.1.
>> But the stty program pre-built in Debian 9.1 did not crash because
>> currently 8.26 version is installed in Debian.
>
> This is actually an old bug which you can reproduce with -F /dev/tty.
> The attached should fix it up.
Thank you!
If it's not too hard to determine, would you please mention in the log
the commit that introduced the bug?