GNU bug report logs - #7993
cut segmentation fault with unbounded ranges

Previous Next

Package: coreutils;

Reported by: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>

Date: Sun, 6 Feb 2011 18:27:02 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 7993 in the body.
You can then email your comments to 7993 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org:
bug#7993; Package coreutils. (Sun, 06 Feb 2011 18:27:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Paul Marinescu <paul.marinescu <at> imperial.ac.uk>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Sun, 06 Feb 2011 18:27:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
To: bug-coreutils <at> gnu.org
Subject: cut segmentation fault with unbounded ranges
Date: Sun, 06 Feb 2011 18:20:11 +0000

In coreutils 8.9 (latest), the following commands trigger an invalid
memory access.

cut -c1234567890- --output-d=: foo
cut -f1234567890- --output-d=: foo
cut -b1234567890- --output-d=: foo

The number 1234567890 is just a random number 'big enough' to make the
invalid access generate a segmentation fault but the invalid access
happens for values as low as 8 (valgrind)

The problem is that ranges going to end of line (i.e., 'x-') are not
taken into account when calculating the size of the printable_field
vector, but their lower bound is used as an index on line 525:

  if (output_delimiter_specified
      && !complement
      && eol_range_start && !is_printable_field (eol_range_start))


Paul
Information forwarded to owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org:
bug#7993; Package coreutils. (Sun, 06 Feb 2011 18:50:03 GMT) Full text and rfc822 format available.

Message #8 received at 7993 <at> debbugs.gnu.org (full text, mbox):

From: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
To: "7993 <at> debbugs.gnu.org" <7993 <at> debbugs.gnu.org>
Subject: Re: bug#7993: Acknowledgement (cut segmentation fault with unbounded
	ranges)
Date: Sun, 06 Feb 2011 18:58:30 +0000

Please ignore this. It's a duplicate submission of bug# 7992
Reply sent to Jim Meyering <jim <at> meyering.net>:
You have taken responsibility. (Mon, 07 Feb 2011 07:37:01 GMT) Full text and rfc822 format available.
Notification sent to Paul Marinescu <paul.marinescu <at> imperial.ac.uk>:
bug acknowledged by developer. (Mon, 07 Feb 2011 07:37:02 GMT) Full text and rfc822 format available.

Message #13 received at 7993-done <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Paul Marinescu <paul.marinescu <at> imperial.ac.uk>
Cc: 7993-done <at> debbugs.gnu.org
Subject: Re: bug#7993: Acknowledgement (cut segmentation fault with unbounded
	ranges)
Date: Mon, 07 Feb 2011 08:45:36 +0100

> Please ignore this. It's a duplicate submission of bug# 7992

Ok.  marking it closed.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 07 Mar 2011 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 13 years and 265 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.