https://bugzilla.redhat.com/show_bug.cgi?id=1711098 Bug ID: 1711098 Summary: Segmentation Fault in UUlib.so (ScanData) used in perl-Convert-UUlib Product: Fedora EPEL Version: epel7 Hardware: x86_64 OS: Linux Status: NEW Component: perl-Convert-UUlib Severity: medium Assignee: redhat-bugzilla@xxxxxxxxxxxx Reporter: nduffy@xxxxxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, redhat-bugzilla@xxxxxxxxxxxx Target Milestone: --- Classification: Fedora Description of problem: When processing certain text, a segmentation fault is generated in the ScanData method in UUlib.so. Version-Release number of selected component (if applicable): perl-Convert-UUlib-1.5-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. The following Perl script uses UUlib to read files and process them. -- >8 cut here -- use Convert::UUlib ':all'; LoadFile 'badfile'; -- >8 cut here -- 2. The following input file, when passed to the above Perl, causes the Segmentation Fault. Save this text to a file named "badfile". -- >8 cut here -- a a Content-Type: text/plain -- >8 cut here -- This is a hexdump of badfile to show the bytes. $ hexdump -C badfile 00000000 61 0a 0a 61 0a 0a 43 6f 6e 74 65 6e 74 2d 54 79 |a..a..Content-Ty| 00000010 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0a |pe: text/plain.| 0000001f $ wc badfile 5 4 31 badfile 3. With the Perl code saved in foo.pl and the text from step 2 saved in a file named badfile, run: $ perl foo.pl Segmentation fault Actual results: Segmentation fault. Expected results: Library should read text and either produce an error if badly formed, otherwise it should decode it. Additional info: This is what I see in gdb. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) $ gdb perl GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/perl...Reading symbols from /usr/lib/debug/usr/bin/perl.debug...done. done. (gdb) run foo.pl Starting program: /usr/bin/perl foo.pl [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00007fffefdb6972 in ScanData (datei=datei@entry=0x62a3c0, errcode=errcode@entry=0x7fffffffdf78, boundary=boundary@entry=0x0, ismime=<optimized out>, checkheaders=checkheaders@entry=1, result=result@entry=0x626c50, fname=0x6284e0 "badfile") at uuscan.c:821 821 while (!isspace (*p2) && *p2 != ';') p2++; (gdb) print p2 $1 = 0x7ffff7f41c0d "text/plain" (gdb) list 816 break; 817 } 818 if ((ptr = strchr (line, ':')) != NULL) { 819 ptr++; 820 while (isspace (*ptr)) ptr++; p2 = ptr; 821 while (!isspace (*p2) && *p2 != ';') p2++; 822 c = *p2; *p2 = '\0'; 823 if (p2 != ptr) { 824 _FP_free (result->mimetype); 825 result->mimetype = _FP_strdup (ptr); (gdb) bt #0 0x00007fffefdb6972 in ScanData (datei=datei@entry=0x62a3c0, errcode=errcode@entry=0x7fffffffdf78, boundary=boundary@entry=0x0, ismime=<optimized out>, checkheaders=checkheaders@entry=1, result=result@entry=0x626c50, fname=0x6284e0 "badfile") at uuscan.c:821 #1 0x00007fffefdb878c in ScanPart (datei=datei@entry=0x62a3c0, fname=fname@entry=0x6284e0 "badfile", errcode=errcode@entry=0x7fffffffdf78) at uuscan.c:3141 #2 0x00007fffefda848a in UULoadFileWithPartNo (filename=filename@entry=0x6284e0 "badfile", fileid=0x6284e0 "badfile", fileid@entry=0x0, delflag=delflag@entry=0, partno=partno@entry=-1, partcount=partcount@entry=0x7fffffffe074) at uulib.c:790 #3 0x00007fffefda5181 in XS_Convert__UUlib_LoadFile (my_perl=<optimized out>, cv=<optimized out>) at UUlib.xs:382 #4 0x00007ffff7b0941f in Perl_pp_entersub (my_perl=0x603010) at pp_hot.c:2778 #5 0x00007ffff7b01b96 in Perl_runops_standard (my_perl=0x603010) at run.c:41 #6 0x00007ffff7a9e985 in S_run_body (oldscope=<optimized out>, my_perl=<optimized out>) at perl.c:2402 #7 perl_run (my_perl=0x603010) at perl.c:2320 #8 0x0000000000400ce9 in main (argc=3, argv=0x7fffffffe398, env=0x7fffffffe3b8) at perlmain.c:120 This bug is causing problems with Amavis for us because Amavis uses perl-Convert-UUlib to decode some mime attachments, and one of them is now causing crashes in the scanner. I've narrowed down the text in the attachment as much as possible. Removing any line or even a character in the file means the segmentation faults stop. The letter "a" in the first two lines can be replaced with any character or group of characters, but the last line must remain unchanged. There are no funny characters in the input file, nor DOS line-endings, as shown by the hexdump above. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
