[Bug 1711098] New: Segmentation Fault in UUlib.so (ScanData) used in perl-Convert-UUlib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1711098

            Bug ID: 1711098
           Summary: Segmentation Fault in UUlib.so (ScanData) used in
                    perl-Convert-UUlib
           Product: Fedora EPEL
           Version: epel7
          Hardware: x86_64
                OS: Linux
            Status: NEW
         Component: perl-Convert-UUlib
          Severity: medium
          Assignee: redhat-bugzilla@xxxxxxxxxxxx
          Reporter: nduffy@xxxxxxxxxxxxx
        QA Contact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx,
                    redhat-bugzilla@xxxxxxxxxxxx
  Target Milestone: ---
    Classification: Fedora



Description of problem:

When processing certain text, a segmentation fault is generated in the ScanData
method in UUlib.so.

Version-Release number of selected component (if applicable):

perl-Convert-UUlib-1.5-1.el7.x86_64

How reproducible:

Always

Steps to Reproduce:
1. The following Perl script uses UUlib to read files and process them.

-- >8 cut here --
use Convert::UUlib ':all';

LoadFile 'badfile';                                                             
-- >8 cut here --

2. The following input file, when passed to the above Perl, causes the
Segmentation Fault. Save this text to a file named "badfile".

-- >8 cut here --
a

a

Content-Type: text/plain
-- >8 cut here --

This is a hexdump of badfile to show the bytes.

$ hexdump -C badfile
00000000  61 0a 0a 61 0a 0a 43 6f  6e 74 65 6e 74 2d 54 79  |a..a..Content-Ty|
00000010  70 65 3a 20 74 65 78 74  2f 70 6c 61 69 6e 0a     |pe: text/plain.|
0000001f

$ wc badfile
 5  4 31 badfile

3. With the Perl code saved in foo.pl and the text from step 2 saved in a file
named badfile, run:

$ perl foo.pl
Segmentation fault

Actual results:
Segmentation fault.

Expected results:
Library should read text and either produce an error if badly formed, otherwise
it should decode it.

Additional info:

This is what I see in gdb.

$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.6 (Maipo)

$ gdb perl
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/perl...Reading symbols from
/usr/lib/debug/usr/bin/perl.debug...done.
done.
(gdb) run foo.pl
Starting program: /usr/bin/perl foo.pl
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007fffefdb6972 in ScanData (datei=datei@entry=0x62a3c0,
errcode=errcode@entry=0x7fffffffdf78, 
    boundary=boundary@entry=0x0, ismime=<optimized out>,
checkheaders=checkheaders@entry=1, 
    result=result@entry=0x626c50, fname=0x6284e0 "badfile") at uuscan.c:821
821               while (!isspace (*p2) && *p2 != ';') p2++;

(gdb) print p2
$1 = 0x7ffff7f41c0d "text/plain"

(gdb) list
816               break;
817             }
818             if ((ptr = strchr (line, ':')) != NULL) {
819               ptr++;
820               while (isspace (*ptr)) ptr++; p2 = ptr;
821               while (!isspace (*p2) && *p2 != ';') p2++;
822               c = *p2; *p2 = '\0';
823               if (p2 != ptr) {
824                 _FP_free (result->mimetype);
825                 result->mimetype = _FP_strdup (ptr);

(gdb) bt
#0  0x00007fffefdb6972 in ScanData (datei=datei@entry=0x62a3c0,
errcode=errcode@entry=0x7fffffffdf78, 
    boundary=boundary@entry=0x0, ismime=<optimized out>,
checkheaders=checkheaders@entry=1, 
    result=result@entry=0x626c50, fname=0x6284e0 "badfile") at uuscan.c:821
#1  0x00007fffefdb878c in ScanPart (datei=datei@entry=0x62a3c0,
fname=fname@entry=0x6284e0 "badfile", 
    errcode=errcode@entry=0x7fffffffdf78) at uuscan.c:3141
#2  0x00007fffefda848a in UULoadFileWithPartNo
(filename=filename@entry=0x6284e0 "badfile", 
    fileid=0x6284e0 "badfile", fileid@entry=0x0, delflag=delflag@entry=0,
partno=partno@entry=-1, 
    partcount=partcount@entry=0x7fffffffe074) at uulib.c:790
#3  0x00007fffefda5181 in XS_Convert__UUlib_LoadFile (my_perl=<optimized out>,
cv=<optimized out>)
    at UUlib.xs:382
#4  0x00007ffff7b0941f in Perl_pp_entersub (my_perl=0x603010) at pp_hot.c:2778
#5  0x00007ffff7b01b96 in Perl_runops_standard (my_perl=0x603010) at run.c:41
#6  0x00007ffff7a9e985 in S_run_body (oldscope=<optimized out>,
my_perl=<optimized out>) at perl.c:2402
#7  perl_run (my_perl=0x603010) at perl.c:2320
#8  0x0000000000400ce9 in main (argc=3, argv=0x7fffffffe398,
env=0x7fffffffe3b8) at perlmain.c:120

This bug is causing problems with Amavis for us because Amavis uses
perl-Convert-UUlib to decode some mime attachments, and one of them is now
causing crashes in the scanner. I've narrowed down the text in the attachment
as much as possible. Removing any line or even a character in the file means
the segmentation faults stop. The letter "a" in the first two lines can be
replaced with any character or group of characters, but the last line must
remain unchanged.

There are no funny characters in the input file, nor DOS line-endings, as shown
by the hexdump above.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]

  Powered by Linux