Bug 1123907
| Summary: | Segfault using "shar" command | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | jstephen | ||||||||
| Component: | sharutils | Assignee: | Petr Pisar <ppisar> | ||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Leos Pol <lpol> | ||||||||
| Severity: | high | Docs Contact: | |||||||||
| Priority: | high | ||||||||||
| Version: | 5.10 | CC: | jgalipea, jorton, jstephen | ||||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2015-06-12 08:08:36 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux. There seems to be a bogus number of arguments passed to fprintf() in src/shar.c:change_files():
{
static const char part_z[] =
"part %02d of %s ";
char *nm = archive_name ? archive_name : "a multipart";
char *pz = xmalloc (sizeof(part_z) + strlen(nm) + 16);
sprintf (pz, part_z, part_number, nm);
→ fprintf (output, file_leader_z, pz, "", sharpid);
free (pz);
}
where file_leader_z is a constant formatting string defined as:
static const char file_leader_z[218] =
#line 89 "scripts.def"
"#!/bin/sh\n\
# This is %s%s archive (produced by GNU %s %s).\n\
# To extract the files from this archive, save it to some FILE, remove\n\
# everything before the `#!/bin/sh' line above, then type `sh FILE'.\n\
#\n\
lock_dir=_sh%05d\n";
This looks like the file_leader_z was augmented with the third and fourth %s but this usage (shar.c:1028) was not updated as the other usage somewhere else (shar.c:892) is correct:
$ vi scripts.x
petr@dhcp-0-146:~/rhel/sharutils/sharutils-4.6.1/src $ grep -Hnr file_leader_z
shar.c:892: fprintf (output, file_leader_z, pz, ch, PACKAGE, VERSION, sharpid);
shar.c:1028: fprintf (output, file_leader_z, pz, "", sharpid);
Created attachment 922113 [details]
Reproducer
Created attachment 922115 [details]
Fix ported from 4.7
RHEL 6 and 7 are not affected. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |
Created attachment 921794 [details] core file Description of problem: shar crashes when using '-l' argument Version-Release number of selected component (if applicable): sharutils-4.6.1-2 How reproducible: 100% of the time Steps to Reproduce: 1. shar -l786432 -o /apps2/SOA.sh /apps/opt/weblogic/weblogic103mp6/Oracle_SOA1 oracle_common oraInventory 2. 3. Actual results: this fails with Memory fault when we use -I option, core file attached Expected results: No crash Additional info: shar -o /apps2/SOA.sh /apps/opt/weblogic/weblogic103mp6/Oracle_SOA1 oracle_common oraInventory ---This command works fine. shar -l786432 -o /apps2/SOA.sh /apps/opt/weblogic/weblogic103mp6/Oracle_SOA1 oracle_common oraInventory --- this fails with Memory fault when we use -I option The memory fault occurs with the -l option when it begins creating the 2nd output file. We have tried with values up to 3900000 and received the same memory fault, but 4000000 worked fine (and created a file 3951525k). In other words, whenever it needs to create the 2nd file, it encounters the memory fault, but if it only needs 1 file to contain all of the output, it works fine. The total size of all input files combined is just under 4gb. The -l option fails when creating the 2nd file, even if the -l value is only 1k less than the total size --------------------------------------------------------------------------------------------- Core was generated by `shar -l786432 -o /apps2/SOA.sh /apps/opt/weblogic/weblogic103mp6/Oracle_SOA1 or'. Program terminated with signal 11, Segmentation fault. #0 0x0000003000478480 in strlen () from /lib64/libc.so.6 (gdb) bt #0 0x0000003000478480 in strlen () from /lib64/libc.so.6 #1 0x0000003000446aae in _IO_vfprintf_internal (s=0x58d80f0, format=<value optimized out>, ap=0x7fff197ecdb0) at vfprintf.c:1590 #2 0x00000030004e680b in ___fprintf_chk (fp=0x6d2a, flag=1, format=0x0) at fprintf_chk.c:37 #3 0x000000000040296f in change_files (restore_name=<value optimized out>, remaining_size=<value optimized out>) at shar.c:1028 #4 0x00000000004041eb in shar (local_name=0x5908590 "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1/bam/modules/oracle.bam_11.1.1/oracle-bam-common.jar", restore_name=0x59091a0 "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1/bam/modules/oracle.bam_11.1.1/oracle-bam-common.jar") at shar.c:1082 #5 0x0000000000402556 in walkdown (routine=0x403cd0 <shar>, local_name=0x5909c70 "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1/bam/modules/oracle.bam_11.1.1", restore_name=<value optimized out>) at shar.c:482 #6 0x0000000000402556 in walkdown (routine=0x403cd0 <shar>, local_name=0x59082b0 "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1/bam/modules", restore_name=<value optimized out>) at shar.c:482 #7 0x0000000000402556 in walkdown (routine=0x403cd0 <shar>, local_name=0x58d95f0 "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1/bam", restore_name=<value optimized out>) at shar.c:482 #8 0x0000000000402556 in walkdown (routine=0x403cd0 <shar>, local_name=0x7fff197f3120 "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1", restore_name=<value optimized out>) at shar.c:482 #9 0x00000000004026e5 in walktree (routine=0x403cd0 <shar>, local_name=0x7fff197f4b7e "/apps/opt/weblogic/weblogic103mp6/Oracle_SOA1") at shar.c:562 #10 0x00000000004036df in main (argc=7, argv=0x7fff197f3458) at shar.c:2305