Bug 1482436
Summary: | There is an assertion abort in function parse_attributes() of libpspp | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | owl337 <v.owl337> | ||||
Component: | pspp | Assignee: | Peter Lemenkov <lemenkov> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | amello, lemenkov | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | pspp-1.0.1-2.fc26 pspp-1.0.1-2.fc27 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-10-25 23:09:36 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
pspp-1.0.1-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b221468e6e pspp-1.0.1-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f5447d2c8 pspp-1.0.1-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f5447d2c8 pspp-1.0.1-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b221468e6e pspp-1.0.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. pspp-1.0.1-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 1314607 [details] Triggered by "./pspp-convert POC6 -O csv /dev/null" Description of problem: There is an assertion abort in function parse_attributes() of libpspp Version-Release number of selected component (if applicable): <= latest version How reproducible: ./pspp-convert POC6 -O csv /dev/null Steps to Reproduce: Normal output: $./pspp-convert POC6 -O csv /dev/null `id:000177,sig:06,src:001277,op:havoc,rep:2': This system file does not indicate its own character encoding. Using default encoding UTF-8. For best results, specify an encoding explicitly. Use SYSFILE INFO with ENCODING="DETECT" to analyze the possible encodings. `id:000177,sig:06,src:001277,op:havoc,rep:2' near offset 0x2a0: Attribute value ?AR[1] is not quoted: '001 VAR00002=VAR00002 VAR00003=VAR00003 VAR00. `id:000177,sig:06,src:001277,op:havoc,rep:2' near offset 0x2a0: Error parsing attribute value ?AR[2]. `id:000177,sig:06,src:001277,op:havoc,rep:2' near offset 0x2f7: Error parsing attribute value ?AR[2]. pspp-convert: src/data/attributes.c:240: void attrset_add(struct attrset *, struct attribute *): Assertion `attrset_lookup (set, name) == ((void*)0)' failed. Aborted The GDB debugging information is as follows: (gdb) r ... Breakpoint 7, parse_attributes (r=<optimized out>, text=<optimized out>, attrs=<optimized out>) at src/data/sys-file-reader.c:2344 2344 attrset_add (attrs, attr); (gdb) c Continuing. `id:000177,sig:06,src:001277,op:havoc,rep:2' near offset 0x2f7: Error parsing attribute value ?AR[2]. Breakpoint 7, parse_attributes (r=<optimized out>, text=<optimized out>, attrs=<optimized out>) at src/data/sys-file-reader.c:2344 2344 attrset_add (attrs, attr); (gdb) n pspp-convert: src/data/attributes.c:240: void attrset_add(struct attrset *, struct attribute *): Assertion `attrset_lookup (set, name) == ((void*)0)' failed. Program received signal SIGABRT, Aborted. 0x00007ffff62331c7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 55 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff62331c7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #1 0x00007ffff6234e2a in __GI_abort () at abort.c:89 #2 0x00007ffff622c0bd in __assert_fail_base (fmt=0x7ffff638df78 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff7adb140 <.str1> "attrset_lookup (set, name) == ((void*)0)", file=file@entry=0x7ffff7adb1a0 <.str2> "src/data/attributes.c", line=line@entry=240, function=function@entry=0x7ffff7adb1e0 <__PRETTY_FUNCTION__.attrset_add> "void attrset_add(struct attrset *, struct attribute *)") at assert.c:92 #3 0x00007ffff622c172 in __GI___assert_fail (assertion=0x7ffff7adb140 <.str1> "attrset_lookup (set, name) == ((void*)0)", file=0x7ffff7adb1a0 <.str2> "src/data/attributes.c", line=240, function=0x7ffff7adb1e0 <__PRETTY_FUNCTION__.attrset_add> "void attrset_add(struct attrset *, struct attribute *)") at assert.c:101 #4 0x00007ffff784b416 in attrset_add (set=<optimized out>, attr=<optimized out>) at src/data/attributes.c:240 #5 0x00007ffff7924965 in parse_attributes (r=<optimized out>, text=<optimized out>, attrs=<optimized out>) at src/data/sys-file-reader.c:2344 #6 0x00007ffff791a61b in parse_variable_attributes (record=<optimized out>, dict=<optimized out>, r=<optimized out>) at src/data/sys-file-reader.c:2375 #7 sfm_decode (r_=<optimized out>, encoding=<optimized out>, dictp=<optimized out>, infop=<optimized out>) at src/data/sys-file-reader.c:850 #8 0x00007ffff78480c1 in any_reader_decode (any_reader=0x61800000f880, encoding=0x0, dictp=0x7fffffffe380, info=0x0) at src/data/any-reader.c:147 #9 any_reader_open_and_decode (handle=<optimized out>, encoding=0x0, dictp=0x7fffffffe380, info=0x0) at src/data/any-reader.c:171 #10 0x00000000004dcc97 in main (argc=<optimized out>, argv=<optimized out>) at utilities/pspp-convert.c:174 (gdb) The vulnerability was triggered in function: parse_attributes (r=<optimized out>, text=<optimized out>, attrs=<optimized out>) at src/data/sys-file-reader.c:2344 2344 attrset_add (attrs, attr); Actual results: crash Expected results: crash Additional info: Credits: This vulnerability is detected by team OWL337, with our custom fuzzer collAFL. Please contact ganshuitao and chaoz.cn if you need more info about the team, the tool or the vulnerability.