Bug 1482445

Summary: coredump in ptx
Product: [Fedora] Fedora Reporter: Lukáš Zachar <lzachar>
Component: coreutilsAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 26CC: admiller, jamartis, kdudka, kzak, ooprala, ovasik, p, skisela, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: coreutils-8.27-15.fc28 coreutils-8.27-15.fc27 coreutils-8.27-6.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-24 03:51:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
reproducer_file
none
core none

Description Lukáš Zachar 2017-08-17 09:45:56 UTC 
Created attachment 1314625 [details]
reproducer_file

Description of problem:

ptx coredumps for particular input file. 

Version-Release number of selected component (if applicable):
coreutils-8.27-5.fc26.x86_64

How reproducible:
always with this file, probably more # CPU ? (could not reproduced in openstack)

Steps to Reproduce:
1. ptx reproducer_file

Actual results:
Segmentation fault (core dumped)


Additional info:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000000af3b98a2e9 in define_all_fields (occurs=0x7f587aac5e90) at ../src/ptx.c:1434
1434          SKIP_WHITE_BACKWARDS (cursor, buffer_start);
(gdb) bt
#0  0x000000af3b98a2e9 in define_all_fields (occurs=0x7f587aac5e90) at ../src/ptx.c:1434
#1  generate_all_output () at ../src/ptx.c:1780
#2  main (argc=<optimized out>, argv=<optimized out>) at ../src/ptx.c:2155
Comment 1 Lukáš Zachar 2017-08-17 09:46:28 UTC 
Created attachment 1314627 [details]
core
Comment 2 Kamil Dudka 2017-08-17 11:08:59 UTC 
Thank you for reporting the bug!  It seems to be cause by integer overflow.  The following patch fixes it:

--- a/src/ptx.c
+++ b/src/ptx.c
@@ -224,7 +224,7 @@ static BLOCK *text_buffers; /* files to study */
    start of the reference field, it is of type (DELTA) and usually
    negative.  */

-typedef short int DELTA;       /* to hold displacement within one context */
+typedef int DELTA;             /* to hold displacement within one context */

 typedef struct
   {
Comment 3 Kamil Dudka 2017-08-17 11:54:22 UTC 
proposed upstream:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28120
Comment 4 Kamil Dudka 2017-08-18 15:49:12 UTC 
upstream commit:
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-84-g1d9765a
Comment 5 Kamil Dudka 2017-08-18 16:16:34 UTC 
downstream commit:
https://src.fedoraproject.org/rpms/coreutils/c/d2d5d5d0
Comment 6 Fedora Update System 2017-08-18 16:39:29 UTC 
coreutils-8.27-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3eac38fa8
Comment 7 Lukáš Zachar 2017-08-21 11:09:27 UTC 
Thanks a lot for such rapid turnaround.
Comment 8 Fedora Update System 2017-08-22 18:06:43 UTC 
coreutils-8.27-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3eac38fa8
Comment 9 Fedora Update System 2017-08-24 03:51:42 UTC 
coreutils-8.27-6.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.