Bug 107750 - find segfaults when traversing /usr/share
Summary: find segfaults when traversing /usr/share
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 9
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-10-22 17:36 UTC by Tom Wood
Modified: 2007-04-18 16:58 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-30 15:41:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
final lines of strace output of the find command in /usr/share (4.81 KB, text/plain)
2003-10-22 17:38 UTC, Tom Wood
no flags Details

Description Tom Wood 2003-10-22 17:36:26 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
find when run against /usr/share, segfaults.



Version-Release number of selected component (if applicable):
findutils-4.1.7-9

How reproducible:
Always

Steps to Reproduce:
1. cd /usr/share
2. find . -print
3. segfault occurs
    

Actual Results:  segfault

Expected Results:  no segfault

Additional info:

These are the last few lines leading up to the segfault.

./gdm/themes/emo-blue
./gdm/themes/emo-blue/options.png
./gdm/themes/emo-blue/language.png
./gdm/themes/emo-blue/GdmGreeterTheme.desktop
./gdm/themes/emo-blue/system.png
./gdm/themes/emo-blue/quit.png
./gdm/themes/emo-blue/emo-blue.xml
./gdm/themes/emo-blue/session.png
./gdm/themes/emo-blue/emo-blue.jpg
./gdm/themes/emo-blue/screenshot.jpg
./gdm/gdmchooser.glade
./gdm/gdmsetup.glade
./tcl8.3
Segmentation fault

Attached please find the straced run.

I won't declare this a security issue, even though it's a segfault, because I
know of no exploit at this time.

Comment 1 Tom Wood 2003-10-22 17:38:06 UTC
Created attachment 95391 [details]
final lines of strace output of the find command in /usr/share

The last 110 or so lines of straced output showing the bug.

Comment 2 Tim Waugh 2003-10-24 09:54:02 UTC
Please install
ftp://people.redhat.com/twaugh/tmp/findutils-debuginfo-4.1.9-7.i386.rpm

and run:

cd /usr/share
gdb --args find . -print
(gdb) run
...
(gdb) bt

and show me what it says.  Thanks.

Comment 3 Tom Wood 2003-10-25 01:03:38 UTC
Many lines preceeding
...
./gdm/themes/emo-blue/quit.png
./gdm/themes/emo-blue/emo-blue.xml
./gdm/themes/emo-blue/session.png
./gdm/themes/emo-blue/emo-blue.jpg
./gdm/themes/emo-blue/screenshot.jpg
./gdm/gdmchooser.glade
./gdm/gdmsetup.glade
./tcl8.3
 
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) bt
No stack.
(gdb)


Curious.  gdb's set follow-fork-mode didn't see any subprocesses.  Same results
as above.

Comment 4 Tom Wood 2004-01-21 20:18:37 UTC
Any news on this?  It's almost three months old now...

Comment 5 Tim Waugh 2004-01-22 10:20:20 UTC
There's nothing to go on, unfortunately.  I'm slightly mystified about
gdb's behaviour above.

Does 'dmesg' show any interesting messages after find segfaults?

Comment 6 Tom Wood 2004-01-23 01:12:42 UTC
dmesg is silent on the issue.  I'm stumped.

Comment 7 Tim Waugh 2004-01-28 12:29:34 UTC
This segment of the strace output:

open("tcl8.3", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 4
fstat64(4, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
getdents64(4, /* 19 entries */, 4096)   = 592
getdents64(4, /* 0 entries */, 4096)    = 0
close(4 <unfinished ...>
+++ killed by SIGSEGV +++

makes me think this has to be a kernel issue.

What about find /usr/share/tcl8.3 -print?

Comment 8 Tom Wood 2004-01-30 02:41:58 UTC
"find /usr/share/tcl8.3 -print" works fine.  Any other suggestions?

Comment 9 Bugzilla owner 2004-09-30 15:41:37 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/



Note You need to log in before you can comment on or make changes to this bug.