Bug 114270 - ftp triggers segfault in readline
ftp triggers segfault in readline
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: ftp (Show other bugs)
9
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Thomas Woerner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-25 15:57 EST by Dot
Modified: 2007-04-18 13:02 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-19 07:25:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dot 2004-01-25 15:57:38 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a)
Gecko/20030928 Firebird/0.7+

Description of problem:
There appears to be a bug in readline that is triggered by ftp.  I'm
not a programmer so I have no idea. I'm only going by what I see from
the bt, and what google turns up.  

This has finaly annoyed me enough to report it heh.  I find it VERY
hard to believe that no one else has yet.   So, I'll assume I'm an
idiot and cannot find the real, existing bug ID.

None the less, if you ftp somewhere, and go .. ohh.. ~5-10 directories
deep, you'll seg fault ftp as shown below.  I have removed the server
responses, but assume they are there.

*NOTE* This doesn't happen _ALL_ the time.  But most.

$ ftp
ftp> open cs.sdk.ca
<login>
ftp> cd usr
ftp> ls
ftp> cd system
ftp> ls
ftp> cd lakia
ftp> ls
ftp> cd rh
ftp> ls
ftp> cd 9
ftp> ls
ftp> cd en
ftp> ls
ftp> cd os
ftp> ls
ftp> cd i386
ftp> ls
ftp> cd RedHat
ftp> ls
ftp> pwd
257 "/usr/system/lakia/rh/9/en/os/i386/RedHat" is current directory
ftp> cd RPMS
Program received signal SIGSEGV, Segmentation fault.
0x400399b2 in _rl_dispatch_subseq () from /usr/lib/libreadline.so.4
(gdb) bt full
_rl_dispatch_subseq () from /usr/lib/libreadline.so.4
No symbol table info available.
#1  0x4003977e in _rl_dispatch () from /usr/lib/libreadline.so.4
No symbol table info available.
#2  0x40039803 in _rl_dispatch_subseq () from /usr/lib/libreadline.so.4
No symbol table info available.
#3  0x4003977e in _rl_dispatch () from /usr/lib/libreadline.so.4
No symbol table info available.
#4  0x40039803 in _rl_dispatch_subseq () from /usr/lib/libreadline.so.4
No symbol table info available.
#5  0x4003977e in _rl_dispatch () from /usr/lib/libreadline.so.4
No symbol table info available.
#6  0x40039803 in _rl_dispatch_subseq () from /usr/lib/libreadline.so.4
No symbol table info available.
#7  0x4003977e in _rl_dispatch () from /usr/lib/libreadline.so.4
No symbol table info available.
#8  0x40039803 in _rl_dispatch_subseq () from/usr/lib/libreadline.so.4
No symbol table info available.
#9  0x4003977e in _rl_dispatch () from /usr/lib/libreadline.so.4
No symbol table info available.


<repeats MANY times> .. I stopped hitting enter after ohhh.. 200,000!
(yes .. two-hundred THOUSAND) ..



Version-Release number of selected component (if applicable):
ftp-0.17-17

How reproducible:
Always

Steps to Reproduce:
1.ftp somewhere
2.change directories ... 6-ish deep
3.Cry as it crashes
    

Actual Results:  Ftp seg faults

Expected Results:  Ftp doesn't segfault

Additional info:

This _appears_ to be readline related.

I am unaware if this is exploitable at this time.

Readline version is 4.3-5
Ftp version is 0.17-17

No updates for either that I can see on updates.redhat.com

Querries for readline and ftp bugs, don't reveal anything related
Comment 1 Thomas Woerner 2004-01-26 05:39:29 EST
Are you using /usr/kerberos/bin/ftp or /usr/bin/ftp?
Comment 2 Dot 2004-01-26 14:32:36 EST
$ which ftp
/usr/bin/ftp

I don't appear to have a /usr/kerberos/bin/ftp.
Comment 3 Thomas Woerner 2004-01-28 10:15:47 EST
I can not reproduce this error at all.

Do you have any additional information for me?
Comment 4 Dot 2004-01-28 15:22:24 EST
Anything particular?

I could attach or send you a corefile from it if that would help?  I
left it in gdb for awhile but I have no idea how to generate a core
from within gdb, or otherwise save the process space.

I'd be willing to let you ssh in I guess, if you think that would help.  

The only thing I can think of is I run screen from within konsole,
under KDE.   I really have no idea other then that.

btw, I seem to have changed the status from NEEDINFO to Assigned to
you, that was by mistake.  I didn't realize it till later.
Comment 5 Florian La Roche 2004-02-19 07:25:36 EST
I can run this on Fedora Core 1 with all updates and don't have any
problems. Also within screen, so I close this report now.

greetings,

Florian La Roche
Comment 6 Dot 2004-02-19 13:54:23 EST
Hi Florian,


I was starting to wonder where this bug was going.  But anyway.

I extend my offer to let you or anyone else, ssh in to check for
yourself.   I was and continue to be willing, to try anything else you
can thing of as well (dumping vars in gdb, etc).  Something else I
offered Thomas as well  

Other then that, I can't offer much in terms of diagnosing it myself.

Thomas is determined the bug cannot happen, such is life I guess.  

As I mentioned above to Thomas, I have saved the core file it
generates in case someone is interested.

fwiw, what I've found about this bug using google'n such, is that the
readline bug triggered, most certainly is NOT unique to ftp.  

Merci.

Note You need to log in before you can comment on or make changes to this bug.