1293452 – [abrt] chordii: add_subtitle_to_toc(): chordii killed by SIGSEGV

Bug 1293452 - [abrt] chordii: add_subtitle_to_toc(): chordii killed by SIGSEGV

Summary: [abrt] chordii: add_subtitle_to_toc(): chordii killed by SIGSEGV

Keywords:
Status:	CLOSED DUPLICATE of bug 1293447
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	chordii
Sub Component:
Version:	23
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Johan Vromans
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:54a24c6c6ac1d6973b3d13b000b...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-21 19:06 UTC by mariolinux
Modified:	2015-12-24 07:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-24 07:29:54 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (3.30 KB, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: cgroup (190 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: core_backtrace (1.01 KB, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: dso_list (225 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: environ (3.14 KB, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: exploitable (93 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: limits (1.29 KB, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: maps (1.56 KB, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: mountinfo (3.35 KB, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: namespaces (85 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: open_fds (138 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: proc_pid_status (1009 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
File: var_log_messages (486 bytes, text/plain) 2015-12-21 19:06 UTC, mariolinux	no flags	Details
last input file processed (2.38 KB, text/plain) 2015-12-24 01:17 UTC, mariolinux	no flags	Details
View All

Description mariolinux 2015-12-21 19:06:13 UTC

Version-Release number of selected component:
chordii-4.5.1-5.fc23

Additional info:
reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        chordii -t14 -L -s32 -g -p0 -i -
crash_function: add_subtitle_to_toc
executable:     /usr/bin/chordii
global_pid:     15914
kernel:         4.2.5-300.fc23.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
[New LWP 15914]
Core was generated by `chordii -t14 -L -s32 -g -p0 -i -'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055fc4087fc44 in add_subtitle_to_toc (sub_title=0x55fc40a885c9 <directive+9> " (MARIA / @coro/@ - Piera Cori)") at toc.c:117
117	*sub_ptr_handle = new_sub;

Thread 1 (LWP 15914):
#0  0x000055fc4087fc44 in add_subtitle_to_toc (sub_title=0x55fc40a885c9 <directive+9> " (MARIA / @coro/@ - Piera Cori)") at toc.c:117
        new_sub = 0x55fc41ac80e0
        tmp_string = <optimized out>
#1  0x000055fc40878c7f in process_file (source_fd=0x7f917f41f900 <_IO_2_1_stdin_>) at chordii.c:1168
No locals.
#2  0x000055fc40875917 in main (argc=8, argv=0x7ffefd4ce3a8) at chordii.c:1511
        c = <optimized out>
        option_index = 0
From                To                  Syms Read   Shared Object Library
                                        No          linux-vdso.so.1
0x00007f917f083760  0x00007f917f1d15b4  Yes         /lib64/libc.so.6
0x00007f917f425ad0  0x00007f917f440380  Yes         /lib64/ld-linux-x86-64.so.2
$1 = 0x0
rax            0x0	0
rbx            0x55fc41ac80e0	94541921943776
rcx            0x40	64
rdx            0x20	32
rsi            0x55fc40a885c9	94541904905673
rdi            0x55fc41ac8100	94541921943808
rbp            0x20	0x20
rsp            0x7ffefd4ce250	0x7ffefd4ce250
r8             0xff00	65280
r9             0x2	2
r10            0x7f917f41fbb8	140262882016184
r11            0xfffffffffffffffe	-2
r12            0x55fc40a885c9	94541904905673
r13            0x7ffefd4ce294	140733148095124
r14            0x0	0
r15            0x0	0
rip            0x55fc4087fc44	0x55fc4087fc44 <add_subtitle_to_toc+84>
eflags         0x10246	[ PF ZF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
Dump of assembler code for function add_subtitle_to_toc:
   0x000055fc4087fbf0 <+0>:	push   %r12
   0x000055fc4087fbf2 <+2>:	mov    %rdi,%r12
   0x000055fc4087fbf5 <+5>:	push   %rbp
   0x000055fc4087fbf6 <+6>:	lea    0x41aa(%rip),%rdi        # 0x55fc40883da7
   0x000055fc4087fbfd <+13>:	push   %rbx
   0x000055fc4087fbfe <+14>:	callq  0x55fc40875d00 <debug>
   0x000055fc4087fc03 <+19>:	mov    $0x10,%edi
   0x000055fc4087fc08 <+24>:	callq  0x55fc40875360 <malloc@plt>
   0x000055fc4087fc0d <+29>:	mov    %r12,%rdi
   0x000055fc4087fc10 <+32>:	mov    %rax,%rbx
   0x000055fc4087fc13 <+35>:	callq  0x55fc408752a0 <strlen@plt>
   0x000055fc4087fc18 <+40>:	lea    0x1(%rax),%rbp
   0x000055fc4087fc1c <+44>:	mov    %rbp,%rdi
   0x000055fc4087fc1f <+47>:	callq  0x55fc40875360 <malloc@plt>
   0x000055fc4087fc24 <+52>:	mov    %rbp,%rdx
   0x000055fc4087fc27 <+55>:	mov    %r12,%rsi
   0x000055fc4087fc2a <+58>:	mov    %rax,%rdi
   0x000055fc4087fc2d <+61>:	mov    %rax,0x8(%rbx)
   0x000055fc4087fc31 <+65>:	movq   $0x0,(%rbx)
   0x000055fc4087fc38 <+72>:	callq  0x55fc40875340 <memcpy@plt>
   0x000055fc4087fc3d <+77>:	mov    0x208a94(%rip),%rax        # 0x55fc40a886d8 <sub_ptr_handle>
=> 0x000055fc4087fc44 <+84>:	mov    %rbx,(%rax)
   0x000055fc4087fc47 <+87>:	mov    %rbx,0x208a8a(%rip)        # 0x55fc40a886d8 <sub_ptr_handle>
   0x000055fc4087fc4e <+94>:	pop    %rbx
   0x000055fc4087fc4f <+95>:	pop    %rbp
   0x000055fc4087fc50 <+96>:	pop    %r12
   0x000055fc4087fc52 <+98>:	retq   
End of assembler dump.
== EXPLOITABLE ==

Comment 1 mariolinux 2015-12-21 19:06:17 UTC

Created attachment 1108422 [details]
File: backtrace

Comment 2 mariolinux 2015-12-21 19:06:19 UTC

Created attachment 1108423 [details]
File: cgroup

Comment 3 mariolinux 2015-12-21 19:06:20 UTC

Created attachment 1108424 [details]
File: core_backtrace

Comment 4 mariolinux 2015-12-21 19:06:22 UTC

Created attachment 1108425 [details]
File: dso_list

Comment 5 mariolinux 2015-12-21 19:06:23 UTC

Created attachment 1108426 [details]
File: environ

Comment 6 mariolinux 2015-12-21 19:06:25 UTC

Created attachment 1108427 [details]
File: exploitable

Comment 7 mariolinux 2015-12-21 19:06:26 UTC

Created attachment 1108428 [details]
File: limits

Comment 8 mariolinux 2015-12-21 19:06:28 UTC

Created attachment 1108429 [details]
File: maps

Comment 9 mariolinux 2015-12-21 19:06:29 UTC

Created attachment 1108430 [details]
File: mountinfo

Comment 10 mariolinux 2015-12-21 19:06:30 UTC

Created attachment 1108431 [details]
File: namespaces

Comment 11 mariolinux 2015-12-21 19:06:32 UTC

Created attachment 1108432 [details]
File: open_fds

Comment 12 mariolinux 2015-12-21 19:06:33 UTC

Created attachment 1108433 [details]
File: proc_pid_status

Comment 13 mariolinux 2015-12-21 19:06:34 UTC

Created attachment 1108434 [details]
File: var_log_messages

Comment 14 Johan Vromans 2015-12-23 21:15:18 UTC

Can you attach a copy of the input file that caused the crash?

Comment 15 mariolinux 2015-12-24 01:17:27 UTC

Created attachment 1109052 [details]
last input file processed

The input file has been modified by an awk script, but I made many attempts and I cannot remember the version related to this crash. As I am just a beginner with awk, the awk script probably did something strange. However I will send you the input file, but if it happened to me only, I think we can ignore this crash.

Comment 16 Johan Vromans 2015-12-24 07:29:54 UTC


*** This bug has been marked as a duplicate of bug 1293447 ***

Note You need to log in before you can comment on or make changes to this bug.