Bug 2443041 - unexpand, segfault with random generated file
Summary: unexpand, segfault with random generated file
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: coreutils
Version: 44
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Lukáš Zaoral
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-26 16:52 UTC by Petr Sklenar
Modified: 2026-03-19 01:09 UTC (History)
9 users (show)

Fixed In Version: coreutils-9.10-3.fc45 coreutils-9.7-8.fc43 coreutils-9.10-3.fc44 coreutils-9.6-8.fc42
Clone Of:
Environment:
Last Closed: 2026-03-06 16:09:46 UTC
Type: ---
Embargoed:
lzaoral: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-3231 0 None None None 2026-02-26 17:18:40 UTC

Description Petr Sklenar 2026-02-26 16:52:08 UTC 
rpm -qf /usr/bin/unexpand
coreutils-9.9-4.fc44.aarch64

Reproducible: Always

Steps to Reproduce:
[root@ip-172-31-17-206 ~]# dd if=/dev/urandom of="radsmrdika.bin" bs=1k count=1 2>/dev/null
[root@ip-172-31-17-206 ~]# /usr/bin/unexpand radsmrdika.bin
unexpand: ../lib/mbfile.h:110: mbfile_multi_getc: Assertion `mbsinit (&mbf->state)' failed.
Aborted                    (core dumped) /usr/bin/unexpand radsmrdika.bin

Actual Results:
[root@ip-172-31-17-206 ~]# coredumpctl dump
           PID: 37643 (unexpand)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 6 (ABRT)
     Timestamp: Thu 2026-02-26 16:37:53 UTC (6min ago)
  Command Line: /usr/bin/unexpand /tmp/fuzz_lab/test.bin
    Executable: /usr/bin/unexpand
 Control Group: /user.slice/user-0.slice/session-6.scope
          Unit: session-6.scope
         Slice: user-0.slice
       Session: 6
     Owner UID: 0 (root)
       Boot ID: ef8a8b8fd16048f091eabb9c7876a687
    Machine ID: ec2bad6654016f828e4765236a1007f9
      Hostname: ip-172-31-17-206.us-east-2.compute.internal
       Storage: /var/lib/systemd/coredump/core.unexpand.0.ef8a8b8fd16048f091eabb9c7876a687.37643.1772123873000000.zst (present)
  Size on Disk: 23.1K
       Package: coreutils/9.9-4.fc44
      build-id: e60bcb010db92317faf2019730a3cdb5f6bdfd47
       Message: Process 37643 (unexpand) of user 0 dumped core.
                
                Module /usr/bin/unexpand from rpm coreutils-9.9-4.fc44.aarch64
                Stack trace of thread 37643:
                #0  0x0000ffffaa0e12b0 __pthread_kill_implementation (libc.so.6 + 0x912b0)
                #1  0x0000ffffaa08be1c raise (libc.so.6 + 0x3be1c)
                #2  0x0000ffffaa076720 abort (libc.so.6 + 0x26720)
                #3  0x0000ffffaa0d3bf8 __libc_message_impl (libc.so.6 + 0x83bf8)
                #4  0x0000ffffaa084e34 __assert_fail (libc.so.6 + 0x34e34)
                #5  0x0000aaaabdcf35e8 main (/usr/bin/unexpand + 0x35e8)
                #6  0x0000ffffaa076f1c __libc_start_call_main (libc.so.6 + 0x26f1c)
                #7  0x0000ffffaa07705c __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2705c)
                #8  0x0000aaaabdcf3630 _start (/usr/bin/unexpand + 0x3630)
                ELF object binary architecture: AARCH64


Expected Results:
no segfault
Comment 1 Lukáš Zaoral 2026-02-26 17:17:00 UTC 
Thanks for the report!  Everything since (at least) F40 is affected as well, the same also hold for expand.
Comment 2 Lukáš Zaoral 2026-03-04 09:12:34 UTC 
I have decided to just rewrite the patch for (un)expand to use Collin's new mbbuf module which is already used by upstream in fold.  This will make the downstream i18n patch shorter (no need to bundle mbfile) and also more consistent with upstream.  For example, the unconditional switch to UTF-8 aware locale when the input file begins with a BOM, which only these two utilities do, just feels completely wrong.  Besides, I've also found out that the downstream test for multibyte unexpand never really worked because it ignores the value of $fail, and when I fixed it it seems to be broken anyway...
Comment 3 Pádraig Brady 2026-03-04 12:02:26 UTC 
@lzaoral That sounds great!
Feel free to propose the patch upstream also, and we'll prioritize merging it
Comment 4 Lukáš Zaoral 2026-03-04 13:46:09 UTC 
That's cool!

Draft  PR: https://src.fedoraproject.org/rpms/coreutils/pull-request/20#request_diff
Comment 5 Fedora Update System 2026-03-06 14:28:41 UTC 
FEDORA-2026-6a3c0525c2 (coreutils-9.10-3.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6a3c0525c2
Comment 6 Fedora Update System 2026-03-06 14:32:32 UTC 
FEDORA-2026-d8a112f5f8 (coreutils-9.10-3.fc45) has been submitted as an update to Fedora 45.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-d8a112f5f8
Comment 7 Fedora Update System 2026-03-06 16:09:46 UTC 
FEDORA-2026-d8a112f5f8 (coreutils-9.10-3.fc45) has been pushed to the Fedora 45 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2026-03-07 01:35:49 UTC 
FEDORA-2026-6a3c0525c2 has been pushed to the Fedora 44 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-6a3c0525c2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-6a3c0525c2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2026-03-09 10:28:04 UTC 
FEDORA-2026-77d84117ad (coreutils-9.6-8.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-77d84117ad
Comment 10 Fedora Update System 2026-03-09 10:28:07 UTC 
FEDORA-2026-7ad08e7a15 (coreutils-9.7-8.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7ad08e7a15
Comment 11 Fedora Update System 2026-03-10 02:04:09 UTC 
FEDORA-2026-7ad08e7a15 has been pushed to the Fedora 43 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-7ad08e7a15`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-7ad08e7a15

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Fedora Update System 2026-03-10 02:19:40 UTC 
FEDORA-2026-77d84117ad has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-77d84117ad`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-77d84117ad

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 13 Fedora Update System 2026-03-12 01:57:09 UTC 
FEDORA-2026-7ad08e7a15 (coreutils-9.7-8.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 14 Fedora Update System 2026-03-17 00:15:30 UTC 
FEDORA-2026-6a3c0525c2 (coreutils-9.10-3.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 15 Fedora Update System 2026-03-19 01:09:49 UTC 
FEDORA-2026-77d84117ad (coreutils-9.6-8.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.