Bug 7145 - bc severely mishandles large input strings
Summary: bc severely mishandles large input strings
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bc
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-11-19 16:10 UTC by James Manning
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-04-06 22:39:44 UTC
Embargoed:

Attachments (Terms of Use)

Description James Manning 1999-11-19 16:10:03 UTC 
Stock RH 6.1 (bc-1.05a-4)

Input strings below 127 characters in length work fine.

 - input strings between 127 and 254 characters, bc will segfault,
 - 255 characters it simply exits (no segfault, no answer)
 - 256 characters it gives no answer, but doesn't exit
 - 257 characters appears to spit out the first number in the string

(etc... it keeps getting weirder and weirder)

Here's me while trying to use it to add filesizes

[root@rtsa1 /root]# bc -lq
889494851+350818049+309390809+309421324+310826169+309039148+219752448+334228158+334399608+335729894+334104941+237438011+2323663
Segmentation fault (core dumped)
[root@rtsa1 /root]# bc -q
889494851+350818049+309390809+309421324+310826169+309039148+219752448+334228158+334399608+335729894+334104941+237438011+2323663
Segmentation fault (core dumped)
[root@rtsa1 /root]#

(gdb) bt
#0  0x400d7a93 in strncpy (s1=0x8056db9
"889494851+350818049+309390809+309421324+310826169+309039148+219752448+334228158+334399608+335729894+334104941+237438011+2323663",
    s2=0x8061ca0 "", n=4294967168) at ../sysdeps/generic/strncpy.c:82
#1  0x804a55a in strcpy () at ../sysdeps/generic/strcpy.c:30
#2  0x804ae39 in strcpy () at ../sysdeps/generic/strcpy.c:30
#3  0x804ac45 in strcpy () at ../sysdeps/generic/strcpy.c:30
#4  0x8049455 in strcpy () at ../sysdeps/generic/strcpy.c:30
#5  0x8049107 in strcpy () at ../sysdeps/generic/strcpy.c:30
#6  0x400921eb in __libc_start_main (main=0x8048f50 <strcpy+504>, argc=2,
argv=0xbffffd54, init=0x8048ab8 <_init>, fini=0x805060c <_fini>,
rtld_fini=0x4000a610 <_dl_fini>,
    stack_end=0xbffffd4c) at ../sysdeps/generic/libc-start.c:90
(gdb)

Program terminated with signal 11, Segmentation fault.

making > 256 chars invalid (and man page'ing that) would be fine, but
127-254 should really be valid lengths :)
Comment 1 Chih-Chung Chang 2000-03-31 18:38:59 UTC 
here is the fix:

--- scan.c~     Tue Apr 22 05:57:52 1997
+++ scan.c      Sat Apr  1 02:39:17 2000
@@ -228,7 +228,7 @@
 /* Variables to help interface readline with bc. */
 static char *rl_line = (char *)NULL;
 static char *rl_start = (char *)NULL;
-static char  rl_len = 0;
+static int  rl_len = 0;

 /* Definitions for readline access. */
 extern FILE *rl_instream;
--- scan.l~     Tue Apr 22 05:57:00 1997
+++ scan.l      Sat Apr  1 02:39:00 2000
@@ -60,7 +60,7 @@
 /* Variables to help interface readline with bc. */
 static char *rl_line = (char *)NULL;
 static char *rl_start = (char *)NULL;
-static char  rl_len = 0;
+static int  rl_len = 0;

 /* Definitions for readline access. */
 extern FILE *rl_instream;
Comment 2 Trond Eivind Glomsrxd 2000-04-06 22:39:59 UTC 
A fixed RPM should be available in the next Raw Hide - thanks for the patch.
Note You need to log in before you can comment on or make changes to this bug.