Bug#244962: marked as done (mawk: buffer overflow in collect_RE from overlong regexp)

Fri, 23 Mar 2012 15:36:22 -0700 

Your message dated Fri, 23 Mar 2012 22:32:55 +0000
with message-id <[email protected]>
and subject line Bug#391051: fixed in mawk 1.3.3-17
has caused the Debian Bug report #391051,
regarding mawk: buffer overflow in collect_RE from overlong regexp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
391051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391051
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mawk
Version: 1.3.3-8

create awk script:

$ cat > sigsegv.awk
#!/usr/bin/mawk -f
BEGIN { FS=";" }
// {
        A[x]=$1;
        B[x]=$2;
        x++;
        print x;
}

then generate sample data:

$ for i in `seq 1 1000`; do echo "x;x" >> data.in; done

and run:

$ mawk -f sigsegv.awk data.in

Last printed line is: '768', then SIGSEGV

ltrace output:
(...)
memset(0x807ce50, '\000', 512)     = 0x807ce50
strchr("x;x", ';')                 = ";x"
memcpy(0x807c966, "x", 1)          = 0x807c966
strchr("x", ';')                   = NULL
strcpy(0x807c96e, "x")             = 0x807c96e
sprintf("768", "%d", 768)          = 3
strcpy(0x807c976, "768")           = 0x807c976
strcmp("696", "768")               = -1
strcmp("689", "768")               = -1
realloc(0x8064470, 1024 <unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

Linux debian 2.4.25-1-686 and libc6 2.3.2.ds1-11

--- End Message ---
--- Begin Message --- 
Source: mawk
Source-Version: 1.3.3-17

We believe that the bug you reported is fixed in the latest version of
mawk, which is due to be installed in the Debian FTP archive:

mawk_1.3.3-17.diff.gz
  to main/m/mawk/mawk_1.3.3-17.diff.gz
mawk_1.3.3-17.dsc
  to main/m/mawk/mawk_1.3.3-17.dsc
mawk_1.3.3-17_amd64.deb
  to main/m/mawk/mawk_1.3.3-17_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <[email protected]> (supplier of updated mawk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 23 Mar 2012 13:15:00 -0700
Source: mawk
Binary: mawk
Architecture: source amd64
Version: 1.3.3-17
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <[email protected]>
Changed-By: Steve Langasek <[email protected]>
Description: 
 mawk       - a pattern scanning and text processing language
Closes: 391051 665383
Changes: 
 mawk (1.3.3-17) unstable; urgency=low
 .
   * debian/patches/cross-compile: fix the wrong invocation of AC_CHECK_PROG()
     that breaks cross-compiler detection.
   * debian/patches/21_memcpy-to-memmove: use memmove instead of memcpy in
     FINgets.  Closes: #665383, LP: #955791.
   * mark mawk Multi-Arch: foreign, to satisfy cross-build-dependencies.
   * debian/patches/20_overlong-regexps: Do not crash if regexp is too
     long for our buffer.  Thanks to Ian Jackson <[email protected]>,
     Jonathan Nieder <[email protected]>.  Closes: #391051, LP: #23494.
   * add autopkgtest/autodebtest support to run upstream tests.
Checksums-Sha1: 
 2bddcbeafcdf66bd461617f7761b0a9d93a8b19e 1801 mawk_1.3.3-17.dsc
 a280d211a2da54fd861012cf55dbdc90ab522e18 63506 mawk_1.3.3-17.diff.gz
 19705b41cf82ace4fae6cb1dc5f5e90f61fcfc28 90816 mawk_1.3.3-17_amd64.deb
Checksums-Sha256: 
 f98ce6e153e8ac1faf8165bbf77447a4279313f1c18f6bfeec0c5ce35e4b9c03 1801 
mawk_1.3.3-17.dsc
 13cb66b6eb5ee654d5626621d5ef476ede6b0bebac18ce765516de810e58490c 63506 
mawk_1.3.3-17.diff.gz
 cb383c9b0a158c8c045e7fc2e0735f78f5ed73c8dfb74f23c5c4dd4a85d008d0 90816 
mawk_1.3.3-17_amd64.deb
Files: 
 92f6792d065ab4932b545fdf0f139132 1801 interpreters required mawk_1.3.3-17.dsc
 70929584abfc813f0bc31d0bc77f0f4f 63506 interpreters required 
mawk_1.3.3-17.diff.gz
 30b0681b565ac6ecbf6cea0a84f318a9 90816 interpreters required 
mawk_1.3.3-17_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBT2z3ilaNMPMhshM9AQjyeg/9Hn1sGARWlz845DNje07zGfvwqR0Tsi6k
nBBDsCjzXWTLK/bDC+pkM9OK9Kgf2l5EAc4+gbBmGSgnwOYWftG5vWngNc1ziX4i
OL9f6sh9FWiIpgLHw7xixOmx/7fotfJBCg5RZzLi6Q5MQ5Rtyyj61oyx+e9K1wAv
YVxJ0YMTfApa4UzJa+I0eMsZMUv2Plgo+Df412a86OMY3Mz5qiQDSmHcNgcAB/J3
YrbvIUvgus5NvtJWZBawI+hU8Co4WiLZmPlsr39hr9q1OsOzso9SQ7l2RV9sjc/W
90cT3mLRwwkYmBMmIklkMcqmXemvyQzKQ04QoqZ8x7C9EFqONlfw70ok4JsrNNaG
8CIK9KyeECb8idTGNQUWbIKo616zEspbKryo3t/CXOhVGQmsdb/mqOyJIOvJjMJb
oj7MrL4PzLLK8p7U6klvnyX3B3U/r5q9/BAgvS3tcTEbqQElYOG2YrtuCPTywk81
2C4R1IMWlxTIbN9rPw9lEt+y3yXbW2WXuI8An7ayFCoik9Xr9s+zx4j4e8TNwSV6
YGrJ4p1Vc5/idZZceD+e7nU6avaITyAT55pj7f2CSKGaoOWK9GOVSuk700ZP+s+c
54XLRn2Lq237OAQXUd2o7VceStrlYqPYvSj0a/Q40CIzl/jd65nTfa90JLqrTJO/
uFiHuD3kE60=
=0u2o
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to