Bug#778677: make: [GNU Make] NULL Pointer Dereference

Wed, 18 Feb 2015 03:54:48 -0800 

Package: make
Version: 3.81-8.2
Severity: normal
Tags: upstream

Dear Maintainer,

A file containing the following 6 ascii characters triggers a NULL pointer
dereference in make(1):

% hexdump -C Makefile 
00000000  61 3a 3a 3a 3a 3d                                 |a::::=|
00000006

% make -f Makefile
Makefile:1: Malformed target-specific variable definition
zsh: segmentation fault  make -f Makefile

Here is a gdb session showing the invalid memory access (performed on a
equivalent non-Debian system).

% gdb -q make
Reading symbols from /usr/bin/make...done.
(gdb) b read.c:1823
Breakpoint 1 at 0x41aa71: file read.c, line 1823.
(gdb) r -f Makefile
Starting program: /usr/bin/make -f Makefile
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, record_target_var (filenames=0x641a70, defn=0x63a494 "::=",
    origin=o_file, exported=0, flocp=0x7fffffffcf38) at read.c:1823
1823              v = try_variable_definition (flocp, defn, origin, 1);
(gdb) n
1824              if (!v)
(gdb) p v
$1 = (struct variable *) 0x0
(gdb) c
Continuing.
Makefile:1: Malformed target-specific variable definition

Program received signal SIGSEGV, Segmentation fault.
0x000000000041aac4 in record_target_var (filenames=0x641a70, defn=0x63a494
    "::=", origin=o_file, exported=0, flocp=0x7fffffffcf38) at read.c:1830
1830          v->per_target = 1;
(gdb) bt
#0  0x000000000041aac4 in record_target_var (filenames=0x6418e0, defn=0x63a304
    "::=", origin=o_file, exported=0, flocp=0x7fffffffcfb8) at read.c:1830
#1  0x0000000000418edb in eval (ebuf=0x7fffffffcf90, set_default=1) at 
read.c:1072
#2  0x00000000004175c7 in eval_makefile (filename=0x641780 "Makefile", flags=0)
    at read.c:404
#3  0x0000000000416fee in read_all_makefiles (makefiles=0x63a3f0) at read.c:203
#4  0x0000000000412e46 in main (argc=3, argv=0x7fffffffeb58,
    envp=0x7fffffffeb78) at main.c:1596

This was discovered with afl.

William


-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages make depends on:
ii  libc6  2.13-38+deb7u7

make recommends no packages.

Versions of packages make suggests:
pn  make-doc  <none>

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to