touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #132631
[Bug 1539627] [NEW] Buffer underflow in nano 2.4.2-1ubuntu0.1 causes SIGSEGV
Public bug reported:
nusch@XPS13:~$ touch .the_test.swp
nusch@XPS13:~$ nano the_test
core dumped
LANG env is ="pl_PL.UTF" without it it doen't Segfault so error is connected with unicode handling.
Compiling nano from source(apt-get source - so the same version) doesn't
geneate nano binary which beheaves same way.
The difference is in libncurses>w< library:
nusch@XPS13:~$ ldd /bin/nano
linux-vdso.so.1 => (0x00007ffe5cb00000)
libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 (0x00007fdec11c5000) << with w
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fdec0f9c000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdec0bd1000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdec09cd000)
/lib64/ld-linux-x86-64.so.2 (0x000055cc1e5d6000)
nusch@XPS13:~$ ldd /bin/nano_from_src
linux-vdso.so.1 => (0x00007ffd22d48000)
libncurses.so.5 => /lib/x86_64-linux-gnu/libncurses.so.5 (0x00007f75dc891000) << without w
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f75dc668000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f75dc29d000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f75dc099000)
/lib64/ld-linux-x86-64.so.2 (0x000055f9b15ce000)
Backtrace of segfault:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000404047 in ?? ()
(gdb) bt
#0 0x0000000000404047 in ?? ()
#1 0x00007ffff75d1a40 in __libc_start_main (main=0x403770, argc=2, argv=0x7fffffffe2a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe298) at libc-start.c:289
#2 0x0000000000404329 in ?? ()
Disassembly of that part of code:
40401d: 0f 84 3c 01 00 00 je 40415f <__sprintf_chk@plt+0x9ff>
404023: 83 7c 24 10 00 cmp DWORD PTR [rsp+0x10],0x0
404028: 75 0a jne 404034 <__sprintf_chk@plt+0x8d4>
40402a: 81 25 1c e8 22 00 ff and DWORD PTR [rip+0x22e81c],0xffffbfff # 632850 <stderr+0x1f0>
404031: bf ff ff
404034: 48 8b 05 dd e7 22 00 mov rax,QWORD PTR [rip+0x22e7dd] # 632818 <stderr+0x1b8>
40403b: 48 8b 80 90 00 00 00 mov rax,QWORD PTR [rax+0x90]
404042: 48 85 c0 test rax,rax
404045: 74 0b je 404052 <__sprintf_chk@plt+0x8f2>
404047: 83 78 38 00 cmp DWORD PTR [rax+0x38],0x0
40404b: 7e 05 jle 404052 <__sprintf_chk@plt+0x8f2>
40404d: e8 3e fc 00 00 call 413c90 <__sprintf_chk@plt+0x10530>
404052: 48 8b 7c 24 20 mov rdi,QWORD PTR [rsp+0x20]
404057: 48 85 ff test rdi,rdi
40405a: 0f 8e b5 00 00 00 jle 404115 <__sprintf_chk@plt+0x9b5>
404060: 48 8b 74 24 28 mov rsi,QWORD PTR [rsp+0x28]
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: nano 2.4.2-1ubuntu0.1
ProcVersionSignature: Ubuntu 4.2.0-25.30-generic 4.2.6
Uname: Linux 4.2.0-25-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 29 15:13:25 2016
InstallationDate: Installed on 2015-05-08 (266 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
SourcePackage: nano
UpgradeStatus: Upgraded to wily on 2015-11-15 (74 days ago)
** Affects: nano (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug wily
** Description changed:
nusch@XPS13:~$ touch .the_test.swp
- nusch@XPS13:~$ nano .the_test.swp
+ nusch@XPS13:~$ nano the_test
core dumped
LANG env is ="pl_PL.UTF" without it it doen't Segfault so error is connected with unicode handling.
Compiling nano from source(apt-get source - so the same version) doesn't
geneate nano binary which beheaves same way.
The difference is in libncurses>w< library:
nusch@XPS13:~$ ldd /bin/nano
- linux-vdso.so.1 => (0x00007ffe5cb00000)
- libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 (0x00007fdec11c5000) << with w
- libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fdec0f9c000)
- libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdec0bd1000)
- libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdec09cd000)
- /lib64/ld-linux-x86-64.so.2 (0x000055cc1e5d6000)
+ linux-vdso.so.1 => (0x00007ffe5cb00000)
+ libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 (0x00007fdec11c5000) << with w
+ libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fdec0f9c000)
+ libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdec0bd1000)
+ libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdec09cd000)
+ /lib64/ld-linux-x86-64.so.2 (0x000055cc1e5d6000)
nusch@XPS13:~$ ldd /bin/nano_from_src
- linux-vdso.so.1 => (0x00007ffd22d48000)
- libncurses.so.5 => /lib/x86_64-linux-gnu/libncurses.so.5 (0x00007f75dc891000) << without w
- libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f75dc668000)
- libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f75dc29d000)
- libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f75dc099000)
- /lib64/ld-linux-x86-64.so.2 (0x000055f9b15ce000)
-
+ linux-vdso.so.1 => (0x00007ffd22d48000)
+ libncurses.so.5 => /lib/x86_64-linux-gnu/libncurses.so.5 (0x00007f75dc891000) << without w
+ libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f75dc668000)
+ libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f75dc29d000)
+ libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f75dc099000)
+ /lib64/ld-linux-x86-64.so.2 (0x000055f9b15ce000)
Backtrace of segfault:
Program received signal SIGSEGV, Segmentation fault.
- 0x0000000000404047 in ?? ()
+ 0x0000000000404047 in ?? ()
(gdb) bt
#0 0x0000000000404047 in ?? ()
#1 0x00007ffff75d1a40 in __libc_start_main (main=0x403770, argc=2, argv=0x7fffffffe2a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe298) at libc-start.c:289
#2 0x0000000000404329 in ?? ()
-
Disassembly of that part of code:
- 40401d: 0f 84 3c 01 00 00 je 40415f <__sprintf_chk@plt+0x9ff>
- 404023: 83 7c 24 10 00 cmp DWORD PTR [rsp+0x10],0x0
- 404028: 75 0a jne 404034 <__sprintf_chk@plt+0x8d4>
- 40402a: 81 25 1c e8 22 00 ff and DWORD PTR [rip+0x22e81c],0xffffbfff # 632850 <stderr+0x1f0>
- 404031: bf ff ff
- 404034: 48 8b 05 dd e7 22 00 mov rax,QWORD PTR [rip+0x22e7dd] # 632818 <stderr+0x1b8>
- 40403b: 48 8b 80 90 00 00 00 mov rax,QWORD PTR [rax+0x90]
- 404042: 48 85 c0 test rax,rax
- 404045: 74 0b je 404052 <__sprintf_chk@plt+0x8f2>
- 404047: 83 78 38 00 cmp DWORD PTR [rax+0x38],0x0
- 40404b: 7e 05 jle 404052 <__sprintf_chk@plt+0x8f2>
- 40404d: e8 3e fc 00 00 call 413c90 <__sprintf_chk@plt+0x10530>
- 404052: 48 8b 7c 24 20 mov rdi,QWORD PTR [rsp+0x20]
- 404057: 48 85 ff test rdi,rdi
- 40405a: 0f 8e b5 00 00 00 jle 404115 <__sprintf_chk@plt+0x9b5>
- 404060: 48 8b 74 24 28 mov rsi,QWORD PTR [rsp+0x28]
+ 40401d: 0f 84 3c 01 00 00 je 40415f <__sprintf_chk@plt+0x9ff>
+ 404023: 83 7c 24 10 00 cmp DWORD PTR [rsp+0x10],0x0
+ 404028: 75 0a jne 404034 <__sprintf_chk@plt+0x8d4>
+ 40402a: 81 25 1c e8 22 00 ff and DWORD PTR [rip+0x22e81c],0xffffbfff # 632850 <stderr+0x1f0>
+ 404031: bf ff ff
+ 404034: 48 8b 05 dd e7 22 00 mov rax,QWORD PTR [rip+0x22e7dd] # 632818 <stderr+0x1b8>
+ 40403b: 48 8b 80 90 00 00 00 mov rax,QWORD PTR [rax+0x90]
+ 404042: 48 85 c0 test rax,rax
+ 404045: 74 0b je 404052 <__sprintf_chk@plt+0x8f2>
+ 404047: 83 78 38 00 cmp DWORD PTR [rax+0x38],0x0
+ 40404b: 7e 05 jle 404052 <__sprintf_chk@plt+0x8f2>
+ 40404d: e8 3e fc 00 00 call 413c90 <__sprintf_chk@plt+0x10530>
+ 404052: 48 8b 7c 24 20 mov rdi,QWORD PTR [rsp+0x20]
+ 404057: 48 85 ff test rdi,rdi
+ 40405a: 0f 8e b5 00 00 00 jle 404115 <__sprintf_chk@plt+0x9b5>
+ 404060: 48 8b 74 24 28 mov rsi,QWORD PTR [rsp+0x28]
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: nano 2.4.2-1ubuntu0.1
ProcVersionSignature: Ubuntu 4.2.0-25.30-generic 4.2.6
Uname: Linux 4.2.0-25-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 29 15:13:25 2016
InstallationDate: Installed on 2015-05-08 (266 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
SourcePackage: nano
UpgradeStatus: Upgraded to wily on 2015-11-15 (74 days ago)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nano in Ubuntu.
https://bugs.launchpad.net/bugs/1539627
Title:
Buffer underflow in nano 2.4.2-1ubuntu0.1 causes SIGSEGV
Status in nano package in Ubuntu:
New
Bug description:
nusch@XPS13:~$ touch .the_test.swp
nusch@XPS13:~$ nano the_test
core dumped
LANG env is ="pl_PL.UTF" without it it doen't Segfault so error is connected with unicode handling.
Compiling nano from source(apt-get source - so the same version)
doesn't geneate nano binary which beheaves same way.
The difference is in libncurses>w< library:
nusch@XPS13:~$ ldd /bin/nano
linux-vdso.so.1 => (0x00007ffe5cb00000)
libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 (0x00007fdec11c5000) << with w
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fdec0f9c000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdec0bd1000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdec09cd000)
/lib64/ld-linux-x86-64.so.2 (0x000055cc1e5d6000)
nusch@XPS13:~$ ldd /bin/nano_from_src
linux-vdso.so.1 => (0x00007ffd22d48000)
libncurses.so.5 => /lib/x86_64-linux-gnu/libncurses.so.5 (0x00007f75dc891000) << without w
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f75dc668000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f75dc29d000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f75dc099000)
/lib64/ld-linux-x86-64.so.2 (0x000055f9b15ce000)
Backtrace of segfault:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000404047 in ?? ()
(gdb) bt
#0 0x0000000000404047 in ?? ()
#1 0x00007ffff75d1a40 in __libc_start_main (main=0x403770, argc=2, argv=0x7fffffffe2a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe298) at libc-start.c:289
#2 0x0000000000404329 in ?? ()
Disassembly of that part of code:
40401d: 0f 84 3c 01 00 00 je 40415f <__sprintf_chk@plt+0x9ff>
404023: 83 7c 24 10 00 cmp DWORD PTR [rsp+0x10],0x0
404028: 75 0a jne 404034 <__sprintf_chk@plt+0x8d4>
40402a: 81 25 1c e8 22 00 ff and DWORD PTR [rip+0x22e81c],0xffffbfff # 632850 <stderr+0x1f0>
404031: bf ff ff
404034: 48 8b 05 dd e7 22 00 mov rax,QWORD PTR [rip+0x22e7dd] # 632818 <stderr+0x1b8>
40403b: 48 8b 80 90 00 00 00 mov rax,QWORD PTR [rax+0x90]
404042: 48 85 c0 test rax,rax
404045: 74 0b je 404052 <__sprintf_chk@plt+0x8f2>
404047: 83 78 38 00 cmp DWORD PTR [rax+0x38],0x0
40404b: 7e 05 jle 404052 <__sprintf_chk@plt+0x8f2>
40404d: e8 3e fc 00 00 call 413c90 <__sprintf_chk@plt+0x10530>
404052: 48 8b 7c 24 20 mov rdi,QWORD PTR [rsp+0x20]
404057: 48 85 ff test rdi,rdi
40405a: 0f 8e b5 00 00 00 jle 404115 <__sprintf_chk@plt+0x9b5>
404060: 48 8b 74 24 28 mov rsi,QWORD PTR [rsp+0x28]
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: nano 2.4.2-1ubuntu0.1
ProcVersionSignature: Ubuntu 4.2.0-25.30-generic 4.2.6
Uname: Linux 4.2.0-25-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 29 15:13:25 2016
InstallationDate: Installed on 2015-05-08 (266 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
SourcePackage: nano
UpgradeStatus: Upgraded to wily on 2015-11-15 (74 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1539627/+subscriptions
Follow ups
