[Bug 8661] Segmentation fault safe_write (fuzzing)

bugzilla at busybox.net bugzilla at busybox.net
Thu Feb 11 21:49:47 UTC 2016


https://bugs.busybox.net/show_bug.cgi?id=8661

--- Comment #3 from Fernando Muñoz <fernando at null-life.com> ---
Created attachment 6321
  --> https://bugs.busybox.net/attachment.cgi?id=6321&action=edit
minimized test case

Added minimized test case and debugging stacktrace:

(gdb) set follow-fork-mode child
(gdb) run sh bb1.sh 
Starting program: /root/bash/busybox-1.24.1/busybox_unstripped sh bb1.sh
bb1.sh: trap: line 1: -0: invalid signal specification
bb1.sh: set: line 5: illegal option -o 0000000
[New process 10688]
Segmentation fault

Program received signal SIGPIPE, Broken pipe.
[Switching to process 10688]
0xb7fdcc38 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7fdcc38 in __kernel_vsyscall ()
#1  0xb7e9b183 in __write_nocancel () at ../sysdeps/unix/syscall-template.S:81
#2  0x08084544 in safe_write (fd=fd at entry=4, buf=buf at entry=0x84a72bc,
count=count at entry=35) at libbb/safe_write.c:17
#3  0x08083e8f in full_write (fd=fd at entry=4, buf=0x84a72bc, len=35) at
libbb/full_write.c:25
#4  0x0822e119 in expandhere (fd=4, arg=0x84a7294) at shell/ash.c:7267
#5  openhere (redir=<optimized out>, redir=<optimized out>) at shell/ash.c:5091
#6  openredirect (redir=<optimized out>) at shell/ash.c:5151
#7  redirect (redir=<optimized out>, redir at entry=0x84a7234,
flags=flags at entry=3) at shell/ash.c:5323
#8  0x0822f95d in redirectsafe (redir=0x84a7234, flags=flags at entry=3) at
shell/ash.c:5470
#9  0x08236afa in evalcommand (cmd=0x84a725c, flags=0) at shell/ash.c:9278
#10 0x08216838 in evaltree (n=0x84a725c, flags=0) at shell/ash.c:8428
#11 0x0823c9f2 in cmdloop (top=<optimized out>) at shell/ash.c:12143
#12 ash_main (argc=2, argv=0xbffff448) at shell/ash.c:13219
#13 0x0807641b in run_applet_no_and_exit (applet_no=269,
argv=argv at entry=0xbffff448) at libbb/appletlib.c:774
#14 0x08076cef in run_applet_and_exit (name=0xbffff5f1 "sh",
argv=argv at entry=0xbffff448) at libbb/appletlib.c:781
#15 0x080773f5 in busybox_main (argv=0xbffff448) at libbb/appletlib.c:730
#16 run_applet_and_exit (name=<optimized out>, argv=argv at entry=0xbffff444) at
libbb/appletlib.c:783
#17 0x08078177 in main (argc=3, argv=0xbffff444) at libbb/appletlib.c:838

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list