[Bug 1641592] Re: nano 2.5.3-2 on Xenial crashes with long paths on lockfiles
Benno Schulenberg
benno at vertaalt.nl
Mon Nov 14 18:34:39 UTC 2016
This is a duplicate of upstream bug https://savannah.gnu.org/bugs/?47511
.
The problem was fixed in git, commit fb9585e. See attached patch. The
fix is in version 2.6.0 and higher.
Thanks for reporting.
** Bug watch added: GNU Savannah Bug Tracker #47511
http://savannah.gnu.org/bugs/?47511
** Patch added: "fixes the crash when finding lockfiles for long names"
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+attachment/4777372/+files/allocate-enough-space.patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nano in Ubuntu.
https://bugs.launchpad.net/bugs/1641592
Title:
nano 2.5.3-2 on Xenial crashes with long paths on lockfiles
Status in nano package in Ubuntu:
New
Bug description:
# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
# apt-cache policy nano
nano:
Installed: 2.5.3-2
Candidate: 2.5.3-2
Reproducer:
1. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999
2. <ctrl-z>
3. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999
4. <answer y/n to the lockfile question>
5. <nano should segfault>
Quick dissection:
Looking at function do_lockfile in files.c, it seems that promptstr is statically allocated to 128 characters. Now with a sufficiently long filename, the following sprintf() call will overflow the allocated promptstr buffer and corrupt memory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+subscriptions
More information about the foundations-bugs
mailing list