bug in file when using -c
Paul van Genderen
paulvg at member.fsf.org
Tue Apr 4 13:09:14 BST 2006
Hi,
The '-c' parameter in the file command didn't work (segfault), so I
wanted to write a bug report about it. While chasing the bug, as writing
a report requires you to do, I found something interesting:
ubuntu at ubuntu:~$ file -c Examples/LICENSES.TXT
Segmentatie fout
ubuntu at ubuntu:~$ export LANG=C
ubuntu at ubuntu:~$ file -c Examples/LICENSES.TXT
(null), 0: Warning using regular magic file `/etc/magic'
cont offset type opcode mask value desc
Suddenly this seemed to be a translation bug, but upon investigating it
further, it seems to come down to the function magic_open in magic.c. It
does a malloc to allocate a struct magic_set, but doesn't fully
initialise the values:
(gdb) run
Starting program: /usr/bin/file -c ~/Examples/LICENSE.TXT
Breakpoint 5, main (argc=3, argv=0xbff98b74) at file.c:284
284 magic = magic_open(flags|MAGIC_CHECK);
(gdb) print magic
$23 = (struct magic_set *) 0x0
(gdb) step 1
magic_open (flags=64) at magic.c:87
warning: Source file is more recent than executable.
87 if ((ms = malloc(sizeof(struct magic_set))) == NULL)
(gdb) print ms
$24 = (struct magic_set *) 0xb7f61020
(gdb) print ms->file
$25 = 0x8b000001 <Address 0x8b000001 out of bounds>
(gdb) step 1
90
(gdb) print ms->file
$26 = 0x45505954 <Address 0x45505954 out of bounds>
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xb7e852a3 in strlen () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#1 0xb7e592f7 in vfprintf () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#2 0xb7e55d7c in cuserid () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#3 0xb7e55fbb in vfprintf () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#4 0xb7e5e6af in fprintf () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#5 0xb7f6c5e1 in file_magwarn (ms=0x804d230,
f=0xb7f6d85e "using regular magic file `%s'") at print.c:144
144 (void) fprintf(stderr, "%s, %lu: Warning ", ms->file,
(gdb) print ms->file
$27 = 0x45505954 <Address 0x45505954 out of bounds>
Clearly the uninitialised ms->file causes the segfault. strlen tries to
access the pointer and Linux promptly sends SIGSEGV as it should. What I
don't yet understand is why when I set the LANG environment variable to
C, the pointer is a NULL pointer, as shown in the above output example,
and verifiable with gdb:
Breakpoint 1, magic_open (flags=64) at magic.c:87
87 if ((ms = malloc(sizeof(struct magic_set))) == NULL)
(gdb) print ms->file
$4 = 0x8b000001 <Address 0x8b000001 out of bounds>
(gdb) step 1
90 if (magic_setflags(ms, flags) == -1) {
(gdb) print ms->file
$5 = 0x0
I've added a call to memset after line 88, here's the diff:
88a89
> memset((void *)ms, 0, sizeof(struct magic_set));
This proved to be a useful workaround:
ubuntu at ubuntu:~$ echo $LANG
nl_NL.UTF-8
ubuntu at ubuntu:~$ file -c ~/Examples/LICENSES.TXT
(null), 0: Warning using regular magic file `/etc/magic'
cont offset type opcode mask value desc
But then the null pointer still looks ugly. So I chose to fix that in
apprentice_map in apprentice.c, by adding the following line after line
1057 (after the block of variable defines):
ms->file = fn;
Here's the diff:
1057a1058
> ms->file = fn;
This fixed the null pointer problem regardless of the LANG environment
variable:
ubuntu at ubuntu:~$ export LANG=C
ubuntu at ubuntu:~$ file -c Examples/LICENSES.TXT
/etc/magic, 0: Warning using regular magic file `/etc/magic'
cont offset type opcode mask value desc
ubuntu at ubuntu:~$ export LANG=nl_NL.UTF-8
ubuntu at ubuntu:~$ file -c Examples/LICENSES.TXT
/etc/magic, 0: Warning using regular magic file `/etc/magic'
cont offset type opcode mask value desc
So after this discovery I filled in the bugreport form. It's reported
here: https://launchpad.net/distros/ubuntu/+source/file/+bug/38015 and I
have some questions:
1) I don't know exactly what magic -c should do, is this the right fix?
I suspect not.
2) Is the bug report ok?
3) Did I correctly assign it to myself? Should someone else have it?
4) Do I have to mail the upstream or Debian maintainer about this?
Thank you all,
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Dit berichtdeel is digitaal ondertekend
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060404/49ac9409/attachment.pgp
More information about the ubuntu-devel
mailing list