bin/52159: bmake(1) - SIGSEGV attempting to read unassigned Path (i.e. NULL pointer)

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/52159: bmake(1) - SIGSEGV attempting to read unassigned Path (i.e. NULL pointer)
From: jamie%catflap.org@localhost
Date: Thu, 13 Apr 2017 02:45:00 +0000 (UTC)

>Number:         52159
>Category:       bin
>Synopsis:       bmake(1) - SIGSEGV attempting to read unassigned Path (i.e. NULL pointer)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 13 02:45:00 +0000 2017
>Originator:     Jamie Landeg-Jones
>Release:        head
>Organization:
n/a
>Environment:
NetBSD norge 7.0.1_PATCH NetBSD 7.0.1_PATCH (GENERIC.201607220540Z) amd64
>Description:
** NOTE: I use FreeBSD, but I confirmed the problem occurs with the sdf.org public access NetBSD system, and confirmed via your cvsweb that the version I'm running is the same version as your current.

> FreeBSD lapcat.dyslexicfish.net 11.0-STABLE FreeBSD 11.0-STABLE #0: Thu Dec  8 02:44:51 GMT 2016     root%lapcat.dyslexicfish.net@localhost:/usr/obj/usr/src/sys/LAPCAT  amd64

(I also synced my FreeBSD version to HEAD before reporting)

Basically, make SIGSEGVs when a directory path contains a "$" character. Yeah, I know, I know, but it's still a legal character, and I found this in the "real world" not by looking for bugs.
>How-To-Repeat:
> mkdir '$$'
> cd '$$'
> make
Segmentation fault (core dumped)
>Fix:
Something is causing the value (struct Path) for "dot" to be unassigned when a dollar exists in the pathame, in the function "Dir_Expand" (dir.c)

When this functions calls DirMatchFiles on this entry, it therefore sigsevs.

This is higlighted with the following assert patch:

03:39 (62) "$kdjd" root@lapcat# diff -u /usr/src/contrib/bmake/dir.c.orig /usr/src/contrib/bmake/dir.c
--- /usr/src/contrib/bmake/dir.c.orig   2017-04-12 20:08:13.000000000 +0100
+++ /usr/src/contrib/bmake/dir.c        2017-04-13 02:57:26.688274000 +0100
@@ -141,6 +141,7 @@
 #include <dirent.h>
 #include <errno.h>
 #include <stdio.h>
+#include <assert.h>

 #include "make.h"
 #include "hash.h"
@@ -911,6 +912,7 @@
            /*
             * First the files in dot
             */
+           assert (dot != NULL);
            DirMatchFiles(word, dot, expansions);

            /*

...

*134* 03:41 (68) "$kdjd" root@lapcat# pwd
/usr/src/usr.bin/bmake/xx/$kdjd
03:41 (69) "$kdjd" root@lapcat# ../../make
Assertion failed: (dot != NULL), function Dir_Expand, file /usr/src/contrib/bmake/dir.c, line 915.
Abort (core dumped)

Prev by Date: bin/52158: rc.subr use env(1) which resides on /usr/bin
Next by Date: kern/52160: panic: assert_sleepable
Previous by Thread: bin/52158: rc.subr use env(1) which resides on /usr/bin
Next by Thread: kern/52160: panic: assert_sleepable
Indexes:

Home | Main Index | Thread Index | Old Index