pkg/50368: libcanna crash with ~/.canna which contains set-key

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/50368: libcanna crash with ~/.canna which contains set-key
From: nakayama%NetBSD.org@localhost
Date: Sun, 25 Oct 2015 08:30:00 +0000 (UTC)

>Number:         50368
>Category:       pkg
>Synopsis:       libcanna crash with ~/.canna which contains set-key
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 25 08:30:00 +0000 2015
>Originator:     Takeshi Nakayama
>Release:        pkgsrc as of 2015-10-24
>Organization:
>Environment:
System: NetBSD nyx 7.0 NetBSD 7.0 (NYX) #0: Wed Oct 21 15:04:52 JST 2015 takeshi@nyx:/usr/src/sys/arch/sparc64/compile/NYX32 sparc64
Architecture: sparc64
Machine: sparc64
>Description:
	Applications using libcanna crashes as below if ~/.canna
	contains (set-key ...).

Program received signal SIGSEGV, Segmentation fault.
0xffffffffff23121c in regist_act_hash () from /usr/pkg/lib/libcanna16.so.1
(gdb) where
#0  0xffffffffff23121c in regist_act_hash () from /usr/pkg/lib/libcanna16.so.1
#1  0xffffffffff232248 in G169_changeKeyfunc ()
   from /usr/pkg/lib/libcanna16.so.1
#2  0xffffffffff21cca8 in Lsetkey () from /usr/pkg/lib/libcanna16.so.1
#3  0xffffffffff21efd0 in Leval.constprop.65 ()
   from /usr/pkg/lib/libcanna16.so.1
#4  0xffffffffff221c18 in G133_YYparse_by_rcfilename ()
   from /usr/pkg/lib/libcanna16.so.1
#5  0xffffffffff234ce0 in G321_parse () from /usr/pkg/lib/libcanna16.so.1
#6  0xffffffffff22f950 in KC_initialize () from /usr/pkg/lib/libcanna16.so.1
#7  0xffffffffff231050 in G282_kanjiControl ()
   from /usr/pkg/lib/libcanna16.so.1
#8  0xffffffffff218138 in IROHA_G301_XKanjiControl2 ()
   from /usr/pkg/lib/libcanna16.so.1
#9  0x000000000010d7a4 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Dump of assembler code for function regist_act_hash:
   0xffffffffff2311e0 <+0>:     save  %sp, -176, %sp
   0xffffffffff2311e4 <+4>:     add  %i0, %i1, %g3
   0xffffffffff2311e8 <+8>:     sethi  %hi(0x800), %g1
   0xffffffffff2311ec <+12>:    srax  %g3, 0x3f, %g2
   0xffffffffff2311f0 <+16>:    or  %g1, 0xf8, %g1
   0xffffffffff2311f4 <+20>:    srlx  %g2, 0x3a, %g2
   0xffffffffff2311f8 <+24>:    add  %g3, %g2, %g3
   0xffffffffff2311fc <+28>:    and  %g3, 0x3f, %g3
   0xffffffffff231200 <+32>:    sethi  %hi(0x135800), %l7
   0xffffffffff231204 <+36>:    call  0xffffffffff2580e0 <__sparc_get_pc_thunk.l7>
   0xffffffffff231208 <+40>:    add  %l7, 0x3fc, %l7    ! 0x135bfc
   0xffffffffff23120c <+44>:    sub  %g3, %g2, %g2
   0xffffffffff231210 <+48>:    ldx  [ %l7 + %g1 ], %g1
   0xffffffffff231214 <+52>:    srl  %g2, 0, %g2
   0xffffffffff231218 <+56>:    sllx  %g2, 3, %g2
=> 0xffffffffff23121c <+60>:    ldx  [ %g1 + %g2 ], %i5
   0xffffffffff231220 <+64>:    brz,a,pn   %i5, 0xffffffffff2312a0 <regist_act_hash+192>
   0xffffffffff231224 <+68>:    add  %g2, %g1, %i5
   0xffffffffff231228 <+72>:    ldx  [ %i5 ], %g1
   0xffffffffff23122c <+76>:    cmp  %g1, %i0

(gdb) print/x $g1
$2 = 0xffffffffff371228
(gdb) print/x $g2
$3 = 0x7fffffe78

>How-To-Repeat:
	Use applications using libcanna.

>Fix:
	Applying patch in canna's repository fixes the probrem.

https://osdn.jp/cvs/view/canna/canna/lib/canna/keydef.c?r1=1.2&r2=1.3

* lib/RK/ncache.c(hash): consider negative pointer
* lib/canna/keydef.c(createHashKey): ditto

Prev by Date: pkg/50365: libusb in pkg had a flaw
Next by Date: Re: pkg/50368 (libcanna crash with ~/.canna which contains set-key)
Previous by Thread: pkg/50365: libusb in pkg had a flaw
Next by Thread: Re: pkg/50368 (libcanna crash with ~/.canna which contains set-key)
Indexes:

Home | Main Index | Thread Index | Old Index