Ubuntu
procps package

watch command line utility crashes with segfault when processing binary output

Bug #965341 reported by Júlio Hoffimann Mendes
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
procps (Debian)
Fix Released
Unknown
procps (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Running the command:

$ watch 'tail sample.dat'

where sample.dat contains binary data, causes 'watch' to crash with segmentation fault.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: procps 1:3.2.8-10ubuntu5
ProcVersionSignature: Ubuntu 3.0.0-16.29-generic 3.0.20
Uname: Linux 3.0.0-16-generic x86_64
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Mon Mar 26 11:22:09 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: procps
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

lp:~ubuntu-treblig/ubuntu/precise/procps/fix-for-bug-965341
Colin Watson: Pending requested
Diff: 95 lines (+37/-1)
6 files modified
.pc/applied-patches (+2/-0)
debian/changelog (+7/-0)
debian/patches/series (+2/-0)
debian/patches/widecharseg.patch (+22/-0)
skill.c (+2/-0)
watch.c (+2/-1)
Revision history for this message
Júlio Hoffimann Mendes (julio-hoffimann) wrote :
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

I can trivially repeat this over here with the attached file on procps 1:3.2.8-11ubuntu6 in precise.

Changed in procps (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Program received signal SIGSEGV, Segmentation fault.
0x0000000000402aa2 in main (argc=2, argv=0x7fffffffe0d8) at watch.c:541
541 watch.c: No such file or directory.
(gdb) where
#0 0x0000000000402aa2 in main (argc=2, argv=0x7fffffffe0d8) at watch.c:541
(gdb) p argv[0]
$1 = 0x7fffffffe3e4 "/usr/bin/watch"
(gdb) p argv[1]
$2 = 0x7fffffffe3f3 "tail sample.dat"
(gdb) p argv[2]
$3 = 0x0
(gdb) p c
$4 = 8067886
(gdb) p/x c
$5 = 0x7b1b2e
(gdb)

line 541 is:

                                                }while (c != WEOF && !isprint(c) && c<128
                                                       && wcwidth(c) == 0
                                                       && c != L'\n'
                                                       && c != L'\t'
                   && (c != L'\033' || option_color != 1));

I'm suspicious that the isprint should be an iswprint but it might need a libc spec person to know whether isprint should
be safe.

Bug Watch Updater (bug-watch-updater)
Changed in procps (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in procps (Debian):
status: New → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in procps (Debian):
status: Fix Committed → Fix Released
Adolfo Jayme Barrientos (fitojb)
Changed in procps (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.