Bug 1076576 - /usr/bin/lsb segfaults [rzsz]
/usr/bin/lsb segfaults [rzsz]
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Tomáš Chvátal
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-18 12:30 UTC by Dominique Leuenberger
Modified: 2018-04-24 16:11 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique Leuenberger 2018-01-18 12:30:59 UTC
Kinda ran into it by accident, but a segfault nonetheless:

simply invoking "lsb -s" results in a segfault. Ok, the command line might be invalid/incomplete, but a segfault is not the correct answer

(actually I meant to run lsb-release -s - which is how I found this failure)

Program received signal SIGSEGV, Segmentation fault.
0x00005555555575e8 in main (argc=2, argv=0x7fffffffdf18) at lsz.c:476
476				if (isdigit((unsigned char) (*optarg))) {
(gdb) bt
#0  0x00005555555575e8 in main (argc=2, argv=0x7fffffffdf18) at lsz.c:476
(gdb)
Comment 1 Tomáš Chvátal 2018-01-18 12:45:04 UTC
Yea that is "time" argument:
-s HH:MM

The code simply expect the value there :)

                case 's':
                        if (isdigit((unsigned char) (*optarg))) {


I wonder if it is worth any effort as it is completely dead...
Comment 2 Dominique Leuenberger 2018-01-18 12:48:50 UTC
(In reply to Tomáš Chvátal from comment #1)
> Yea that is "time" argument:
> -s HH:MM
> 
> The code simply expect the value there :)
> 
>                 case 's':
>                         if (isdigit((unsigned char) (*optarg))) {
> 
> 
> I wonder if it is worth any effort as it is completely dead...

> lsb -s 12:00
Segmentation fault (core dumped)

Does not work much better :)

or

> lsb -s +15
Segmentation fault (core dumped)

both formats would be acceptable as per lsb --help:
  -s, --stop-at {HH:MM|+N}    stop transmission at HH:MM or in N seconds
Comment 3 Tomáš Chvátal 2018-01-18 12:59:10 UTC
Very disappointing, manpage clearly lies!

Still the same answer, it crashes even on sle11 :D
Comment 4 Dominique Leuenberger 2018-01-18 13:02:53 UTC
(In reply to Tomáš Chvátal from comment #3)
> Very disappointing, manpage clearly lies!
> 
> Still the same answer, it crashes even on sle11 :D

Impressive
Comment 5 Tomáš Chvátal 2018-01-18 13:09:28 UTC
Well the edgy latest version we distribute is also quite new:

0.12.20 30 Dec 1998
Comment 6 Benoît Monin 2018-01-18 19:49:53 UTC
Nice catch! I guess the bug has been with us for 20 years. I ran a quick search in other distributions and none seems to carry a patch for this segfault. A brand new old bug ;)

Digging a bit more:
* All the receive side commands (lrb, ...) correctly interpret '-s' without crashing.
* The corresponding long option '--stop-at' is parsed without error by all commands.
Comment 7 Benoît Monin 2018-01-21 13:55:29 UTC
It was a missing colon in the optstring passed to getopt. Fixed by sr 567976.
Comment 8 Tomáš Chvátal 2018-01-25 09:33:24 UTC
Works, closing as fixed.
Comment 11 Swamp Workflow Management 2018-04-24 16:09:01 UTC
SUSE-SU-2018:1066-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1076576,1086416,1090051
CVE References: CVE-2018-10195
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    rzsz-0.12.21~rc-1001.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    rzsz-0.12.21~rc-1001.3.1
Comment 12 Swamp Workflow Management 2018-04-24 16:11:13 UTC
SUSE-SU-2018:1070-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 1076576,1086416,1090051,529899
CVE References: CVE-2018-10195
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    rzsz-0.12.21~rc-936.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    rzsz-0.12.21~rc-936.3.1