Bug 1111572 - patch segfaults if it can't write *.orig
patch segfaults if it can't write *.orig
Status: CONFIRMED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Development
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Jean Delvare
E-mail List
https://savannah.gnu.org/bugs/index.p...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-11 20:21 UTC by Christian Boltz
Modified: 2022-06-02 16:19 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
reproducer (tar.gz) (2.18 KB, application/octet-stream)
2018-10-11 20:21 UTC, Christian Boltz
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Boltz 2018-10-11 20:21:09 UTC
Created attachment 785784 [details]
reproducer (tar.gz)

Tumbleweed 20181009, patch-2.7.6-3.5.x86_64

I tried to apply a (non-matching) patch, and when patch tried to create the *.orig file, it printed a long list of error messages:

# patch cleanprofile.py < changes.diff
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.orig : Permission denied
[...]
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.orig : Permission denied
patch: **** Can't create file cleanprofile.py.origSegmentation fault (core dumped)

I'd expect _one_ "Permission denied" message, and no segfault.

Reproducer:
- unpack the attached tarball (as user)
- chown root cleanprofile.py.orig (obviously as root)
- run   patch cleanprofile.py < changes.diff   as user

Note: This seems to be related to the files in the attached tarball. If I try with a simple one-line file and a boring patch, patch doesn't segfault. The reproducer files must have something special that send patch into an endless loop.
Comment 1 Jean Delvare 2018-10-16 09:09:29 UTC
Thanks for reporting. I can reproduce the bug with the latest upstream version (from git repository). I can't reproduce the bug with the patch version in Leap 42.3 (patch-2.7.5-9.3.1). So this looks like a regression. I'll bisect it.
Comment 2 Jean Delvare 2018-10-16 09:15:21 UTC
Note that the bug can be reproduced with:

$ chmod -w cleanprofile.py.orig

instead of:

$ chown root cleanprofile.py.orig

So it can be reproduced without being root on the test system.
Comment 3 Jean Delvare 2018-10-16 09:43:29 UTC
Bisection points to this upstream commit:

commit 66fdcf0e7c83a1e2eb4db97b9e24f224db656b65
Author: Andreas Gruenbacher
Date:   Tue Jul 19 22:40:40 2016 +0200

    Fix broken git-style patch behavior

I'll open an upstream bug.
Comment 4 Christian Boltz 2019-09-08 19:09:27 UTC
According to https://savannah.gnu.org/bugs/index.php?54845 this was fixed in upstream git some months ago, but it seems there wasn't a new release since then.

Therefore it's not too surprising that I can still reproduce this bug on current Tumbleweed ;-) - maybe you can convince upstream to do a release?
Comment 5 OBSbugzilla Bot 2022-05-11 06:40:05 UTC
This is an autogenerated message for OBS integration:
This bug (1111572) was mentioned in
https://build.opensuse.org/request/show/976181 Factory / patch
Comment 7 Swamp Workflow Management 2022-06-02 16:19:26 UTC
SUSE-SU-2022:1925-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1080985,1111572,1142041,1198106
CVE References: CVE-2018-6952,CVE-2019-13636
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    patch-2.7.6-150000.5.3.1
openSUSE Leap 15.3 (src):    patch-2.7.6-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    patch-2.7.6-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    patch-2.7.6-150000.5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.