[Bug 1730696] Re: *** buffer overflow detected ***: find terminated
Henning Meyer
1730696 at bugs.launchpad.net
Tue Nov 7 20:18:23 UTC 2017
I can confirm the bug:
There is a blatant stack overflow in the ubuntu 17.10 sources (findutils-4.6.0+git+20170729):
file "find/print.c", function "static char* format_date", line 614 and following
char fmt[6];
/* a few lines later */
strcpy(fmt, "%Y-%m-%d+%T");
that is string is longer than 5 characters
that call should be strncpy anyway
the non-crashing versions (previous ubuntu, also official GNU sources
4.6.0) instead have
strcpy (fmt, "%F+%T");
which does fit exactly into a six byte buffer
The obvious fix is to increase the size of fmt to hold the longer string
there is a comment in the new sources, explaining the motivation
/* Avoid %F, some Unix versions lack it. For example:
HP Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 17 22:59:59 CST 2016
Also, some older HP-UX versions expand %F as the full month (like %B).
Reported by Steven M. Schweda <sms at antinode.info> */
** Bug watch added: Debian Bug tracker #873032
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873032
** Bug watch added: GNU Savannah Bug Tracker #51841
http://savannah.gnu.org/bugs/?51841
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to findutils in Ubuntu.
https://bugs.launchpad.net/bugs/1730696
Title:
*** buffer overflow detected ***: find terminated
Status in findutils package in Ubuntu:
Confirmed
Bug description:
When running find with -printf "%T+ %p\n"
The -printf "%T+ %p\n" worked in previous versions. This is a new bug
in 17.10.
```
> find . -printf "%A+ %p\n"
*** buffer overflow detected ***: find terminated
Aborted (core dumped)
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/findutils/+bug/1730696/+subscriptions
More information about the foundations-bugs
mailing list