Ticket #3606 (closed defect: fixed)

Opened 8 years ago

Last modified 8 years ago

[BUG] segfault on SHELL=bash

Reported by: and Owned by: andrew_b
Priority: major Milestone: 4.8.17
Component: mc-core Version: 4.8.16
Keywords: Cc:
Blocked By: Blocking:
Branch state: merged Votes for changeset: committed-master


When using non-path SHELL variable like

$ SHELL=bash /usr/bin/mc

we will hit segfault at

==18747==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff92915602d bp 0x7ff92a327300 sp 0x7ffdcd67b698 T0)
    #0 0x7ff92915602c  (/lib64/libc.so.6+0x9e02c)
    #1 0x44d865 in __interceptor_strstr (/usr/bin/mc+0x44d865)
    #2 0x7ff92a233dd6 in mc_shell_recognize_and_fill_type /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/shell.c:151:52
    #3 0x7ff92a233dd6 in mc_shell_init /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/shell.c:233
    #4 0x4f7b92 in OS_Setup /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:128:5
    #5 0x4f7b92 in main /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:250
    #6 0x7ff9290d88fb in __libc_start_main (/lib64/libc.so.6+0x208fb)
    #7 0x427148 in _start (/usr/bin/mc+0x427148)

root cause is not checking null case when filling mc_shell->real_path variable from mc_realpath()/realpath().

Change History

comment:1 Changed 8 years ago by andrew_b

  • Status changed from new to accepted
  • Owner set to andrew_b

comment:2 Changed 8 years ago by andrew_b

  • Version changed from master to 4.8.16
  • Milestone changed from Future Releases to 4.8.17

comment:3 Changed 8 years ago by zaytsev

  • Votes for changeset set to zaytsev
  • Branch state changed from no branch to approved

comment:4 Changed 8 years ago by andrew_b

  • Status changed from accepted to testing
  • Votes for changeset changed from zaytsev to committed-master
  • Resolution set to fixed
  • Branch state changed from approved to merged

Merged to master: [787cea240feef1392741be1043fd7bf18f0d7c48].

git log --pretty=oneline b678d3b..787cea2

comment:5 Changed 8 years ago by andrew_b

  • Status changed from testing to closed
Note: See TracTickets for help on using tickets.