bug#29564: Segmentation fault if print command is issued

Mon, 04 Dec 2017 08:27:33 -0800 

Hello,

I found a bug while fuzzing parted. A test case that triggers the
segmentation fault is attached.

Is there any way for me to track the issue status on some sort of bug
tracker?


- Trigger the bug
parted 'f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33' print


- parted --version
parted (GNU parted) 3.2
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by
<http://git.debian.org/?p=parted/parted.git;a=blob_plain;f=AUTHORS>.


Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0xd31bc09c
RBX: 0x7fffffffcd00 ("44444444\023")
RCX: 0x7ffff7bc5be0 --> 0x7707309600000000
RDX: 0x67 ('g')
RSI: 0x7fffffffcd13 ('4' <repeats 143 times>, ":", '4' <repeats 41
times>, "$", '4' <repeats 14 times>...)
RDI: 0x7ffffffff000
RBP: 0x13
RSP: 0x7fffffffc6c8 --> 0x7ffff7baff6a (cmp    DWORD PTR [rbx+0x10],eax)
RIP: 0x7ffff7bb58f8 (<__efi_crc32+24>:    movzx  edx,BYTE PTR [rdi])
R8 : 0x5555557cb040 --> 0x5555557cb470 --> 0x0
R9 : 0x555555790f70
(".../filtered/f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33")
R10: 0x7ffff74cdbe0 --> 0x0
R11: 0x0
R12: 0x10
R13: 0x555555791798 --> 0x555555769980 --> 0x0
R14: 0x7fffffffc6f0 --> 0x100000089
R15: 0x7fffffffcd00 ("44444444\023")
EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff7bb58ec <__efi_crc32+12>:    add    rsi,rdi
   0x7ffff7bb58ef <__efi_crc32+15>:    mov    eax,edx
   0x7ffff7bb58f1 <__efi_crc32+17>:    nop    DWORD PTR [rax+0x0]
=> 0x7ffff7bb58f8 <__efi_crc32+24>:    movzx  edx,BYTE PTR [rdi]
   0x7ffff7bb58fb <__efi_crc32+27>:    add    rdi,0x1
   0x7ffff7bb58ff <__efi_crc32+31>:    xor    edx,eax
   0x7ffff7bb5901 <__efi_crc32+33>:    shr    eax,0x8
   0x7ffff7bb5904 <__efi_crc32+36>:    movzx  edx,dl
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffc6c8 --> 0x7ffff7baff6a (cmp    DWORD PTR [rbx+0x10],eax)
0008| 0x7fffffffc6d0 --> 0x7fffffffcd00 ("44444444\023")
0016| 0x7fffffffc6d8 --> 0x7fffffffc900 ('a' <repeats 180 times>,
"xaaaa]", 'a' <repeats 14 times>...)
0024| 0x7fffffffc6e0 --> 0x7fffffffd950 --> 0x7ffff7dd2530 -->
0x7ffff7dd23b0 --> 0x7ffff7dd23d0 --> 0x7ffff7dd23f0 (--> ...)
0032| 0x7fffffffc6e8 --> 0x7ffff7bb0100 (<nilfs2_probe+384>:    test  
eax,eax)
0040| 0x7fffffffc6f0 --> 0x100000089
0048| 0x7fffffffc6f8 --> 0x555555776da0 --> 0x555555776dd8 ("INTERNAL")
0056| 0x7fffffffc700 --> 0x7fffffffd820 ('a' <repeats 22 times>, "@",
'a' <repeats 177 times>...)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff7bb58f8 in __efi_crc32 () from /usr/lib/libparted.so.2

Attachment: f01:id:000002,sig:11,src:000220,op:arith8,pos:2568,val:-33
Description: Binary data

Reply via email to