1626440 – Out of bounds error combined with Fedora 28 hardening flags leads to crash

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1626440 - Out of bounds error combined with Fedora 28 hardening flags leads to crash

Summary: Out of bounds error combined with Fedora 28 hardening flags leads to crash

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coan
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Jonathan Underwood
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-09-07 10:50 UTC by nils.bjorklund
Modified:	2018-11-14 03:23 UTC (History)
CC List:	3 users (show)
Fixed In Version:	coan-6.0.1-17.fc29 coan-6.0.1-17.fc28
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-11-14 03:11:54 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description nils.bjorklund 2018-09-07 10:50:36 UTC

Description of problem:

The application crashes when processing files with certain pre-processor
conditionals. The reason is an out of bounds std::vector access in the
expression parser. Since Fedora 28 added the -D_GLIBCXX_ASSERTIONS flag, this
triggers an assertion and the application crashes.

The error is actually triggered by test0035.c in the test suite, but tests seem
to be disabled in the spec file.

Version-Release number of selected component (if applicable):
6.0.1-14.fc28.x86_64

How reproducible:
Always

Steps to Reproduce:

1. Download the package source code, either the SRPM or upstream source from
https://sourceforge.net/projects/coan2/files/latest/download.

2. Extract the source code.

3. Manually run the test case:
> coan source -DF001 -UF002 --verbose <path to source tree>/test_coan/test_cases/test0035.c

Actual results:

The application crashes with the following output:

coan: progress 0x00105: Args: source -DFOO1 -UFOO2 --verbose test0035.c 
coan: progress 0x00102: Building input tree
coan: progress 0x00103: To do (1) "/home/nils/rpmbuild/BUILD/coan-6.0.1/test_coan/test_cases/test0035.c"
coan: progress 0x00104: 1 files to process
coan: progress 0x00101: Processing file (1) "/home/nils/rpmbuild/BUILD/coan-6.0.1/test_coan/test_cases/test0035.c"
/**ARGS: source -DFOO1 -UFOO2 */
/**SYSCODE: = 1 | 32 */
/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = expression_parser<parse_buffer>::deletion_code; _Alloc = std::allocator<expression_parser<parse_buffer>::deletion_code>; std::vector<_Tp, _Alloc>::const_reference = const expression_parser<parse_buffer>::deletion_code&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.
Aborted (core dumped)


Expected results:

The source should be processed correctly without crashing and produce the output
given in test0035.c.expect.


Additional info:

I have reported the bug upstream, providing a patch with a fix:
https://sourceforge.net/p/coan2/bugs/92/
However, the project doesn't seem very active.

Comment 1 Jonathan Underwood 2018-09-08 10:16:30 UTC

Thanks for the report and the fix. Am travelling at present, but will push a build with the patch in a week when I'm back. Or, if you're a fedora packager, feel free to add yourself to the package so you can push builds - I'd very much welcome co-maintainers!

Comment 2 Fedora Update System 2018-09-18 23:04:34 UTC

coan-6.0.1-17.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-828aa9746b

Comment 3 Fedora Update System 2018-09-18 23:04:41 UTC

coan-6.0.1-17.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c56b985ffa

Comment 4 Filipe Rosset 2018-09-19 15:22:59 UTC

thanks Jonathan, I saw your message on devel list, you can put my fas user (filiperosset) as maintainer/co-maintainer of this package.

Comment 5 Jonathan Underwood 2018-09-19 17:21:50 UTC

Great, Thanks, have done so.

Comment 6 Fedora Update System 2018-09-20 11:10:33 UTC

coan-6.0.1-17.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-828aa9746b

Comment 7 Fedora Update System 2018-09-20 16:17:40 UTC

coan-6.0.1-17.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c56b985ffa

Comment 8 Jonathan Underwood 2018-09-25 23:13:04 UTC

Hi Filipe. I think, because I've transferred ownership of the package to you and removed myself from the package, i won't be able to push the update I created from testing to stable. Hopefully you can do that. If not, you may have to kick off a new build and update.

Comment 9 Filipe Rosset 2018-09-25 23:57:35 UTC

(In reply to Jonathan Underwood from comment #8)
> Hi Filipe. I think, because I've transferred ownership of the package to you
> and removed myself from the package, i won't be able to push the update I
> created from testing to stable. Hopefully you can do that. If not, you may
> have to kick off a new build and update.

ok, no problem, we just need to wait few more days to reach the 7 days in updates-testing policy (before being able to push to stable)

https://fedoraproject.org/wiki/Updates_Policy

Comment 10 Jonathan Underwood 2018-11-04 12:05:06 UTC

Hi Filipe - these updates are still in testing - can you push to stable please.

Comment 11 Fedora Update System 2018-11-14 03:11:54 UTC

coan-6.0.1-17.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2018-11-14 03:23:27 UTC

coan-6.0.1-17.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.