Package: trn4 Version: 4.0-test77-5 Severity: normal Hi,
Thanks for fortifying the latest trn on Debian :-) I'm trying trn on a news server that I don't use it with very often. I have used trn on this server and this newsgroup before but not, apparently, for many thousands of articles. On entering the newsgroup, trn4 crashes whilst applying the killfile. The backtrace suggests that fortify has detected a buffer overflow. I have found that the crash doesn't happen if compiled with DEB_BUILD_OPTIONS=noopt so I suspect it's optimisation changing the ordering or some assumptions about something. Attached is a gdb backtrace, I also have a capture of the NNTP conversation but it's a bit big (15Mb uncompressed). Thanks Nick -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (700, 'testing'), (600, 'stable-updates'), (600, 'stable'), (180, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages trn4 depends on: ii base-files 6.9 ii debconf [debconf-2.0] 1.5.44 ii inn2-inews [inews] 2.5.3-1 ii libc6 2.13-33 ii libtinfo5 5.9-10 Versions of packages trn4 recommends: ii nullmailer [mail-transport-agent] 1:1.11-1 Versions of packages trn4 suggests: ii ispell 3.3.02-5 -- debconf information: shared/news/server: george trn4/whoami-change: trn4/mail-name:
[/testing: leveret@george ~/backports/trn4-4.0-test77]$ gdb debian/trn4/usr/lib/trn4/trn GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn...done. (gdb) run Starting program: /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn Newsrcs a 1 Local b 2 olduse.net d 3 News.individual.net e 4 nntp.perl.org f 5 news.gmane.org g 6 Spamcop.net i 7 Zen Internet j 8 AIOE.org l 9 Gazeta.pl -- Select a newsrc group (natural order) -- All [Z>] -- The requested newsrc is locked by process 16952 on host george. That process does not seem to exist anymore. The count of read articles may be incorrect in the last newsgroup accessed by that other (defunct) process. Connecting to news.individual.net...Done. Unread news in uk.comp.os.linux 2046 articles Unread news in uk.media.radio.archers 32398 articles Unread news in uk.d-i-y 113950 articles Unread news in uk.tech.broadcast 7671 articles Unread news in alt.support.autism 1417 articles etc. Newsgroups (group #3: News.individual.net) 21 groups a 2046 uk.comp.os.linux b 32398 uk.media.radio.archers d 113950 uk.d-i-y e 7671 uk.tech.broadcast f 1417 alt.support.autism g 36 uk.rec.subterranea i 1549 uk.rec.models.rail j 13379 uk.transport.london l 507 uk.singles o 82120 uk.railway r 587 alt.society.nottingham s 54 uk.net.news.announce t 3360 uk.telecom u 5946 uk.telecom.broadband v 1394 uk.adverts.computer w 125 uk.comp.vintage x 266 alt.support.attn-deficit y 611 comp.arch.embedded z 9 comp.os.linux.embedded 1 1 comp.os.linux.powerpc 2 1127 uk.net.news.config -- Select a newsgroup (natural order) -- All [Z>] -- Entering uk.media.radio.archers: Getting overview file. [*************************] Processing memorized commands... /cave...@yahoo.com/f:T, /same@same/f:j /hugh oxford/f:j /: *Where in the world does /:j /an optical [ai]llusion that will as/j /mindbender/j /cheap cigarettes/j /this is badass/j /great events web site/j /leospider.zzn/f:j /get paid to/j /win millions/j /c.*a.*b.*l.*e.*d.*e.*s.*c.*r.*a.*m.*b.*l.*e.*r/j /c.*a.*b.*l.*e.*b.*o.*x.*i.*n.*s.*t.*r.*u/j /b.*u.*i.*l.*d.*c.*a.*b.*l.*e.*b.*o.*x/j /crosswinds.net.*is the worst/j / cents per minute/j /ben.d...@freeuk.com/f:j /annihilato...@erlenstar.demon.co.uk/f:j /@votenader.org/f:j /matt.*parker/f:j /nan-soccer-team@invalid.invalid/f:j /flowerboy[0-9]*@fastmail.fm/f:j /Donate .* by betting/j /www.badabam/j /famousbrandwatch/f:j /gregpalast/f:j /Here it is. The smoking gun/j /What Amazon doesn't want you to know/j /mait...@aol.com/f:j /m...@israel.isl/f:T, /Factory pressed dvd movies/j /philkyle2...@hotmail.com/f:T, /leverton/Hreferences:+ S:1 *** buffer overflow detected ***: /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn terminated ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff7269f07] /lib/x86_64-linux-gnu/libc.so.6(+0xebdc0)[0x7ffff7268dc0] /lib/x86_64-linux-gnu/libc.so.6(+0xeb219)[0x7ffff7268219] /lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0x85)[0x7ffff71f1285] /lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x2523)[0x7ffff71c19a3] /lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x9d)[0x7ffff72682bd] /lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7f)[0x7ffff72681ff] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x407827] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x40810f] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x41539b] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x4164b7] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x41d511] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x439036] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x4447c6] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x438d7a] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x40318d] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7ffff719bead] /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn[0x40325d] ======= Memory map: ======== 00400000-00478000 r-xp 00000000 08:08 302844 /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn 00678000-00679000 r--p 00078000 08:08 302844 /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn 00679000-0067c000 rw-p 00079000 08:08 302844 /home/leveret/backports/trn4-4.0-test77/debian/trn4/usr/lib/trn4/trn 0067c000-01942000 rw-p 00000000 00:00 0 [heap] 7ffff6540000-7ffff6555000 r-xp 00000000 08:07 410861 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6555000-7ffff6755000 ---p 00015000 08:07 410861 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6755000-7ffff6756000 rw-p 00015000 08:07 410861 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6756000-7ffff675b000 r-xp 00000000 08:07 221337 /lib/x86_64-linux-gnu/libnss_dns-2.13.so 7ffff675b000-7ffff695a000 ---p 00005000 08:07 221337 /lib/x86_64-linux-gnu/libnss_dns-2.13.so 7ffff695a000-7ffff695b000 r--p 00004000 08:07 221337 /lib/x86_64-linux-gnu/libnss_dns-2.13.so 7ffff695b000-7ffff695c000 rw-p 00005000 08:07 221337 /lib/x86_64-linux-gnu/libnss_dns-2.13.so 7ffff695c000-7ffff695e000 r-xp 00000000 08:07 55968 /lib/libnss_mdns4_minimal.so.2 7ffff695e000-7ffff6b5d000 ---p 00002000 08:07 55968 /lib/libnss_mdns4_minimal.so.2 7ffff6b5d000-7ffff6b5e000 rw-p 00001000 08:07 55968 /lib/libnss_mdns4_minimal.so.2 7ffff6b5e000-7ffff6b69000 r-xp 00000000 08:07 223135 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7ffff6b69000-7ffff6d68000 ---p 0000b000 08:07 223135 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7ffff6d68000-7ffff6d69000 r--p 0000a000 08:07 223135 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7ffff6d69000-7ffff6d6a000 rw-p 0000b000 08:07 223135 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7ffff6d6a000-7ffff6d74000 r-xp 00000000 08:07 222825 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7ffff6d74000-7ffff6f73000 ---p 0000a000 08:07 222825 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7ffff6f73000-7ffff6f74000 r--p 00009000 08:07 222825 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7ffff6f74000-7ffff6f75000 rw-p 0000a000 08:07 222825 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7ffff6f75000-7ffff6f7c000 r-xp 00000000 08:07 221274 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7ffff6f7c000-7ffff717b000 ---p 00007000 08:07 221274 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7ffff717b000-7ffff717c000 r--p 00006000 08:07 221274 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7ffff717c000-7ffff717d000 rw-p 00007000 08:07 221274 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7ffff717d000-7ffff72fa000 r-xp 00000000 08:07 97439 /lib/x86_64-linux-gnu/libc-2.13.so 7ffff72fa000-7ffff74fa000 ---p 0017d000 08:07 97439 /lib/x86_64-linux-gnu/libc-2.13.so 7ffff74fa000-7ffff74fe000 r--p 0017d000 08:07 97439 /lib/x86_64-linux-gnu/libc-2.13.so 7ffff74fe000-7ffff74ff000 rw-p 00181000 08:07 97439 /lib/x86_64-linux-gnu/libc-2.13.so 7ffff74ff000-7ffff7504000 rw-p 00000000 00:00 0 7ffff7504000-7ffff7519000 r-xp 00000000 08:07 222092 /lib/x86_64-linux-gnu/libnsl-2.13.so 7ffff7519000-7ffff7718000 ---p 00015000 08:07 222092 /lib/x86_64-linux-gnu/libnsl-2.13.so 7ffff7718000-7ffff7719000 r--p 00014000 08:07 222092 /lib/x86_64-linux-gnu/libnsl-2.13.so 7ffff7719000-7ffff771a000 rw-p 00015000 08:07 222092 /lib/x86_64-linux-gnu/libnsl-2.13.so 7ffff771a000-7ffff771c000 rw-p 00000000 00:00 0 7ffff771c000-7ffff772f000 r-xp 00000000 08:07 208173 /lib/x86_64-linux-gnu/libresolv-2.13.so 7ffff772f000-7ffff792e000 ---p 00013000 08:07 208173 /lib/x86_64-linux-gnu/libresolv-2.13.so 7ffff792e000-7ffff792f000 r--p 00012000 08:07 208173 /lib/x86_64-linux-gnu/libresolv-2.13.so 7ffff792f000-7ffff7930000 rw-p 00013000 08:07 208173 /lib/x86_64-linux-gnu/libresolv-2.13.so 7ffff7930000-7ffff7932000 rw-p 00000000 00:00 0 7ffff7932000-7ffff79b3000 r-xp 00000000 08:07 222058 /lib/x86_64-linux-gnu/libm-2.13.so 7ffff79b3000-7ffff7bb2000 ---p 00081000 08:07 222058 /lib/x86_64-linux-gnu/libm-2.13.so 7ffff7bb2000-7ffff7bb3000 r--p 00080000 08:07 222058 /lib/x86_64-linux-gnu/libm-2.13.so 7ffff7bb3000-7ffff7bb4000 rw-p 00081000 08:07 222058 /lib/x86_64-linux-gnu/libm-2.13.so 7ffff7bb4000-7ffff7bd9000 r-xp 00000000 08:07 145567 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7ffff7bd9000-7ffff7dd8000 ---p 00025000 08:07 145567 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7ffff7dd8000-7ffff7ddc000 r--p 00024000 08:07 145567 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7ffff7ddc000-7ffff7ddd000 rw-p 00028000 08:07 145567 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7ffff7ddd000-7ffff7dfd000 r-xp 00000000 08:07 335059 /lib/x86_64-linux-gnu/ld-2.13.so 7ffff7fcc000-7ffff7fd0000 rw-p 00000000 00:00 0 7ffff7ff3000-7ffff7ffb000 rw-p 00000000 00:00 0 7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 0001f000 08:07 335059 /lib/x86_64-linux-gnu/ld-2.13.so 7ffff7ffd000-7ffff7ffe000 rw-p 00020000 08:07 335059 /lib/x86_64-linux-gnu/ld-2.13.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff71af475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff71af475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff71b26f0 in *__GI_abort () at abort.c:92 #2 0x00007ffff71e92fb in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x00007ffff7269f07 in *__GI___fortify_fail (msg=0x7ffff72c7c20 "buffer overflow detected") at fortify_fail.c:32 #4 0x00007ffff7268dc0 in *__GI___chk_fail () at chk_fail.c:29 #5 0x00007ffff7268219 in _IO_str_chk_overflow (fp=0x4246, c=16966) at vsprintf_chk.c:35 #6 0x00007ffff71f1285 in _IO_default_xsputn (f=0x7fffffffd620, data=<optimized out>, n=6) at genops.c:485 #7 0x00007ffff71c19a3 in _IO_vfprintf_internal (s=0x7fffffffd620, format=0x46ba32 "%s: %s", ap=0x7fffffffd750) at vfprintf.c:1623 #8 0x00007ffff72682bd in ___vsprintf_chk ( s=0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., flags=1, slen=1025, format=0x46ba32 "%s: %s", args=0x7fffffffd750) at vsprintf_chk.c:87 #9 0x00007ffff72681ff in ___sprintf_chk (s=0x4246 <Address 0x4246 out of bounds>, flags=16966, flags@entry=1, slen=6, slen@entry=1025, format=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, format@entry=0x46ba32 "%s: %s") at sprintf_chk.c:33 #10 0x0000000000407827 in sprintf (__fmt=0x46ba32 "%s: %s", __s=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34 #11 wanted (compex=compex@entry=0x6a3f80, artnum=619614, scope=scope@entry=2) at artsrch.c:400 #12 0x000000000040810f in art_search ( patbuf=patbuf@entry=0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., patbufsiz=patbufsiz@entry=1025, get_cmd=get_cmd@entry=0) at artsrch.c:346 #13 0x000000000041539b in do_kfile (kfp=0x6dc810, entering=entering@entry=1) at kfile.c:207 #14 0x00000000004164b7 in kill_unwanted (starting=604261, message=message@entry=0x461d18 "Processing memorized commands...\n\n", entering=1) at kfile.c:369 #15 0x000000000041d511 in do_newsgroup (start_command=0x67e538 "") at ng.c:174 #16 0x0000000000439036 in sel_dogroups () at rt-select.c:261 #17 newsgroup_selector () at rt-select.c:419 #18 0x00000000004447c6 in do_multirc () at trn.c:183 #19 0x0000000000438d7a in multirc_selector () at rt-select.c:344 #20 0x000000000040318d in main (argc=1, argv=0x7fffffffe0f8) at trn.c:126 (gdb) bt full #0 0x00007ffff71af475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 pid = <optimized out> selftid = <optimized out> #1 0x00007ffff71b26f0 in *__GI_abort () at abort.c:92 act = {__sigaction_handler = {sa_handler = 0x7fffffffc648, sa_sigaction = 0x7fffffffc648}, sa_mask = {__val = {140737488340528, 140737488348165, 68, 140737340275938, 3, 140737488340538, 6, 140737340275942, 2, 140737488340526, 2, 140737340266945, 1, 140737340275938, 3, 140737488340532}}, sa_flags = 12, sa_restorer = 0x7ffff72c7ce6} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007ffff71e92fb in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffcf30, reg_save_area = 0x7fffffffce40}} ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffcf30, reg_save_area = 0x7fffffffce40}} fd = 13 on_2 = <optimized out> list = <optimized out> nlist = 0 cp = <optimized out> written = false #3 0x00007ffff7269f07 in *__GI___fortify_fail (msg=0x7ffff72c7c20 "buffer overflow detected") at fortify_fail.c:32 No locals. #4 0x00007ffff7268dc0 in *__GI___chk_fail () at chk_fail.c:29 No locals. #5 0x00007ffff7268219 in _IO_str_chk_overflow (fp=0x4246, c=16966) at vsprintf_chk.c:35 No locals. #6 0x00007ffff71f1285 in _IO_default_xsputn (f=0x7fffffffd620, data=<optimized out>, n=6) at genops.c:485 s = 0xd85db4 "ew.co.uk>" more = 9 #7 0x00007ffff71c19a3 in _IO_vfprintf_internal (s=0x7fffffffd620, format=0x46ba32 "%s: %s", ap=0x7fffffffd750) at vfprintf.c:1623 len = <optimized out> string_malloced = 8 step0_jumps = {0, -13935, -14883, -14791, -14690, -14598, -14494, -14226, -12567, -13447, -13364, -12718, -12142, -12038, -11852, -5808, -11597, -5941, -7859, -7844, -6890, -9481, -7222, -6962, -6169, -6597, -7507, -11936, -12038, -14320} space = 0 is_short = 0 use_outdigits = 0 step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -13447, -13364, -12718, -12142, -12038, -11852, -5808, -11597, -5941, -7859, -7844, -6890, -9481, -7222, -6962, -6169, -6597, -7507, -11936, -12038, 0} group = 0 prec = <optimized out> step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -13364, -12718, -12142, -12038, -11852, -5808, -11597, -5941, -7859, -7844, -6890, -9481, -7222, -6962, -6169, -6597, -7507, -11936, -12038, 0} string = 0x400760 "" left = 0 is_long_double = 0 width = <optimized out> step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -12822, 0, 0, 0, -11852, -5808, -11597, -5941, -7859, 0, 0, 0, 0, -6962, 0, 0, 0, 0, 0, 0} alt = 0 showsign = 0 is_long = 0 is_char = 0 pad = <optimized out> step3b_jumps = {0 <repeats 11 times>, -12142, 0, 0, -11852, -5808, -11597, -5941, -7859, -7844, -6890, -9481, -7222, -6962, -6169, -6597, -7507, 0, 0, 0} step4_jumps = {0 <repeats 14 times>, -11852, -5808, -11597, -5941, -7859, -7844, -6890, -9481, -7222, -6962, -6169, -6597, -7507, 0, 0, 0} is_negative = <optimized out> base = 0 the_arg = {pa_wchar = 4619543 L'\x467d17', pa_int = 4619543, pa_long_int = 4619543, pa_long_long_int = 4619543, pa_u_int = 4619543, pa_u_long_int = 4619543, pa_u_long_long_int = 4619543, pa_double = 2.2823574957864096e-317, pa_long_double = 0, pa_string = 0x467d17 "ss affected.", pa_wstring = 0x467d17 L"\x61207373\x63656666\x2e646574\x52524500\x74616d7c\x657c6863\x65640064\x65737c7c\x7463656c\x45006465\x6d7c5252\x69737369\x7c676e\x7c736177\x65726577\x6f4e0a00\x74726120\x656c6369\x65727420\x6f742065\x73696420\x79616c70\xa000a2e\x74206f4e\x2e656572\x662a000a\x656c6961\x5b002a64\x205d6325\xa7325\x6a627553\x3a746365\x6e550020\x616c6162\x6465636e\x72617020\x736e65\x206f6f54\x796e616d\x72617020\x736e65\x5c206f4e\x6e69207c\x72617020\x736e65\x616d6e55\x65686374\x69722064\x20746867\x65726170\x6142006e\x20796c64\x6d726f66\x73206465\x63726165\x74732068\x676e6972\x73694d00\x676e6973\x4e005d20\x206c6c75\x72616573\x73206863\x6e697274\x61620067\x72622064\x73656361\x6142000a\x20796c64\x706d6f63\x64656c69\x74617020\x6e726574\n\x6f6f5400\x6e616d20\x6c612079\x6e726574\x76697461\x69207365\x6572206e\x78652067\x43d3a000", pa_pointer = 0x467d17, pa_user = 0x467d17} spec = <optimized out> _buffer = {__routine = 0x6e67b0, __arg = 0x7fff00000000, __canceltype = -1, __prev = 0x0} _avail = 0 thousands_sep = 0x0 grouping = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds> done = 12 f = <optimized out> lead_str_end = 0x46ba32 "%s: %s" work_buffer = "\220\327\377\377\377\177\000\000\001\000\000\000\000\000\000\000\260gn\000\000\000\000\000\374|F\000\000\000\000\000\001\000\000\000\000\000\000\000s\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\267\237F\000\000\000\000\000\242\204E", '\000' <repeats 13 times>, "\\<\034\367\377\177\000\000s\366\033\367'\326\377\377", '\000' <repeats 16 times>"\241, \204E", '\000' <repeats 21 times>, " \000\000\000\000\000\000\000\\<\034\367\377\177\000\000(\326\377\377\000\000\000\000\377\377\377\377\377\377\377\377\001\000\000\000\000\000\000\000\241\204E", '\000' <repeats 13 times>"\377, \377\377\377\n\000\000\000'\326\377\377\377\177", '\000' <repeats 34 times>, "'\326\377\377\377\177\000\000\000\000\000\000\000\000\000\000\372|F", '\000' <repeats 13 times>, "\\<\034\367\377\177\000\000d9,\367", '\000' <repeats 12 times>, "+\000\000\000\000\000\000\000+\000\000\000\000\000\000\000\343"... workstart = 0x0 workend = 0x7fffffffd4d8 " \237F" ap_save = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffd830, reg_save_area = 0x7fffffffd770}} nspecs_done = <optimized out> save_errno = 0 readonly_format = 0 args_malloced = 0x0 jump_table = "\001\000\000\004\000\016\000\006\000\000\a\002\000\003\t\000\005\b\b\b\b\b\b\b\b\b\000\000\000\000\000\000\000\032\000\031\000\023\023\023\000\035\000\000\f\000\000\000\000\000\000\025\000\000\000\000\022\000\r\000\000\000\000\000\000\032\000\024\017\023\023\023\n\017\034\000\v\030\027\021\026\f\000\025\033\020\000\000\022\000\r" __PRETTY_FUNCTION__ = "_IO_vfprintf_internal" #8 0x00007ffff72682bd in ___vsprintf_chk ( s=0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., flags=1, slen=1025, format=0x46ba32 "%s: %s", args=0x7fffffffd750) at vsprintf_chk.c:87 f = {_sbf = {_f = {_flags = -72515583, _IO_read_ptr = 0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., _IO_read_end = 0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., _IO_read_base = 0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., _IO_write_base = 0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., _IO_write_ptr = 0x6a7fa0 "", _IO_write_end = 0x6a7fa0 "", _IO_buf_base = 0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., _IO_buf_end = 0x6a7fa0 "", _IO_save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = 6963072, _flags2 = 4, _old_offset = 7468686, _cur_column = 0, _vtable_offset = 113 'q', _shortbuf = "", _lock = 0x0, _offset = 140737342602952, _codecvt = 0x6a7bca, _wide_data = 0x0, _freeres_list = 0x0, _freeres_buf = 0x6a3f80, _freeres_size = 7468683, _mode = -1, _unused2 = "\000\000\000\000\062\330C\000\000\000\000\000`\000\000\000\000\000\000"}, vtable = 0x7ffff74fda20}, _s = {_allocate_buffer = 0, _free_buffer = 0x6a7bd5 <buf+53>}} ret = 0 #9 0x00007ffff72681ff in ___sprintf_chk (s=0x4246 <Address 0x4246 out of bounds>, flags=16966, flags@entry=1, slen=6, slen@entry=1025, format=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, format@entry=0x46ba32 "%s: %s") at sprintf_chk.c:33 arg = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffffffd830, reg_save_area = 0x7fffffffd770}} done = 0 #10 0x0000000000407827 in sprintf (__fmt=0x46ba32 "%s: %s", __s=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34 No locals. #11 wanted (compex=compex@entry=0x6a3f80, artnum=619614, scope=scope@entry=2) at artsrch.c:400 ap = <optimized out> #12 0x000000000040810f in art_search ( patbuf=patbuf@entry=0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"..., patbufsiz=patbufsiz@entry=1025, get_cmd=get_cmd@entry=0) at artsrch.c:346 pattern = <optimized out> cmdchr = <optimized out> s = <optimized out> backward = <optimized out> compex = 0x6a3f80 cmdlst = 0x71f5d0 "+" ret = 4 saltaway = 0 howmuch = 2 srchhdr = 26 topstart = <optimized out> doread = 0 '\000' foldcase = 1 '\001' ignorethru = <optimized out> output_level = 0 '\000' srchfirst = 604261 #13 0x000000000041539b in do_kfile (kfp=0x6dc810, entering=entering@entry=1) at kfile.c:207 first_time = 0 '\000' last_kill_type = 47 '/' thread_kill_cnt = 0 thread_select_cnt = 0 cp = <optimized out> bp = 0x6a7ba0 "references: <87sjo6lpyw....@wasdale.golgonooza.co.uk> <xzidnunmndtawpbtnz2dnuvz8umdn...@brightview.co.uk> <aisdnwqv8imc-vbtnz2dnuvz8rudn...@brightview.co.uk> <rtadncT6lOvEP_HTnZ2dnUVZ8i2dnZ2d@brightvi"... #14 0x00000000004164b7 in kill_unwanted (starting=604261, message=message@entry=0x461d18 "Processing memorized commands...\n\n", entering=1) at kfile.c:369 intr = <optimized out> oldfirst = 604261 oldmode = 119 'w' anytokill = 1 '\001' #15 0x000000000041d511 in do_newsgroup (start_command=0x67e538 "") at ng.c:174 mode_save = 119 'w' gmode_save = 115 's' ret = <optimized out> whatnext = 0x461273 "%s%sWhat next? [%s]" ng_virtual = 0 '\000' #16 0x0000000000439036 in sel_dogroups () at rt-select.c:261 np = 0x6fab28 ret = <optimized out> save_selected_count = 0 #17 newsgroup_selector () at rt-select.c:419 np = <optimized out> save_sel_rereading = 0 '\000' save_selected_count = <optimized out> save_extra_commands = 0x436ea0 <newsgroup_commands> save_sel_mode = 4 save_sel_exclusive = 0 '\000' save_mode = 99 'c' save_gmode = 115 's' #18 0x00000000004447c6 in do_multirc () at trn.c:183 special = 0 '\000' mode_save = 99 'c' gmode_save = 115 's' #19 0x0000000000438d7a in multirc_selector () at rt-select.c:344 rp = <optimized out> save_sel_rereading = 0 '\000' save_selected_count = 0 save_extra_commands = 0x435a20 <multirc_commands> mp = 0x6b60c0 save_sel_mode = 6 save_sel_exclusive = 0 '\000' save_mode = 105 'i' save_gmode = 73 'I' #20 0x000000000040318d in main (argc=1, argv=0x7fffffffe0f8) at trn.c:126 foundany = 1 '\001' s = <optimized out> (gdb)
