severity 716484 minor
tags 716484 + patch upstream
thanks
On Wed, Jul 10, 2013 at 04:08:58PM -0400, Alexandre Rebert wrote:
> xapian-chert-update crashes with exit status 139. We confirmed the crash by
> re-running it in a fresh debian unstable installation.
>
> The attachment [1] contains a testcase (under ./crash) crashing the
> program. It ensures that you can easily reproduce the bug. Additionally,
> under ./crash_info/, we include more information about the crash such as
> a core dump, the dmesg generated by the crash, and its output.
A much simpler reproducer is just:
xapian-chert-update -b
Basically the handling for -b is entirely broken, because we don't tell
getopt that it must take an argument. Patch attached which fixes this
for me, which I'll commit upstream shortly.
This is a tool to upgrade from databases built with 1.1.x develop
releases, so I don't see anyone running it with untrusted command
line arguments, so I don't believe there's a security risk to this.
And given nobody's reported this issue from actually trying to use
xapian-chert-update -b, I think this deserves minor severity, and I'll
just fix this when I next make an upload. Anyone who was using 1.1.x is
likely to have updated their old databases long ago anyway.
It can be worked around by not using -b here, and then using
xapian-compact to change the blocksize if you don't like the default.
That'll roughly double the conversion time, but it's a one-off
operation.
Cheers,
Olly
Index: bin/xapian-chert-update.cc
===================================================================
--- bin/xapian-chert-update.cc (revision 17307)
+++ bin/xapian-chert-update.cc (working copy)
@@ -331,7 +331,7 @@
int
main(int argc, char **argv)
{
- const char * opts = "b";
+ const char * opts = "b:";
const struct option long_opts[] = {
{"help", no_argument, 0, OPT_HELP},
{"version", no_argument, 0, OPT_VERSION},
