Package: agrep Version: 4.17-9 Severity: important Tags: security patch The following crash can be reproduced (files can be downloaded with base URL https://digi.bib.uni-mannheim.de/periodika/reichsanzeiger/ocr/film/tesseract-4.0.0-alpha.20170703/):
$ agrep -2 -l -d '$$' 'Beilage zum Deutſchen' 001-1879/0006.txt 001-1879/0009.txt 001-1879/0012.txt 001-1879/0008.txt 001-1879/0005.txt 001-1879/0010.txt 001-1879/0003.txt 001-1879/0007.txt 001-1879/0011.txt 001-1879/0002.txt 001-1879/0001.txt 001-1879/0004.txt 001-7920/0335.txt 001-7920/0198.txt 001-7920/0428.txt 001-7920/0006.txt 001-7920/0456.txt 001-7920/0487.txt 001-7920/0406.txt 001-7920/0096.txt 001-7920/0265.txt 001-7920/0370.txt 001-7920/0464.txt 001-7920/0364.txt 001-7920/0055.txt 001-7920/0260.txt 001-7920/0185.txt 001-7920/0389.txt 001-7920/0359.txt 001-7920/0275.txt 001-7920/0372.txt 001-7920/0345.txt 001-7920/0131.txt 001-7920/0015.txt 001-7920/0351.txt 001-7920/0009.txt 001-7920/0491.txt 001-7920/0052.txt 001-7920/0022.txt 001-7920/0241.txt 001-7920/0081.txt 001-7920/0114.txt 001-1879/0009.txt 001-7920/0114.txt *** Error in `agrep': double free or corruption (!prev): 0x000055be126b8710 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f5c1c88cbcb] /lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7f5c1c892f96] /lib/x86_64-linux-gnu/libc.so.6(+0x777de)[0x7f5c1c8937de] agrep(+0x6de7)[0x55be12168de7] agrep(+0x13a59)[0x55be12175a59] agrep(+0xff82)[0x55be12171f82] agrep(+0x1171c)[0x55be1217371c] agrep(main+0x41)[0x55be12165db1] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f5c1c83c2b1] agrep(+0x3dfd)[0x55be12165dfd] ======= Memory map: ======== 55be12162000-55be1218a000 r-xp 00000000 08:02 147402 /usr/bin/agrep 55be1238a000-55be1238b000 r--p 00028000 08:02 147402 /usr/bin/agrep 55be1238b000-55be1238c000 rw-p 00029000 08:02 147402 /usr/bin/agrep 55be1238c000-55be1256a000 rw-p 00000000 00:00 0 55be126b7000-55be126d8000 rw-p 00000000 00:00 0 [heap] 7f5c18000000-7f5c18021000 rw-p 00000000 00:00 0 7f5c18021000-7f5c1c000000 ---p 00000000 00:00 0 7f5c1c605000-7f5c1c61b000 r-xp 00000000 08:02 131705 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7f5c1c61b000-7f5c1c81a000 ---p 00016000 08:02 131705 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7f5c1c81a000-7f5c1c81b000 r--p 00015000 08:02 131705 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7f5c1c81b000-7f5c1c81c000 rw-p 00016000 08:02 131705 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7f5c1c81c000-7f5c1c9b1000 r-xp 00000000 08:02 133277 /usr/lib/x86_64-linux-gnu/libc-2.24.so 7f5c1c9b1000-7f5c1cbb1000 ---p 00195000 08:02 133277 /usr/lib/x86_64-linux-gnu/libc-2.24.so 7f5c1cbb1000-7f5c1cbb5000 r--p 00195000 08:02 133277 /usr/lib/x86_64-linux-gnu/libc-2.24.so 7f5c1cbb5000-7f5c1cbb7000 rw-p 00199000 08:02 133277 /usr/lib/x86_64-linux-gnu/libc-2.24.so 7f5c1cbb7000-7f5c1cbbb000 rw-p 00000000 00:00 0 7f5c1cbbb000-7f5c1cbde000 r-xp 00000000 08:02 133162 /usr/lib/x86_64-linux-gnu/ld-2.24.so 7f5c1cc32000-7f5c1cdcd000 r--p 00000000 08:02 135927 /usr/lib/locale/locale-archive 7f5c1cdcd000-7f5c1cdcf000 rw-p 00000000 00:00 0 7f5c1cdda000-7f5c1cdde000 rw-p 00000000 00:00 0 7f5c1cdde000-7f5c1cddf000 r--p 00023000 08:02 133162 /usr/lib/x86_64-linux-gnu/ld-2.24.so 7f5c1cddf000-7f5c1cde0000 rw-p 00024000 08:02 133162 /usr/lib/x86_64-linux-gnu/ld-2.24.so 7f5c1cde0000-7f5c1cde1000 rw-p 00000000 00:00 0 7fffa0853000-7fffa0874000 rw-p 00000000 00:00 0 [stack] 7fffa0930000-7fffa0932000 r--p 00000000 00:00 0 [vvar] 7fffa0932000-7fffa0934000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted The code indeed is buggy, and using Valgrind I found this and also another memory related bug. Here are the bug fixes for a newer version of agrep: https://github.com/Wikinaut/agrep/pull/13 Similar changes can be applied to the Debian version: diff --git a/asearch.c b/asearch.c index 38ad3fb..d39907c 100644 --- a/asearch.c +++ b/asearch.c @@ -254,7 +254,6 @@ Nextchar1file: { if(FILENAMEONLY && (NEW_FILE || !POST_FILTER)) { num_of_matched++; - free_buf(text, buffer); if (agrep_finalfp != NULL) fprintf(agrep_finalfp, "%s", CurrentFileName); diff --git a/sgrep.c b/sgrep.c index aadbd23..77340b9 100644 --- a/sgrep.c +++ b/sgrep.c @@ -1079,7 +1079,9 @@ register CHARTYPE *text, *textend, *pat, *oldpat; CHARTYPE *lastout = text; int newlen; - Candidate[0][0] = Candidate[0][1] = 0; + Candidate[0][0] = 0; + Candidate[0][1] = 0; + Candidate[1][0] = 0; d1 = shift_1; cdx = 0; if(m < 3) r1 = m; -- System Information: Debian Release: 9.1 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/32 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages agrep depends on: ii libc6 2.24-11+deb9u1 agrep recommends no packages. agrep suggests no packages. -- no debconf information
