Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 7145 - bc severely mishandles large input strings
Summary: bc severely mishandles large input strings
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bc
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-11-19 16:10 UTC by James Manning
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-04-06 22:39:44 UTC


Attachments (Terms of Use)

Description James Manning 1999-11-19 16:10:03 UTC
Stock RH 6.1 (bc-1.05a-4)

Input strings below 127 characters in length work fine.

 - input strings between 127 and 254 characters, bc will segfault,
 - 255 characters it simply exits (no segfault, no answer)
 - 256 characters it gives no answer, but doesn't exit
 - 257 characters appears to spit out the first number in the string

(etc... it keeps getting weirder and weirder)

Here's me while trying to use it to add filesizes

[root@rtsa1 /root]# bc -lq
889494851+350818049+309390809+309421324+310826169+309039148+219752448+334228158+334399608+335729894+334104941+237438011+2323663
Segmentation fault (core dumped)
[root@rtsa1 /root]# bc -q
889494851+350818049+309390809+309421324+310826169+309039148+219752448+334228158+334399608+335729894+334104941+237438011+2323663
Segmentation fault (core dumped)
[root@rtsa1 /root]#

(gdb) bt
#0  0x400d7a93 in strncpy (s1=0x8056db9
"889494851+350818049+309390809+309421324+310826169+309039148+219752448+334228158+334399608+335729894+334104941+237438011+2323663",
    s2=0x8061ca0 "", n=4294967168) at ../sysdeps/generic/strncpy.c:82
#1  0x804a55a in strcpy () at ../sysdeps/generic/strcpy.c:30
#2  0x804ae39 in strcpy () at ../sysdeps/generic/strcpy.c:30
#3  0x804ac45 in strcpy () at ../sysdeps/generic/strcpy.c:30
#4  0x8049455 in strcpy () at ../sysdeps/generic/strcpy.c:30
#5  0x8049107 in strcpy () at ../sysdeps/generic/strcpy.c:30
#6  0x400921eb in __libc_start_main (main=0x8048f50 <strcpy+504>, argc=2,
argv=0xbffffd54, init=0x8048ab8 <_init>, fini=0x805060c <_fini>,
rtld_fini=0x4000a610 <_dl_fini>,
    stack_end=0xbffffd4c) at ../sysdeps/generic/libc-start.c:90
(gdb)

Program terminated with signal 11, Segmentation fault.

making > 256 chars invalid (and man page'ing that) would be fine, but
127-254 should really be valid lengths :)

Comment 1 Chih-Chung Chang 2000-03-31 18:38:59 UTC
here is the fix:

--- scan.c~     Tue Apr 22 05:57:52 1997
+++ scan.c      Sat Apr  1 02:39:17 2000
@@ -228,7 +228,7 @@
 /* Variables to help interface readline with bc. */
 static char *rl_line = (char *)NULL;
 static char *rl_start = (char *)NULL;
-static char  rl_len = 0;
+static int  rl_len = 0;

 /* Definitions for readline access. */
 extern FILE *rl_instream;
--- scan.l~     Tue Apr 22 05:57:00 1997
+++ scan.l      Sat Apr  1 02:39:00 2000
@@ -60,7 +60,7 @@
 /* Variables to help interface readline with bc. */
 static char *rl_line = (char *)NULL;
 static char *rl_start = (char *)NULL;
-static char  rl_len = 0;
+static int  rl_len = 0;

 /* Definitions for readline access. */
 extern FILE *rl_instream;

Comment 2 Trond Eivind Glomsrxd 2000-04-06 22:39:59 UTC
A fixed RPM should be available in the next Raw Hide - thanks for the patch.


Note You need to log in before you can comment on or make changes to this bug.