Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 980446 - magic_file() on a text file throws segmentation fault
Summary: magic_file() on a text file throws segmentation fault
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: file
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Kaluža
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-02 11:49 UTC by Tomas Mlcoch
Modified: 2013-07-02 13:44 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-02 13:44:36 UTC


Attachments (Terms of Use)
Reproducer (deleted)
2013-07-02 11:49 UTC, Tomas Mlcoch
no flags Details

Description Tomas Mlcoch 2013-07-02 11:49:10 UTC
Created attachment 767695 [details]
Reproducer

Description of problem:
magic_file() on a text file throws segmentation fault

Version-Release number of selected component (if applicable):
Name        : file-devel
Arch        : i686
Version     : 5.14
Release     : 8.fc20

How reproducible:
Reproducer appended

Actual results:
Segfault

Output from valgrind:
==3270== Invalid read of size 4
==3270==    at 0x404D449: file_softmagic (in /usr/lib/libmagic.so.1.0.0)
==3270==    by 0x405498E: file_buffer (in /usr/lib/libmagic.so.1.0.0)
==3270==    by 0x4046A3E: ??? (in /usr/lib/libmagic.so.1.0.0)
==3270==    by 0x80487CF: main (in /home/tmlcoch/git/createrepo_c/file_error_reproducer)
==3270==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==3270== 
==3270== 
==3270== Process terminating with default action of signal 11 (SIGSEGV)
==3270==  Access not within mapped region at address 0xC
==3270==    at 0x404D449: file_softmagic (in /usr/lib/libmagic.so.1.0.0)
==3270==    by 0x405498E: file_buffer (in /usr/lib/libmagic.so.1.0.0)
==3270==    by 0x4046A3E: ??? (in /usr/lib/libmagic.so.1.0.0)
==3270==    by 0x80487CF: main (in /home/tmlcoch/git/createrepo_c/file_error_reproducer)
==3270==  If you believe this happened as a result of a stack
==3270==  overflow in your program's main thread (unlikely but
==3270==  possible), you can try to increase the size of the
==3270==  main thread stack using the --main-stacksize= flag.
==3270==  The main thread stack size used in this run was 8388608.

Note:
Only reproducible on rawhide (in F19 works fine).

Comment 1 Jan Kaluža 2013-07-02 13:44:36 UTC
Should be fixed in file-5.14-9.fc20


Note You need to log in before you can comment on or make changes to this bug.