Tested in Systester 1.5.1 running on Ubuntu 13.04 (64-bit). 32-bit may be affected as well.
Steps to produce: 1. Build the CLI version of systester (or try an official binary like this: https://sourceforge.net/projects/systester/files/systester/1.5.0/systester-1.5.1-linux-amd64.tar.gz/download) 2. Run this: "./systester-cli -qcborwein" 3. Run this: "./systester-cli -gausslg" 4. Run this: "./systester-cli -threads" 5. Run this: "./systester-cli -turns" 6. Run this: "./systester-cli -qcborwein -test"
Actual result: Step 2-5 shows "Segmentation fault (core dumped)", while Step 6 displays the help text.
Expected result: All steps from 2 to 6 should display the help text.
Note: I have a patch for this. It checks the argc before accessing the next element in argv array in order to prevent out-of-bound access, https://dl.dropboxusercontent.com/u/70170658/misc/systester-cli-args-bounds.patch
Repost a valid link for the patch because the link on first post no longer works (due to Dropbox system change) https://www.dropbox.com/s/0x83b08tngi8ppf/systester-cli-args-bounds.patch?dl=0
diff -r -u a/cli/systester-cli.c b/cli/systester-cli.c --- a/cli/systester-cli.c 2012-07-09 04:41:47.000000000 +0800 +++ b/cli/systester-cli.c 2013-07-20 10:12:01.368310441 +0800 @@ -206,7 +206,11 @@ { algo = 0; arg++; - loops = determine_loops (argv[arg], algo); + if (arg < argc) + loops = determine_loops (argv[arg], algo); + else + loops = -1; + if (loops == -1) { help (); @@ -217,7 +221,11 @@ { algo = 1; arg++; - loops = determine_loops (argv[arg], algo); + if (arg < argc) + loops = determine_loops (argv[arg], algo); + else + loops = -1; + if (loops == -1) { help (); @@ -227,7 +235,10 @@ else if (strcmp (argv[arg], "-threads") == 0) { arg++; - threads = atoi (argv[arg]); + if (arg < argc) + threads = atoi (argv[arg]); + else + threads = 0; if (threads < 1) { @@ -242,7 +253,11 @@ else if (strcmp (argv[arg], "-turns") == 0) { arg++; - executions = atoi (argv[arg]); + if (arg < argc) + executions = atoi (argv[arg]); + else + executions = 1; + if (executions < 1) executions = 1; }
Log in to post a comment.
Tested in Systester 1.5.1 running on Ubuntu 13.04 (64-bit).
32-bit may be affected as well.
Steps to produce:
1. Build the CLI version of systester (or try an official binary like this: https://sourceforge.net/projects/systester/files/systester/1.5.0/systester-1.5.1-linux-amd64.tar.gz/download)
2. Run this: "./systester-cli -qcborwein"
3. Run this: "./systester-cli -gausslg"
4. Run this: "./systester-cli -threads"
5. Run this: "./systester-cli -turns"
6. Run this: "./systester-cli -qcborwein -test"
Actual result:
Step 2-5 shows "Segmentation fault (core dumped)", while Step 6 displays the help text.
Expected result:
All steps from 2 to 6 should display the help text.
Note:
I have a patch for this. It checks the argc before accessing the next element in argv array in order to prevent out-of-bound access,
https://dl.dropboxusercontent.com/u/70170658/misc/systester-cli-args-bounds.patch
Repost a valid link for the patch because the link on first post no longer works (due to Dropbox system change)
https://www.dropbox.com/s/0x83b08tngi8ppf/systester-cli-args-bounds.patch?dl=0