Debian Bug report logs - #525820
/usr/bin/file: Crashes when run on an msi file

version graph

Package: file; Maintainer for file is Christoph Biedl <debian.axhn@manchmal.in-ulm.de>; Source for file is src:file.

Reported by: Sam Morris <sam@robots.org.uk>

Date: Mon, 27 Apr 2009 10:12:02 UTC

Severity: normal

Tags: security

Found in version file/5.00-1

Fixed in version 5.03-1

Done: Moritz Muehlenhoff <jmm@inutil.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#525820; Package file. (Mon, 27 Apr 2009 10:12:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Morris <sam@robots.org.uk>:
New Bug report received and forwarded. Copy sent to Daniel Baumann <daniel@debian.org>. (Mon, 27 Apr 2009 10:12:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sam Morris <sam@robots.org.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /usr/bin/file: Crashes when run on an msi file
Date: Mon, 27 Apr 2009 11:01:46 +0100
Package: file
Version: 5.00-1
Severity: normal
File: /usr/bin/file

When run on the file downloaded from <http://www.python.org/ftp/python/2.6.2/python-2.6.2.msi>:

*** glibc detected *** file: munmap_chunk(): invalid pointer: 0x0000000001fb6000 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f266d1161b8]
/usr/lib/libmagic.so.1(cdf_read_sat+0x1d8)[0x7f266d622668]
/usr/lib/libmagic.so.1(file_trycdf+0xa9)[0x7f266d622b69]
/usr/lib/libmagic.so.1(file_buffer+0x1e1)[0x7f266d620071]
/usr/lib/libmagic.so.1[0x7f266d612426]
file[0x4012ba]
file[0x401c36]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f266d0c25a6]
file[0x400fe9]
======= Memory map: ========
00400000-00404000 r-xp 00000000 fe:00 575573                             /usr/bin/file
00603000-00604000 rw-p 00003000 fe:00 575573                             /usr/bin/file
01f8f000-01fe1000 rw-p 01f8f000 00:00 0                                  [heap]
7f266ca90000-7f266caa6000 r-xp 00000000 fe:00 851980                     /lib/libgcc_s.so.1
7f266caa6000-7f266cca6000 ---p 00016000 fe:00 851980                     /lib/libgcc_s.so.1
7f266cca6000-7f266cca7000 rw-p 00016000 fe:00 851980                     /lib/libgcc_s.so.1
7f266ccce000-7f266cd8f000 rw-p 7f266ccce000 00:00 0 
7f266cd8f000-7f266d0a4000 r--p 00000000 fe:00 598334                     /usr/lib/locale/locale-archive
7f266d0a4000-7f266d1ed000 r-xp 00000000 fe:00 442698                     /lib/libc-2.9.so
7f266d1ed000-7f266d3ed000 ---p 00149000 fe:00 442698                     /lib/libc-2.9.so
7f266d3ed000-7f266d3f1000 r--p 00149000 fe:00 442698                     /lib/libc-2.9.so
7f266d3f1000-7f266d3f2000 rw-p 0014d000 fe:00 442698                     /lib/libc-2.9.so
7f266d3f2000-7f266d3f7000 rw-p 7f266d3f2000 00:00 0 
7f266d3f7000-7f266d40e000 r-xp 00000000 fe:00 578919                     /usr/lib/libz.so.1.2.3.3
7f266d40e000-7f266d60d000 ---p 00017000 fe:00 578919                     /usr/lib/libz.so.1.2.3.3
7f266d60d000-7f266d60e000 rw-p 00016000 fe:00 578919                     /usr/lib/libz.so.1.2.3.3
7f266d60e000-7f266d628000 r-xp 00000000 fe:00 577281                     /usr/lib/libmagic.so.1.0.0
7f266d628000-7f266d828000 ---p 0001a000 fe:00 577281                     /usr/lib/libmagic.so.1.0.0
7f266d828000-7f266d829000 rw-p 0001a000 fe:00 577281                     /usr/lib/libmagic.so.1.0.0
7f266d829000-7f266d846000 r-xp 00000000 fe:00 442693                     /lib/ld-2.9.so
7f266d86a000-7f266da19000 rw-p 00000000 fe:00 607557                     /usr/share/file/magic.mgc
7f266da19000-7f266da1b000 rw-p 7f266da19000 00:00 0 
7f266da3a000-7f266da3b000 rw-p 7f266da3a000 00:00 0 
7f266da3b000-7f266da42000 r--s 00000000 fe:00 577052                     /usr/lib/gconv/gconv-modules.cache
7f266da42000-7f266da45000 rw-p 7f266da42000 00:00 0 
7f266da45000-7f266da46000 r--p 0001c000 fe:00 442693                     /lib/ld-2.9.so
7f266da46000-7f266da47000 rw-p 0001d000 fe:00 442693                     /lib/ld-2.9.so
7fff75a32000-7fff75a47000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff75bff000-7fff75c00000 r-xp 7fff75bff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
python-2.6.2.msi: Aborted

Backtrace from gdb:

#0  0x00007fdb54a7e105 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
	pid = <value optimized out>
	selftid = <value optimized out>
#1  0x00007fdb54a7f623 in *__GI_abort () at abort.c:88
	act = {__sigaction_handler = {sa_handler = 0x7fff5d3f04c0, 
    sa_sigaction = 0x7fff5d3f04c0}, sa_mask = {__val = {140734757799248, 
      30064771072, 140734757799312, 140734757815582, 32, 140579995809791, 3, 
      140734757799306, 6, 140579995809795, 2, 140734757799294, 2, 
      140579995804634, 1, 140579995809791}}, sa_flags = 3, 
  sa_restorer = 0x7fff5d3f0584}
	sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007fdb54ab8b18 in __libc_message (do_abort=2, 
    fmt=0x7fdb54b68f88 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
	ap = {{gp_offset = 40, fp_offset = 48, 
    overflow_arg_area = 0x7fff5d3f0ee0, reg_save_area = 0x7fff5d3f0df0}}
	ap_copy = {{gp_offset = 16, fp_offset = 48, 
    overflow_arg_area = 0x7fff5d3f0ee0, reg_save_area = 0x7fff5d3f0df0}}
	fd = 7
	on_2 = <value optimized out>
	list = <value optimized out>
	nlist = <value optimized out>
	cp = <value optimized out>
	written = 6
#3  0x00007fdb54abe1b8 in malloc_printerr (action=2, 
    str=0x7fdb54b68fb8 "munmap_chunk(): invalid pointer", 
    ptr=<value optimized out>) at malloc.c:5994
	buf = "0000000000ace000"
	cp = <value optimized out>
#4  0x00007fdb54fcd700 in cdf_read_sat ()
   from /tmp/file-5.00/src/.libs/libmagic.so.1
No locals.
#5  0x00007fdb54fd0182 in file_trycdf ()
   from /tmp/file-5.00/src/.libs/libmagic.so.1
No locals.
#6  0x00007fdb54fcbd83 in file_buffer ()
   from /tmp/file-5.00/src/.libs/libmagic.so.1
No locals.
#7  0x00007fdb54fba8ad in file_or_fd ()
   from /tmp/file-5.00/src/.libs/libmagic.so.1
No locals.
#8  0x00007fdb54fba5c9 in magic_file ()
   from /tmp/file-5.00/src/.libs/libmagic.so.1
No locals.
#9  0x0000000000401b08 in process ()
No locals.
#10 0x0000000000401784 in main ()
No locals.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages file depends on:
ii  libc6                  2.9-4             GNU C Library: Shared libraries
ii  libmagic1              5.00-1            File type determination library us
ii  zlib1g                 1:1.2.3.3.dfsg-13 compression library - runtime

file recommends no packages.

file suggests no packages.

-- no debconf information




Tags added: security Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. (Mon, 27 Apr 2009 10:18:02 GMT) Full text and rfc822 format available.

Reply sent to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility. (Thu, 18 Jun 2009 20:57:12 GMT) Full text and rfc822 format available.

Notification sent to Sam Morris <sam@robots.org.uk>:
Bug acknowledged by developer. (Thu, 18 Jun 2009 20:57:12 GMT) Full text and rfc822 format available.

Message #12 received at 525820-done@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Sam Morris <sam@robots.org.uk>
Cc: 525820-done@bugs.debian.org
Subject: Re: /usr/bin/file: Crashes when run on an msi file
Date: Thu, 18 Jun 2009 22:49:00 +0200
Version: 5.03-1

On Mon, Apr 27, 2009 at 11:01:46AM +0100, Sam Morris wrote:
> Package: file
> Version: 5.00-1
> Severity: normal
> File: /usr/bin/file
> 
> When run on the file downloaded from <http://www.python.org/ftp/python/2.6.2/python-2.6.2.msi>:

This has been fixed in 5.03. Lenny and Etch aren't affected.

Cheers,
        Moritz




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 17 Jul 2009 07:27:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 16:19:36 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.