Skip Menu |
 

This queue is for tickets about the Text-BibTeX CPAN distribution.

Report information
The Basics
Id: 80458
Status: open
Priority: 0/
Queue: Text-BibTeX

People
Owner: Nobody in particular
Requestors: bremner [...] debian.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: DDB [...] cpan.org
Subject: libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl
Content-Length: 178
Download (untitled) / with headers
text/plain 178b
This bug has been forwarded from http://bugs.debian.org/691715 I verified that the same thing happens with Text-BibTeX 0.65 Thanks in advance, David Bremner, Debian Perl Group
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Type: multipart/mixed; boundary="----------=_1351472363-17035-2"
Message-ID: <rt-3.8.HEAD-17035-1351472363-1702.80458-0-0 [...] rt.cpan.org>
X-RT-Original-Encoding: utf-8
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 953
Download (untitled) / with headers
text/plain 953b
Here are the files. When I run the script btcheck on the attached bib file, it crashes perl 5.14 with the following backtrace /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f9f39cc5f37] /lib/x86_64-linux-gnu/libc.so.6(+0xebdf0)[0x7f9f39cc4df0] /lib/x86_64-linux-gnu/libc.so.6(+0xead37)[0x7f9f39cc3d37] /usr/lib/libbtparse.so.1(zzFAIL+0xe4)[0x7f9f38eabdc4] /usr/lib/libbtparse.so.1(body+0xdf)[0x7f9f38eab56f] /usr/lib/libbtparse.so.1(entry+0x1ea)[0x7f9f38eab98a] /usr/lib/libbtparse.so.1(bt_parse_entry+0x100)[0x7f9f38ea9d40] /usr/lib/perl5/auto/Text/BibTeX/BibTeX.so(XS_Text__BibTeX__Entry__parse+0x 135)[0x7f9f390c1a45] /usr/lib/libperl.so.5.14(Perl_pp_entersub+0x58c)[0x7f9f3a6ba3cc] /usr/lib/libperl.so.5.14(Perl_runops_standard+0x16)[0x7f9f3a6b19a6] /usr/lib/libperl.so.5.14(perl_run+0x3a5)[0x7f9f3a6535b5] /usr/bin/perl(main+0x149)[0x400f89] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f9f39bf7ead] /usr/bin/perl[0x400fc1]
Subject: crash.bib
MIME-Version: 1.0
Content-Type: text/x-bibtex; name="crash.bib"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline; filename="crash.bib"
Content-Transfer-Encoding: binary
Content-Length: 2310
Download crash.bib
text/x-bibtex 2.2k
@PREAMBLE{ {\providecommand{\noopsort}[1]{}} } @comment{ suppcollection{Eymeric_b, xref={Kors}, sortkey="Kors_E", author={{\ \ \ \ \ \ Nicholau Eymeric}}, title="Directorum inquisitorum", pages="60-64", keywords={primary}, } @incollection{1437, crossref={Kors}, author="Ponce Feugeyron", title="Errores Gazariorum, 1437", subtitle={}, pages="159-162", options={skipbib=true}, } @suppcollection{1437_b, xref={Kors}, sortkey="Kors_F", booktitle={}, author={{\ \ \ \ \ \ Feugeyron, Ponce.}}, title="Errores Gazariorum, 1437", pages="159-162", keywords={primary}, } @incollection{1628, crossref={Kors}, author="Johannes Junius", title="Letter to Veronica (24 July 1628)", shorttitle="Bamberg", subtitle={}, pages="351-353", options={skipbib=true}, } @suppcollection{1628_b, xref={Kors}, sortkey="Kors_F", author={{\ \ \ \ \ \ Junius, Johannes.}}, title="Letter to Veronica (24 July 1628)", pages="351-353", keywords={primary}, } @collection{Kors, sortkey="Kors_A", title="Witchcraft in Europe 400-1700", shortbooktitle="Witchcraft...", subtitle="A Documentary History", booktitle="Witchcraft in Europe 400-1700", booksubtitle="A Documentary History", edition="2", editor="Alan Charles Kors and Edward Peters", year="2001", publisher="University of Pennsylvania Press", keywords={primary}, } @online{HermannLoeher, author="Hermann Löher", title="Hochnötige Unterhanige Wemütige Klage der Frommen Unschültigen", year="1676", address="Amsterdam", editor="Thomas P. Becker and Theresia Becker", url="http://extern.historicum.net/loeher/", urldate="2011-06-22", keywords={primary,critic}, annote="Hermann Löher (1595-1678) was a judge (Schöffen) during the 1631 witch-trials in Rheinbach in the diocese of Trier. He became uneasy about procedures during the 3rd trial, but was convinced during the 4th that Kommisar Buirmann was manipulating the outcomes for political ends. After recognizing that as a dissenting judge, he would be denounced himself, he fled to Amsterdam with his family on 3 August 1636. He spent the remainder of his life collecting evidence against witch hunting. This memoir was written at age 80.", }
MIME-Version: 1.0
Subject: btcheck
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Type: application/octet-stream; name="btcheck"
Content-Disposition: inline; filename="btcheck"
Content-Transfer-Encoding: base64
Content-Length: 862
Download btcheck
application/octet-stream 862b

Message body not shown because it is not plain text.

MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-17035-1351472363-1702.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <rt-3.8.HEAD-17035-1351472363-1702.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-15662-1351510658-847.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1100
Hello Thank you for the report. I'll give it a look. Cheers ambs On Sun Oct 28 20:59:23 2012, DDB wrote: Show quoted text
> Here are the files. When I run the script btcheck on the attached bib > file, it crashes perl 5.14 with the following backtrace > > /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f9f39cc5f37] > /lib/x86_64-linux-gnu/libc.so.6(+0xebdf0)[0x7f9f39cc4df0] > /lib/x86_64-linux-gnu/libc.so.6(+0xead37)[0x7f9f39cc3d37] > /usr/lib/libbtparse.so.1(zzFAIL+0xe4)[0x7f9f38eabdc4] > /usr/lib/libbtparse.so.1(body+0xdf)[0x7f9f38eab56f] > /usr/lib/libbtparse.so.1(entry+0x1ea)[0x7f9f38eab98a] > /usr/lib/libbtparse.so.1(bt_parse_entry+0x100)[0x7f9f38ea9d40] > /usr/lib/perl5/auto/Text/BibTeX/BibTeX.so(XS_Text__BibTeX__Entry__parse+0x > 135)[0x7f9f390c1a45] > /usr/lib/libperl.so.5.14(Perl_pp_entersub+0x58c)[0x7f9f3a6ba3cc] > /usr/lib/libperl.so.5.14(Perl_runops_standard+0x16)[0x7f9f3a6b19a6] > /usr/lib/libperl.so.5.14(perl_run+0x3a5)[0x7f9f3a6535b5] > /usr/bin/perl(main+0x149)[0x400f89] > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f9f39bf7ead] > /usr/bin/perl[0x400fc1]
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18056-1351513953-1724.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 46
Hello, Fixed on 0.66. I think :) Cheers ambs
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-32367-1351553267-1021.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 332
Download (untitled) / with headers
text/plain 332b
Thanks for looking at this. When I discovered the Debian package compiled version of 0.66 still crashed, I went back and checked, and the previous versions of Text-BibTeX seem to only have the problem with the Debian package as well. So it looks like I bothered you over something that is probably my fault. Sorry about that. David
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-32367-1351553267-1021.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <rt-3.8.HEAD-32367-1351553267-1021.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-28869-1351553529-1349.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 582
Download (untitled) / with headers
text/plain 582b
On Mon Oct 29 19:27:47 2012, DDB wrote: Show quoted text
> Thanks for looking at this. When I discovered the Debian package > compiled version of 0.66 still crashed, I went back and checked, and the > previous versions of Text-BibTeX seem to only have the problem with the > Debian package as well. So it looks like I bothered you over something > that is probably my fault. Sorry about that.
Hello that is weird. with bibparse the example you provided made the binary fail. Now it no longer fails. but probably it fails somewhere else. can you give me more details how you are testing it? thanks
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-12528-1351553569-1462.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 154
Download (untitled) / with headers
text/plain 154b
It could also be that the bug is only detected in the Debian version because of the hardening options. Until I know more, I'll leave the ticket resolved.
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-12528-1351553569-1462.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <rt-3.8.HEAD-12528-1351553569-1462.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-17035-1351556797-417.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: 691715 [...] bugs.debian.org
Content-Length: 581
Download (untitled) / with headers
text/plain 581b
Using bibparse is nice, it eliminates some complications. OK, here is my current test, on the bib file above. install debian compile 0.66 into /usr Install 0.66 from source into /usr/local. run bibparse, no crash. mv /usr/local/lib/libbtparse.so out of the way, so ldd /usr/local/bin/bibparse reports libbtparse.so => /usr/lib/libbtparse.so i.e. linked to the debian version. Now bibparse crashes on that file again with a buffer overflow, after printing @preamble \providecommand{\noopsort}[1]{} crash.bib, line 5, warning: possible runaway string started at line 3
From debbugs [...] buxtehude.debian.org Mon Oct 29 20: 51:15 2012
X-Debian-PR-Source: libtext-bibtex-perl
MIME-Version: 1.0
X-Spam-Status: No, score=-6.261 tagged_above=-99.9 required=10 tests=[AWL=0.639, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
X-Mailer: MIME-tools 5.428 (Entity 5.428)
Content-Disposition: inline
X-Spam-Flag: NO
References: <rt-3.8.HEAD-17035-1351556798-1969.80458-7-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Content-Type: text/plain; charset=utf-8
Message-ID: <handler.691715.B691715.135155801821850.ackinfo [...] bugs.debian.org>
Reply-To: 691715 [...] bugs.debian.org
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.261
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 11E422408F3 for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Mon, 29 Oct 2012 20:51:15 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E63hG3bSanHS for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Mon, 29 Oct 2012 20:51:12 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 736342408E8 for <bug-Text-BibTeX [...] rt.cpan.org>; Mon, 29 Oct 2012 20:51:12 -0400 (EDT)
Received: (qmail 27305 invoked by uid 103); 30 Oct 2012 00:51:11 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Oct 2012 00:51:11 -0000
Received: from buxtehude.debian.org (HELO buxtehude.debian.org) (140.211.166.26) by 16.mx.develooper.com (qpsmtpd/0.84/v0.84-167-g4ed6cab) with ESMTP; Mon, 29 Oct 2012 17:51:05 -0700
Received: from debbugs by buxtehude.debian.org with local (Exim 4.72) (envelope-from <debbugs [...] buxtehude.debian.org>) id 1TT02p-00061O-1I for bug-Text-BibTeX [...] rt.cpan.org; Tue, 30 Oct 2012 00:51:03 +0000
Delivered-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
Subject: Bug#691715: Info received ([rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl)
Return-Path: <debbugs [...] buxtehude.debian.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-bibtex
X-Debian-PR-Message: ack-info 691715
X-Debian-PR-Package: libtext-bibtex-perl
Date: Tue, 30 Oct 2012 00:51:03 +0000
Sender: Debian BTS <debbugs [...] buxtehude.debian.org>
X-Spam-Level:
X-Loop: owner [...] bugs.debian.org
To: bug-Text-BibTeX [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
RT-Message-ID: <rt-3.8.HEAD-8366-1351558276-1271.80458-0-0 [...] rt.cpan.org>
Content-Length: 799
Download (untitled) / with headers
text/plain 799b
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 691715@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 691715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691715 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-17035-1351556797-417.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <rt-3.8.HEAD-12528-1351553569-1462.80458-0-0 [...] rt.cpan.org> <rt-3.8.HEAD-17035-1351556797-417.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-32367-1351558792-792.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: 691715 [...] bugs.debian.org
Content-Length: 714
Download (untitled) / with headers
text/plain 714b
I was able to duplicate the crash with the upstream version by adding the definition _FORTIFY_SOURCE=2 or _FORTIFY_SOURCE=1 --- a/inc/MyBuilder.pm +++ b/inc/MyBuilder.pm @@ -168,6 +168,7 @@ sub ACTION_create_objects { $object =~ s/\.c/.o/; next if $self->up_to_date($file, $object); $cbuilder->compile(object_file => $object, + extra_compiler_flags=>["-D_FORTIFY_SOURCE=2"], source => $file, include_dirs => ["btparse/src"]); } FORTIFY_SOURCE attempts to catch some buffer overflows; the best reference I could find at the moment is http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
From debbugs [...] buxtehude.debian.org Mon Oct 29 21: 03:11 2012
X-Debian-PR-Source: libtext-bibtex-perl
MIME-Version: 1.0
X-Spam-Status: No, score=-6.294 tagged_above=-99.9 required=10 tests=[AWL=0.606, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
X-Mailer: MIME-tools 5.428 (Entity 5.428)
Content-Disposition: inline
X-Spam-Flag: NO
References: <rt-3.8.HEAD-32367-1351558793-1888.80458-7-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Content-Type: text/plain; charset=utf-8
Message-ID: <handler.691715.B691715.135155879926420.ackinfo [...] bugs.debian.org>
Reply-To: 691715 [...] bugs.debian.org
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.294
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id EB3022408E8 for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Mon, 29 Oct 2012 21:03:10 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHJzbOcQuvlk for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Mon, 29 Oct 2012 21:03:09 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 7755A2401C4 for <bug-Text-BibTeX [...] rt.cpan.org>; Mon, 29 Oct 2012 21:03:09 -0400 (EDT)
Received: (qmail 27917 invoked by uid 103); 30 Oct 2012 01:03:08 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Oct 2012 01:03:08 -0000
Received: from buxtehude.debian.org (HELO buxtehude.debian.org) (140.211.166.26) by 16.mx.develooper.com (qpsmtpd/0.84/v0.84-167-g4ed6cab) with ESMTP; Mon, 29 Oct 2012 18:03:06 -0700
Received: from debbugs by buxtehude.debian.org with local (Exim 4.72) (envelope-from <debbugs [...] buxtehude.debian.org>) id 1TT0ER-0007Ht-Nr for bug-Text-BibTeX [...] rt.cpan.org; Tue, 30 Oct 2012 01:03:03 +0000
Delivered-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
Subject: Bug#691715: Info received ([rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl)
Return-Path: <debbugs [...] buxtehude.debian.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-bibtex
X-Debian-PR-Message: ack-info 691715
X-Debian-PR-Package: libtext-bibtex-perl
Date: Tue, 30 Oct 2012 01:03:03 +0000
Sender: Debian BTS <debbugs [...] buxtehude.debian.org>
X-Spam-Level:
X-Loop: owner [...] bugs.debian.org
To: bug-Text-BibTeX [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
RT-Message-ID: <rt-3.8.HEAD-32367-1351558991-1641.80458-0-0 [...] rt.cpan.org>
Content-Length: 799
Download (untitled) / with headers
text/plain 799b
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 691715@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 691715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691715 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-32367-1351558792-792.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <rt-3.8.HEAD-12528-1351553569-1462.80458-0-0 [...] rt.cpan.org> <rt-3.8.HEAD-17035-1351556797-417.80458-0-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351558792-792.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-32367-1351610689-904.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 978
Download (untitled) / with headers
text/plain 978b
Hello. Where does it come the original btparse library installed in /usr/lib? And, is there any software shipped in debian that depends on it? (and what software?) Thank you ambs On Mon Oct 29 20:59:52 2012, DDB wrote: Show quoted text
> > I was able to duplicate the crash with the upstream version by adding > the definition _FORTIFY_SOURCE=2 or _FORTIFY_SOURCE=1 > > --- a/inc/MyBuilder.pm > +++ b/inc/MyBuilder.pm > @@ -168,6 +168,7 @@ sub ACTION_create_objects { > $object =~ s/\.c/.o/; > next if $self->up_to_date($file, $object); > $cbuilder->compile(object_file => $object, > + extra_compiler_flags=>["-D_FORTIFY_SOURCE=2"], > source => $file, > include_dirs => ["btparse/src"]); > } > > FORTIFY_SOURCE attempts to catch some buffer overflows; the best > reference I could find at the moment is > > http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
From bremner [...] unb.ca Tue Oct 30 12: 35:13 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.901 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-32367-1351610690-1811.80458-6-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-80458 [...] rt.cpan.org> <rt-3.8.HEAD-12528-1351553569-1462.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-17035-1351556797-417.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351558792-792.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351610690-1811.80458-6-0 [...] rt.cpan.org>
X-Spam_bar: -
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <877gq7x6jl.fsf [...] convex-new.cs.unb.ca>
Content-Type: text/plain; charset=utf-8
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.901
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 0F528240923 for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Tue, 30 Oct 2012 12:35:13 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KpxMtIJDbRsN for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Tue, 30 Oct 2012 12:35:08 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id D28CB240913 for <bug-Text-BibTeX [...] rt.cpan.org>; Tue, 30 Oct 2012 12:35:07 -0400 (EDT)
Received: (qmail 14141 invoked by uid 103); 30 Oct 2012 16:35:06 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Oct 2012 16:35:06 -0000
Received: from tesseract.cs.unb.ca (HELO tesseract.cs.unb.ca) (131.202.240.238) by 16.mx.develooper.com (qpsmtpd/0.84/v0.84-167-g4ed6cab) with ESMTP; Tue, 30 Oct 2012 09:34:59 -0700
Received: from convex-new.cs.unb.ca ([131.202.245.35]) by tesseract.cs.unb.ca with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <bremner [...] unb.ca>) id 1TTEm3-0006Ic-Th; Tue, 30 Oct 2012 13:34:48 -0300
Received: from bremner by convex-new.cs.unb.ca with local (Exim 4.80) (envelope-from <bremner [...] unb.ca>) id 1TTEly-000491-Ex; Tue, 30 Oct 2012 13:34:38 -0300
Delivered-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl
User-Agent: Notmuch/0.14+37~gf227d63 (http://notmuchmail.org) Emacs/24.2.1 (x86_64-pc-linux-gnu)
Return-Path: <bremner [...] unb.ca>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-bibtex
Date: Tue, 30 Oct 2012 13:34:38 -0300
X-Spam-Level:
To: bug-Text-BibTeX [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: David Bremner <bremner [...] debian.org>
RT-Message-ID: <rt-3.8.HEAD-15577-1351614913-1915.80458-0-0 [...] rt.cpan.org>
Content-Length: 689
Download (untitled) / with headers
text/plain 689b
Alberto Simões via RT <bug-Text-BibTeX@rt.cpan.org> writes: Show quoted text
> > Where does it come the original btparse library installed in /usr/lib?
It is built from Text-BibTeX sources, with the patch at http://patch-tracker.debian.org/patch/series/view/libtext-bibtex-perl/0.64-1/0003-Introduce-a-btparse_api_version-note-and-use-it-in-d.patch to add an SONAME. Of course, the point of my last message about defining _FORTIFY_SOURCE is that it doesn't have to do with the Debian library per se (unless I screwed up the test, of course). Show quoted text
> And, is there any software shipped in debian that depends on it? (and > what software?)
Currently it does not have reverse dependencies within debian.
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-15577-1351614913-1915.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-80458 [...] rt.cpan.org> <rt-3.8.HEAD-12528-1351553569-1462.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-17035-1351556797-417.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351558792-792.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351610690-1811.80458-6-0 [...] rt.cpan.org> <877gq7x6jl.fsf [...] convex-new.cs.unb.ca> <rt-3.8.HEAD-15577-1351614913-1915.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-6061-1351966525-1857.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 858
Download (untitled) / with headers
text/plain 858b
On Tue Oct 30 12:35:13 2012, bremner@debian.org wrote: Show quoted text
> Alberto Simões via RT <bug-Text-BibTeX@rt.cpan.org> writes: >
> > > > Where does it come the original btparse library installed in
> /usr/lib? > > It is built from Text-BibTeX sources, with the patch at > > http://patch-tracker.debian.org/patch/series/view/libtext-bibtex- > perl/0.64-1/0003-Introduce-a-btparse_api_version-note-and-use-it-in- > d.patch > > to add an SONAME. > > Of course, the point of my last message about defining _FORTIFY_SOURCE > is that it doesn't have to do with the Debian library per se (unless I > screwed up the test, of course).
I asked because you said to "move /usr/local/lib/libbtparse out of the way", so that /usr/lib/libbtparse is used. My question is, is the /usr/lib/libbtparse you are currently using, the one shipped with Test::BibTeX 0.66? Cheers ambs
From bremner [...] unb.ca Sat Nov 3 17: 12:48 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.901 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-6061-1351966526-932.80458-6-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-80458 [...] rt.cpan.org> <rt-3.8.HEAD-12528-1351553569-1462.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-17035-1351556797-417.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351558792-792.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351610690-1811.80458-6-0 [...] rt.cpan.org> <877gq7x6jl.fsf [...] convex-new.cs.unb.ca> <rt-3.8.HEAD-15577-1351614913-1915.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-6061-1351966526-932.80458-6-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <87zk2ywful.fsf [...] maritornes.cs.unb.ca>
Content-Type: text/plain; charset=utf-8
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.901
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 36ADF2402D7 for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Sat, 3 Nov 2012 17:12:48 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6u47jodEtqG for <cpan-bug+Text-BibTeX [...] hipster.bestpractical.com>; Sat, 3 Nov 2012 17:12:46 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 35701240034 for <bug-Text-BibTeX [...] rt.cpan.org>; Sat, 3 Nov 2012 17:12:45 -0400 (EDT)
Received: (qmail 21217 invoked by uid 103); 3 Nov 2012 21:12:45 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 3 Nov 2012 21:12:45 -0000
Received: from tesseract.cs.unb.ca (HELO tesseract.cs.unb.ca) (131.202.240.238) by 16.mx.develooper.com (qpsmtpd/0.84/v0.84-167-g4ed6cab) with ESMTP; Sat, 03 Nov 2012 14:12:42 -0700
Received: from remotemail by tesseract.cs.unb.ca with local (Exim 4.72) (envelope-from <bremner [...] unb.ca>) id 1TUl1C-0002qL-Mm; Sat, 03 Nov 2012 18:12:38 -0300
Received: (nullmailer pid 15584 invoked by uid 1000); Sat, 03 Nov 2012 21:12:35 -0000
Delivered-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl
User-Agent: Notmuch/0.14+76~g84a0c52 (http://notmuchmail.org) Emacs/24.1.1 (x86_64-pc-linux-gnu)
Return-Path: <bremner [...] unb.ca>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-BibTeX [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-bibtex
Date: Sat, 03 Nov 2012 17:12:34 -0400
X-Spam-Level:
To: bug-Text-BibTeX [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: David Bremner <bremner [...] debian.org>
RT-Message-ID: <rt-3.8.HEAD-25884-1351977168-1764.80458-0-0 [...] rt.cpan.org>
Content-Length: 606
Download (untitled) / with headers
text/plain 606b
Alberto Simões via RT <bug-Text-BibTeX@rt.cpan.org> writes: Show quoted text
> I asked because you said to "move /usr/local/lib/libbtparse out of the > way", so that /usr/lib/libbtparse is used. My question is, is the > /usr/lib/libbtparse you are currently using, the one shipped with > Test::BibTeX 0.66?
Yes, with the patch at http://patch-tracker.debian.org/patch/series/view/libtext-bibtex-perl/0.64-1/0003-Introduce-a-btparse_api_version-note-and-use-it-in-d.patch Of course, I don't think this is relevant, because I can duplicate the problem without the debian package as explained in a followup message. d
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-25884-1351977168-1764.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-80458 [...] rt.cpan.org> <rt-3.8.HEAD-12528-1351553569-1462.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-17035-1351556797-417.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351558792-792.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-32367-1351610690-1811.80458-6-0 [...] rt.cpan.org> <877gq7x6jl.fsf [...] convex-new.cs.unb.ca> <rt-3.8.HEAD-15577-1351614913-1915.80458-6-0 [...] rt.cpan.org> <rt-3.8.HEAD-6061-1351966526-932.80458-6-0 [...] rt.cpan.org> <87zk2ywful.fsf [...] maritornes.cs.unb.ca> <rt-3.8.HEAD-25884-1351977168-1764.80458-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-30264-1351977681-1182.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 742
Download (untitled) / with headers
text/plain 742b
Show quoted text
> Of course, I don't think this is relevant, because I can duplicate the > problem without the debian package as explained in a followup message.
Oh, sorry, I misunderstood that message. Added a extra_compiler_flags=>["-D_FORTIFY_SOURCE=2"], but I can't reproduce the bug (with Mac OS X): [ambs@stravinski Text-BibTeX]$ bibparse crash.bib @preamble \providecommand{\noopsort}[1]{} crash.bib, line 5, warning: possible runaway string started at line 3 crash.bib, line 85, syntax error: at end of input, expected one of: start of entry ("{" or "(") or quoted string ({...} or "...") @comment I tried with FORTIFY_SOURCE=1 and it worked correctly as well. Tomorrow I'll install a virtual machine and do there some tests. Cheers ambs
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-30264-1351977681-1182.80458-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-3.8.HEAD-32367-1351610690-1811.80458-6-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-7646-1432581021-473.80458-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: DDB [...] cpan.org
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 215
Download (untitled) / with headers
text/plain 215b
I duplicated this bug and I believe I fixed it. It's caused by the unclosed comment block in the sample data file. Patch at https://github.com/daleevans/Text-BibTeX/commit/5a3639bba354290bfda7d2c24161c94bf2a416c5


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.