Skip Menu |

This queue is for tickets about the Text-BibTeX CPAN distribution.

Report information
The Basics
Id: 80458
Status: open
Priority: 0/
Queue: Text-BibTeX
People
Owner: Nobody in particular
Requestors: bremner [...] debian.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
btcheck
crash.bib

History Show all quoted text
  Sun Oct 28 20:45:46 2012 DDB [...] cpan.org - Ticket created
From: DDB [...] cpan.org
Subject: libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl
This bug has been forwarded from http://bugs.debian.org/691715 I verified that the same thing happens with Text-BibTeX 0.65 Thanks in advance, David Bremner, Debian Perl Group
  Sun Oct 28 20:59:23 2012 DDB [...] cpan.org - Correspondence added
Here are the files. When I run the script btcheck on the attached bib file, it crashes perl 5.14 with the following backtrace /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f9f39cc5f37] /lib/x86_64-linux-gnu/libc.so.6(+0xebdf0)[0x7f9f39cc4df0] /lib/x86_64-linux-gnu/libc.so.6(+0xead37)[0x7f9f39cc3d37] /usr/lib/libbtparse.so.1(zzFAIL+0xe4)[0x7f9f38eabdc4] /usr/lib/libbtparse.so.1(body+0xdf)[0x7f9f38eab56f] /usr/lib/libbtparse.so.1(entry+0x1ea)[0x7f9f38eab98a] /usr/lib/libbtparse.so.1(bt_parse_entry+0x100)[0x7f9f38ea9d40] /usr/lib/perl5/auto/Text/BibTeX/BibTeX.so(XS_Text__BibTeX__Entry__parse+0x 135)[0x7f9f390c1a45] /usr/lib/libperl.so.5.14(Perl_pp_entersub+0x58c)[0x7f9f3a6ba3cc] /usr/lib/libperl.so.5.14(Perl_runops_standard+0x16)[0x7f9f3a6b19a6] /usr/lib/libperl.so.5.14(perl_run+0x3a5)[0x7f9f3a6535b5] /usr/bin/perl(main+0x149)[0x400f89] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f9f39bf7ead] /usr/bin/perl[0x400fc1]
Subject: crash.bib
@PREAMBLE{ {\providecommand{\noopsort}[1]{}} } @comment{ suppcollection{Eymeric_b, xref={Kors}, sortkey="Kors_E", author={{\ \ \ \ \ \ Nicholau Eymeric}}, title="Directorum inquisitorum", pages="60-64", keywords={primary}, } @incollection{1437, crossref={Kors}, author="Ponce Feugeyron", title="Errores Gazariorum, 1437", subtitle={}, pages="159-162", options={skipbib=true}, } @suppcollection{1437_b, xref={Kors}, sortkey="Kors_F", booktitle={}, author={{\ \ \ \ \ \ Feugeyron, Ponce.}}, title="Errores Gazariorum, 1437", pages="159-162", keywords={primary}, } @incollection{1628, crossref={Kors}, author="Johannes Junius", title="Letter to Veronica (24 July 1628)", shorttitle="Bamberg", subtitle={}, pages="351-353", options={skipbib=true}, } @suppcollection{1628_b, xref={Kors}, sortkey="Kors_F", author={{\ \ \ \ \ \ Junius, Johannes.}}, title="Letter to Veronica (24 July 1628)", pages="351-353", keywords={primary}, } @collection{Kors, sortkey="Kors_A", title="Witchcraft in Europe 400-1700", shortbooktitle="Witchcraft...", subtitle="A Documentary History", booktitle="Witchcraft in Europe 400-1700", booksubtitle="A Documentary History", edition="2", editor="Alan Charles Kors and Edward Peters", year="2001", publisher="University of Pennsylvania Press", keywords={primary}, } @online{HermannLoeher, author="Hermann Löher", title="Hochnötige Unterhanige Wemütige Klage der Frommen Unschültigen", year="1676", address="Amsterdam", editor="Thomas P. Becker and Theresia Becker", url="http://extern.historicum.net/loeher/", urldate="2011-06-22", keywords={primary,critic}, annote="Hermann Löher (1595-1678) was a judge (Schöffen) during the 1631 witch-trials in Rheinbach in the diocese of Trier. He became uneasy about procedures during the 3rd trial, but was convinced during the 4th that Kommisar Buirmann was manipulating the outcomes for political ends. After recognizing that as a dissenting judge, he would be denounced himself, he fled to Amsterdam with his family on 3 August 1636. He spent the remainder of his life collecting evidence against witch hunting. This memoir was written at age 80.", }
Subject: btcheck
Download btcheck
application/octet-stream 862b

Message body not shown because it is not plain text.

  Sun Oct 28 20:59:24 2012 The RT System itself - Status changed from 'new' to 'open'
  Mon Oct 29 07:37:38 2012 ambs [...] cpan.org - Correspondence added
Hello Thank you for the report. I'll give it a look. Cheers ambs On Sun Oct 28 20:59:23 2012, DDB wrote: Show quoted text
> Here are the files. When I run the script btcheck on the attached bib > file, it crashes perl 5.14 with the following backtrace > > /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f9f39cc5f37] > /lib/x86_64-linux-gnu/libc.so.6(+0xebdf0)[0x7f9f39cc4df0] > /lib/x86_64-linux-gnu/libc.so.6(+0xead37)[0x7f9f39cc3d37] > /usr/lib/libbtparse.so.1(zzFAIL+0xe4)[0x7f9f38eabdc4] > /usr/lib/libbtparse.so.1(body+0xdf)[0x7f9f38eab56f] > /usr/lib/libbtparse.so.1(entry+0x1ea)[0x7f9f38eab98a] > /usr/lib/libbtparse.so.1(bt_parse_entry+0x100)[0x7f9f38ea9d40] > /usr/lib/perl5/auto/Text/BibTeX/BibTeX.so(XS_Text__BibTeX__Entry__parse+0x > 135)[0x7f9f390c1a45] > /usr/lib/libperl.so.5.14(Perl_pp_entersub+0x58c)[0x7f9f3a6ba3cc] > /usr/lib/libperl.so.5.14(Perl_runops_standard+0x16)[0x7f9f3a6b19a6] > /usr/lib/libperl.so.5.14(perl_run+0x3a5)[0x7f9f3a6535b5] > /usr/bin/perl(main+0x149)[0x400f89] > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f9f39bf7ead] > /usr/bin/perl[0x400fc1]
  Mon Oct 29 08:32:33 2012 ambs [...] cpan.org - Correspondence added
Hello, Fixed on 0.66. I think :) Cheers ambs
  Mon Oct 29 08:32:34 2012 ambs [...] cpan.org - Status changed from 'open' to 'resolved'
  Mon Oct 29 19:27:47 2012 DDB [...] cpan.org - Correspondence added
Thanks for looking at this. When I discovered the Debian package compiled version of 0.66 still crashed, I went back and checked, and the previous versions of Text-BibTeX seem to only have the problem with the Debian package as well. So it looks like I bothered you over something that is probably my fault. Sorry about that. David
  Mon Oct 29 19:27:48 2012 The RT System itself - Status changed from 'resolved' to 'open'
  Mon Oct 29 19:32:09 2012 ambs [...] cpan.org - Correspondence added
On Mon Oct 29 19:27:47 2012, DDB wrote: Show quoted text
> Thanks for looking at this. When I discovered the Debian package > compiled version of 0.66 still crashed, I went back and checked, and the > previous versions of Text-BibTeX seem to only have the problem with the > Debian package as well. So it looks like I bothered you over something > that is probably my fault. Sorry about that.
Hello that is weird. with bibparse the example you provided made the binary fail. Now it no longer fails. but probably it fails somewhere else. can you give me more details how you are testing it? thanks
  Mon Oct 29 19:32:49 2012 DDB [...] cpan.org - Correspondence added
It could also be that the bug is only detected in the Debian version because of the hardening options. Until I know more, I'll leave the ticket resolved.
  Mon Oct 29 20:26:37 2012 DDB [...] cpan.org - Correspondence added
RT-Send-CC: 691715 [...] bugs.debian.org
Using bibparse is nice, it eliminates some complications. OK, here is my current test, on the bib file above. install debian compile 0.66 into /usr Install 0.66 from source into /usr/local. run bibparse, no crash. mv /usr/local/lib/libbtparse.so out of the way, so ldd /usr/local/bin/bibparse reports libbtparse.so => /usr/lib/libbtparse.so i.e. linked to the debian version. Now bibparse crashes on that file again with a buffer overflow, after printing @preamble \providecommand{\noopsort}[1]{} crash.bib, line 5, warning: possible runaway string started at line 3
  Mon Oct 29 20:51:16 2012 691715 [...] bugs.debian.org - Correspondence added
Subject: Bug#691715: Info received ([rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl)
Date: Tue, 30 Oct 2012 00:51:03 +0000
To: bug-Text-BibTeX [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 691715@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 691715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691715 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
  Mon Oct 29 20:59:52 2012 DDB [...] cpan.org - Correspondence added
RT-Send-CC: 691715 [...] bugs.debian.org
I was able to duplicate the crash with the upstream version by adding the definition _FORTIFY_SOURCE=2 or _FORTIFY_SOURCE=1 --- a/inc/MyBuilder.pm +++ b/inc/MyBuilder.pm @@ -168,6 +168,7 @@ sub ACTION_create_objects { $object =~ s/\.c/.o/; next if $self->up_to_date($file, $object); $cbuilder->compile(object_file => $object, + extra_compiler_flags=>["-D_FORTIFY_SOURCE=2"], source => $file, include_dirs => ["btparse/src"]); } FORTIFY_SOURCE attempts to catch some buffer overflows; the best reference I could find at the moment is http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
  Mon Oct 29 21:03:11 2012 691715 [...] bugs.debian.org - Correspondence added
Subject: Bug#691715: Info received ([rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl)
Date: Tue, 30 Oct 2012 01:03:03 +0000
To: bug-Text-BibTeX [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 691715@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 691715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691715 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
  Tue Oct 30 11:24:49 2012 ambs [...] cpan.org - Correspondence added
Hello. Where does it come the original btparse library installed in /usr/lib? And, is there any software shipped in debian that depends on it? (and what software?) Thank you ambs On Mon Oct 29 20:59:52 2012, DDB wrote: Show quoted text
> > I was able to duplicate the crash with the upstream version by adding > the definition _FORTIFY_SOURCE=2 or _FORTIFY_SOURCE=1 > > --- a/inc/MyBuilder.pm > +++ b/inc/MyBuilder.pm > @@ -168,6 +168,7 @@ sub ACTION_create_objects { > $object =~ s/\.c/.o/; > next if $self->up_to_date($file, $object); > $cbuilder->compile(object_file => $object, > + extra_compiler_flags=>["-D_FORTIFY_SOURCE=2"], > source => $file, > include_dirs => ["btparse/src"]); > } > > FORTIFY_SOURCE attempts to catch some buffer overflows; the best > reference I could find at the moment is > > http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
  Tue Oct 30 12:35:13 2012 bremner [...] debian.org - Correspondence added
Subject: Re: [rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl
Date: Tue, 30 Oct 2012 13:34:38 -0300
To: bug-Text-BibTeX [...] rt.cpan.org
From: David Bremner <bremner [...] debian.org>
Alberto Simões via RT <bug-Text-BibTeX@rt.cpan.org> writes: Show quoted text
> > Where does it come the original btparse library installed in /usr/lib?
It is built from Text-BibTeX sources, with the patch at http://patch-tracker.debian.org/patch/series/view/libtext-bibtex-perl/0.64-1/0003-Introduce-a-btparse_api_version-note-and-use-it-in-d.patch to add an SONAME. Of course, the point of my last message about defining _FORTIFY_SOURCE is that it doesn't have to do with the Debian library per se (unless I screwed up the test, of course). Show quoted text
> And, is there any software shipped in debian that depends on it? (and > what software?)
Currently it does not have reverse dependencies within debian.
  Sat Nov 03 14:15:25 2012 ambs [...] cpan.org - Correspondence added
On Tue Oct 30 12:35:13 2012, bremner@debian.org wrote: Show quoted text
> Alberto Simões via RT <bug-Text-BibTeX@rt.cpan.org> writes: >
> > > > Where does it come the original btparse library installed in
> /usr/lib? > > It is built from Text-BibTeX sources, with the patch at > > http://patch-tracker.debian.org/patch/series/view/libtext-bibtex- > perl/0.64-1/0003-Introduce-a-btparse_api_version-note-and-use-it-in- > d.patch > > to add an SONAME. > > Of course, the point of my last message about defining _FORTIFY_SOURCE > is that it doesn't have to do with the Debian library per se (unless I > screwed up the test, of course).
I asked because you said to "move /usr/local/lib/libbtparse out of the way", so that /usr/lib/libbtparse is used. My question is, is the /usr/lib/libbtparse you are currently using, the one shipped with Test::BibTeX 0.66? Cheers ambs
  Sat Nov 03 17:12:48 2012 bremner [...] debian.org - Correspondence added
Subject: Re: [rt.cpan.org #80458] libtext-bibtex-perl: syntactically invalid BibTeX file crashes perl
Date: Sat, 03 Nov 2012 17:12:34 -0400
To: bug-Text-BibTeX [...] rt.cpan.org
From: David Bremner <bremner [...] debian.org>
Alberto Simões via RT <bug-Text-BibTeX@rt.cpan.org> writes: Show quoted text
> I asked because you said to "move /usr/local/lib/libbtparse out of the > way", so that /usr/lib/libbtparse is used. My question is, is the > /usr/lib/libbtparse you are currently using, the one shipped with > Test::BibTeX 0.66?
Yes, with the patch at http://patch-tracker.debian.org/patch/series/view/libtext-bibtex-perl/0.64-1/0003-Introduce-a-btparse_api_version-note-and-use-it-in-d.patch Of course, I don't think this is relevant, because I can duplicate the problem without the debian package as explained in a followup message. d
  Sat Nov 03 17:21:22 2012 ambs [...] cpan.org - Correspondence added
Show quoted text
> Of course, I don't think this is relevant, because I can duplicate the > problem without the debian package as explained in a followup message.
Oh, sorry, I misunderstood that message. Added a extra_compiler_flags=>["-D_FORTIFY_SOURCE=2"], but I can't reproduce the bug (with Mac OS X): [ambs@stravinski Text-BibTeX]$ bibparse crash.bib @preamble \providecommand{\noopsort}[1]{} crash.bib, line 5, warning: possible runaway string started at line 3 crash.bib, line 85, syntax error: at end of input, expected one of: start of entry ("{" or "(") or quoted string ({...} or "...") @comment I tried with FORTIFY_SOURCE=1 and it worked correctly as well. Tomorrow I'll install a virtual machine and do there some tests. Cheers ambs
  Mon May 25 15:10:21 2015 DALEEVANS [...] cpan.org - Correspondence added
RT-Send-CC: DDB [...] cpan.org
I duplicated this bug and I believe I fixed it. It's caused by the unclosed comment block in the sample data file. Patch at https://github.com/daleevans/Text-BibTeX/commit/5a3639bba354290bfda7d2c24161c94bf2a416c5