501888 – sys-apps/coreutils - date -d 'TZ="America/Los_Angeles" "00:00 + 1 hour"' : *** Error in `date': double free or corruption (out): ... ***

Bug 501888 - sys-apps/coreutils - date -d 'TZ="America/Los_Angeles" "00:00 + 1 hour"' : *** Error in `date': double free or corruption (out): ... ***

Summary: sys-apps/coreutils - date -d 'TZ="America/Los_Angeles" "00:00 + 1 hour"' : **...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:	https://lists.gnu.org/archive/html/bu...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-02-20 13:07 UTC by Bertrand Jacquin
Modified:	2014-02-25 22:58 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bertrand Jacquin 2014-02-20 13:07:06 UTC

Can be reproduced with :
 - sys-apps/coreutils-8.20
 - sys-apps/coreutils-8.21
 - sys-apps/coreutils-8.22

$ date -d 'TZ="America/Los_Angeles" "00:00 + 1 hour"'
*** Error in `date': double free or corruption (out): 0x00007fffc63b6b20 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7e876)[0x7fb3a4e27876]
/lib64/libc.so.6(+0x7f623)[0x7fb3a4e28623]
date[0x406b81]
date[0x4023b1]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fb3a4dcdbf5]
date[0x40241d]
======= Memory map: ========
00400000-0040e000 r-xp 00000000 08:02 76313                              /bin/date
0060d000-0060e000 r--p 0000d000 08:02 76313                              /bin/date
0060e000-0060f000 rw-p 0000e000 08:02 76313                              /bin/date
017b5000-017d6000 rw-p 00000000 00:00 0                                  [heap]
7fb3a4976000-7fb3a498b000 r-xp 00000000 08:02 42373                      /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.3/libgcc_s.so.1
7fb3a498b000-7fb3a4b8a000 ---p 00015000 08:02 42373                      /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.3/libgcc_s.so.1
7fb3a4b8a000-7fb3a4b8b000 r--p 00014000 08:02 42373                      /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.3/libgcc_s.so.1
7fb3a4b8b000-7fb3a4b8c000 rw-p 00015000 08:02 42373                      /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.3/libgcc_s.so.1
7fb3a4b8c000-7fb3a4ba4000 r-xp 00000000 08:02 283836                     /lib64/libpthread-2.17.so
7fb3a4ba4000-7fb3a4da3000 ---p 00018000 08:02 283836                     /lib64/libpthread-2.17.so
7fb3a4da3000-7fb3a4da4000 r--p 00017000 08:02 283836                     /lib64/libpthread-2.17.so
7fb3a4da4000-7fb3a4da5000 rw-p 00018000 08:02 283836                     /lib64/libpthread-2.17.so
7fb3a4da5000-7fb3a4da9000 rw-p 00000000 00:00 0
7fb3a4da9000-7fb3a4f4a000 r-xp 00000000 08:02 283285                     /lib64/libc-2.17.so
7fb3a4f4a000-7fb3a514a000 ---p 001a1000 08:02 283285                     /lib64/libc-2.17.so
7fb3a514a000-7fb3a514e000 r--p 001a1000 08:02 283285                     /lib64/libc-2.17.so
7fb3a514e000-7fb3a5150000 rw-p 001a5000 08:02 283285                     /lib64/libc-2.17.so
7fb3a5150000-7fb3a5154000 rw-p 00000000 00:00 0
7fb3a5154000-7fb3a515b000 r-xp 00000000 08:02 283791                     /lib64/librt-2.17.so
7fb3a515b000-7fb3a535a000 ---p 00007000 08:02 283791                     /lib64/librt-2.17.so
7fb3a535a000-7fb3a535b000 r--p 00006000 08:02 283791                     /lib64/librt-2.17.so
7fb3a535b000-7fb3a535c000 rw-p 00007000 08:02 283791                     /lib64/librt-2.17.so
7fb3a535c000-7fb3a537e000 r-xp 00000000 08:02 283265                     /lib64/ld-2.17.so
7fb3a554c000-7fb3a5550000 rw-p 00000000 00:00 0
7fb3a557b000-7fb3a557d000 rw-p 00000000 00:00 0
7fb3a557d000-7fb3a557e000 r--p 00021000 08:02 283265                     /lib64/ld-2.17.so
7fb3a557e000-7fb3a557f000 rw-p 00022000 08:02 283265                     /lib64/ld-2.17.so
7fb3a557f000-7fb3a5580000 rw-p 00000000 00:00 0
7fffc6397000-7fffc63b9000 rw-p 00000000 00:00 0                          [stack]
7fffc63ff000-7fffc6400000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

Original date call is not good, but it should not give us a double free

Reproducible: Always

Comment 1 SpanKY gentoo-dev

2014-02-25 21:48:49 UTC

since it's not a regression, and it's not a super critical bug, and upstream is on top of it, i'll just wait for the next release rather than doing a revbump of the existing one

btw, upstream said thanks ;)

Comment 2 Bertrand Jacquin 2014-02-25 22:58:04 UTC

(In reply to SpanKY from comment #1)
> since it's not a regression, and it's not a super critical bug

You get it !

> and upstream
> is on top of it, i'll just wait for the next release rather than doing a
> revbump of the existing one

Fine for me

> btw, upstream said thanks ;)

Thank to you. Was too lazy and bug so avoidable to fill a bug upstream.