tish command completion crashes OS #3054

rai044der · 2023-11-08T12:09:38Z

If user types 42 or more symbols and then press 'tab' the system will crash.
Also, instead of standard symbols this crash reproduces with 11 emoji symbols.

reproduced on x86/qemu and arm/qemu profiles
commit 5af1a36

sample log

2021-08-31 19:02:39
>tish
root@embox:/#qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq: Command not found
tish error: #-2
root@embox:/#qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqUbSan type mismatch /home/rai044der/embox_fuzzing/embox/src/compat/posix/fs/dirent/dirent_dvfs.c:66


______
|  ____|                                            __          __
| |___  _ __ ___            ____  ____  ____  _____/ /   _____ / /
|  ___|| '_ ` _ \          / __ \/ __ \/ __ \/ ___/ /   |_____| |
| |____| | | | | |_ _ _   / /_/ / /_/ / /_/ (__  )_/    |_____| |
|______|_| |_| |_(_|_|_)  \____/\____/ .___/____(_)           | |
                                   /_/                        \_\
ASSERTION FAILED on CPU 0
      at /home/rai044der/embox_fuzzing/embox/src/fs/dvfs/dvfs_util.c:292
      in function dentry_ref_dec

dentry->usage_count > 0


--   00001000 * A R    thread 1  task 1 --------------------------------------

17 0x0015aad4 <__assertion_handle_failure+0x388> ...at/libc/assert/assert.c:45
16 0x000287c4 <dentry_ref_dec+0x1fc>           ././src/fs/dvfs/dvfs_util.c:287
15 0x0015db14 <closedir+0x84>  ././src/compat/posix/fs/dirent/dirent_dvfs.c:60
14 0x001089d0 <rl_filename_completion_function+0x284> ...ne/rl_linenoise.c:142
13 0x00108400 <rl_completion_matches+0x28> .../lib/readline/rl_linenoise.c:101
12 0x00108190 <rl_complete+0x1cc>       ././src/lib/readline/rl_linenoise.c:57
11 0x00107f54 <completion_callback+0x44> ...src/lib/readline/rl_linenoise.c:41
10 0x001435e0 <completeLine+0x90> ...third-party/lib/linenoise/linenoise.c:383
9 0x001493dc <linenoiseEdit+0x158> ...ird-party/lib/linenoise/linenoise.c:813
8 0x0014a33c <linenoiseRaw+0x9c> ...hird-party/lib/linenoise/linenoise.c:1027
7 0x0014a874 <linenoise+0x30c> ././third-party/lib/linenoise/linenoise.c:1083
6 0x00107ec8 <readline+0x34>           ././src/lib/readline/rl_linenoise.c:31
5 0x00059118 <tish_run+0x64>                    ././src/cmds/shell/tish.c:343
4 0x000592f4 <main_embox__cmd__sh__tish+0x1c>   ././src/cmds/shell/tish.c:421
3 0x0012dc5c <cmd_exec+0x9c>                  ././src/framework/cmd/core.c:23
2 0x00056f84 <system_start+0x130>      ././src/init/system_start_service.c:34
1 0x00003b58 <kernel_start+0x24>                     ././src/kernel/init.c:27

run 0x000f2d8c <boot_stub+0x0>            ././src/kernel/sched/boot_thread.c:20


--   00001000       W  thread 7  task 2 --------------------------------------

14 0x0001ca7c <thread_context_switch+0xdc> ...kernel/thread/thread_switch.c:36
13 0x000f25a8 <__schedule+0x304>              ././src/kernel/sched/sched.c:417
12 0x000f264c <schedule+0x18>                 ././src/kernel/sched/sched.c:494
11 0x000f53bc <sched_wait+0x10>   ././src/kernel/thread/thread_sched_wait.c:35
10 0x000f57b8 <sched_wait_timeout+0x38> ...ernel/thread/thread_sched_wait.c:67
9 0x001a48b4 <poll_table_wait+0xb4> ...src/kernel/task/idesc/poll_table.c:109
8 0x00192890 <select+0xf0>              ././src/compat/posix/idx/select.c:111
7 0x00077694 <telnet_main_loop+0x1384> ././src/cmds/net/telnetd/telnetd.c:211
6 0x00078b08 <main_embox__cmd__net__telnetd+0x13c> ...t/telnetd/telnetd.c:347
5 0x0012dc5c <cmd_exec+0x9c>                  ././src/framework/cmd/core.c:23
4 0x00189fb0 <exec_call+0xfc>             ././src/compat/posix/proc/exec.c:41
3 0x001a3410 <task_exec_callback+0x18> ...vfork_exchanged/exec_exchanged.c:17
2 0x00018480 <task_trampoline+0xa0>      ././src/kernel/task/multi/multi.c:59
1 0x0001ab50 <thread_trampoline+0x12c>        ././src/kernel/thread/core.c:69

run 0x000183e0 <task_trampoline+0x0>       ././src/kernel/task/multi/multi.c:59


--   00001000       W  thread 8  task 3 --------------------------------------

16 0x0001ca7c <thread_context_switch+0xdc> ...kernel/thread/thread_switch.c:36
15 0x000f25a8 <__schedule+0x304>              ././src/kernel/sched/sched.c:417
14 0x000f264c <schedule+0x18>                 ././src/kernel/sched/sched.c:494
13 0x000f53bc <sched_wait+0x10>   ././src/kernel/thread/thread_sched_wait.c:35
12 0x000f57b8 <sched_wait_timeout+0x38> ...ernel/thread/thread_sched_wait.c:67
11 0x001337a8 <sock_wait+0xa4>               ././src/net/socket/sock_wait.c:17
10 0x000cb978 <tcp_accept+0x244>             ././src/net/socket/tcp_sock.c:384
9 0x000a5904 <inet_accept+0x2f4>             ././src/net/socket/af_inet.c:317
8 0x0009d920 <kaccept+0x3d0>                 ././src/net/socket/ksocket.c:195
7 0x001877b0 <accept+0x16c>             ././src/compat/posix/net/socket.c:125
6 0x0007afd4 <main_embox__cmd__net__httpd+0x3ac> ...cmds/net/httpd/httpd.c:54
5 0x0012dc5c <cmd_exec+0x9c>                  ././src/framework/cmd/core.c:23
4 0x00189fb0 <exec_call+0xfc>             ././src/compat/posix/proc/exec.c:41
3 0x001a3410 <task_exec_callback+0x18> ...vfork_exchanged/exec_exchanged.c:17
2 0x00018480 <task_trampoline+0xa0>      ././src/kernel/task/multi/multi.c:59
1 0x0001ab50 <thread_trampoline+0x12c>        ././src/kernel/thread/core.c:69

run 0x000183e0 <task_trampoline+0x0>       ././src/kernel/task/multi/multi.c:59

The text was updated successfully, but these errors were encountered:

rai044der · 2023-11-08T12:43:11Z

If used shell is diag_shell, the empty prompt also crashes the system, also prompt, which ends on '`' symbol also crashes teh system.

anton-bondarev added the security label Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tish command completion crashes OS #3054

tish command completion crashes OS #3054

rai044der commented Nov 8, 2023

rai044der commented Nov 8, 2023

tish command completion crashes OS #3054

tish command completion crashes OS #3054

Comments

rai044der commented Nov 8, 2023

rai044der commented Nov 8, 2023