pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/46190: pkgsrc-2011Q4 - misc/rlwrap - Segfaults on amd64 - odd gdb results
>Number: 46190
>Category: pkg
>Synopsis: pkgsrc-2011Q4 - misc/rlwrap - Segfaults on amd64
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 14 03:20:00 +0000 2012
>Originator: Matthew Mondor
>Release: NetBSD 6.0_BETA
>Organization:
>Environment:
System: NetBSD ninja.xisop 6.0_BETA NetBSD 6.0_BETA (GENERIC_MM) #0: Tue Mar 13
20:34:43 EDT 2012 root@ninja.xisop:/usr/obj/sys/arch/amd64/compile/GENERIC_MM
amd64
Architecture: x86_64
Machine: amd64
>Description:
I have a custom contacts application that was no longer launching, and
noticed that rlwrap was what was crashing.
Interestingly, if I try to debug it, I'm seeing something unexpected:
(gdb(gdb) bt
#0 0x000000000040a946 in mysavestring (string=0xfffffffff7b16800 <Address
0xfffffffff7b16800 out of bounds>) at string_utils.c:89
#1 0x0000000000408b9c in my_tgetstr (id=0x40ca2a "le") at term.c:48
#2 0x0000000000408dfd in init_terminal () at term.c:88
#3 0x00000000004048d4 in init_rlwrap () at main.c:417
#4 main (argc=<optimized out>, argv=0x7f7fffffd9e0) at main.c:117
(gdb) frame 1
#1 0x0000000000408b9c in my_tgetstr (id=0x40ca2a "le") at term.c:48
48 char *retval = stringcap ? mysavestring(stringcap) : NULL;
(gdb) info locals
term_string_buf = 0x7f7ff7b16800 "\b"
tb = 0x7f7ff7b16802 "\261\367\177\177"
stringcap = 0xfffffffff7b16800 <Address 0xfffffffff7b16800 out of bounds>
retval = <optimized out>
__FUNCTION__ = "my_tgetstr"
(gdb)
) bt
#0 0x000000000040a946 in mysavestring (string=0xfffffffff7b16800 <Address
0xfffffffff7b16800 out of bounds>) at string_utils.c:89
#1 0x0000000000408b9c in my_tgetstr (id=0x40ca2a "le") at term.c:48
#2 0x0000000000408dfd in init_terminal () at term.c:88
#3 0x00000000004048d4 in init_rlwrap () at main.c:417
#4 main (argc=<optimized out>, argv=0x7f7fffffd9e0) at main.c:117
(gdb) frame 1
#1 0x0000000000408b9c in my_tgetstr (id=0x40ca2a "le") at term.c:48
48 char *retval = stringcap ? mysavestring(stringcap) : NULL;
(gdb) info locals
term_string_buf = 0x7f7ff7b16800 "\b"
tb = 0x7f7ff7b16802 "\261\367\177\177"
stringcap = 0xfffffffff7b16800 <Address 0xfffffffff7b16800 out of bounds>
retval = <optimized out>
__FUNCTION__ = "my_tgetstr"
(gdb)
With the code being:
static char *my_tgetstr (char *id) {
char *term_string_buf = (char *)mymalloc(2048), *tb = term_string_buf;
char *stringcap = tgetstr(id, &tb); /* rl_get_termcap(id) should also get
string capability but doesn't. Why? */
char *retval = stringcap ? mysavestring(stringcap) : NULL;
DPRINTF2(DEBUG_TERMIO, "tgetstr(\"%s\") = %s", id, (stringcap ?
mangle_string_for_debug_log(stringcap,20) : "NULL"));
free(term_string_buf);
return retval;
}
However, in a simple test:
#include <stdio.h>
#include <stdlib.h>
#include <termcap.h>
int main(void);
int
main(void)
{
char *str = malloc(2048), *tb = str, *cap;
str = tgetstr("le", &tb);
(void) printf("%p\n", str);
return 0;
}
$ ./tget
0x0
So I'm first wondering why the stringcap check succeeds if NULL is
returned. Then, oddly enough the address of the buffer pointer is
passed to mysavestring() but with the first 32 bits set to 1:
0x7f7ff7b16800 becomes 0xfffffffff7b16800.
Could it be a toolchain bug?
Another thing which I didn't investigate is why the buffer is still set
to "\b" if tgetstr() returns NULL for "le".
>How-To-Repeat:
>Fix:
Unknown for now
Home |
Main Index |
Thread Index |
Old Index