Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 30 May 2013 15:11:09 +0900
From: plan9assembler <plan9assembler@...il.com>
To: musl@...ts.openwall.com
Subject: Re: util-linux-2.23 mount segmentation fault error

here is backtrace of gdb for "./mount /dev/sda1 /mnt"

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7dd58fb in strlen () from /lib/ld-musl-x86_64.so.1
(gdb) at
#0  0x00007ffff7dd58fb in strlen () from /lib/ld-musl-x86_64.so.1
#1  0x00007ffff79614b6 in unmangle_string (s=0x6164732f7665642f <Address
0x616732f7665642 out of bounds>) at ./include/mangle.h:17
#2  mnt_parse_table_line (s=0x7fffffffe640 "/dev/sda1 /mnt ext4 rw 0 0",
fs=0x608f00) at libmount/src/tab_parse.c:78
#3  mnt_table_parse_next (tb=tb@...ry=0x7ffff7ffb360, f=f@...ry=0x608a00,
fs=fs@...ry=0x608f00, filename=filename@...ry=0x7ffff7973e78 "/etc/mtab",
nlines=nlines@...ry=0x7fffffffeab4) at at libmount/src/tab_parse.c:396
#4  0x00007ffff79618e7 in mnt_table_parse_stream (tb=tb@...ry=0x7ffff7ffb360,
f=f@...ry=0x608a00, filename=<optimzed out>, filename@...ry=0x7ffff7973e78
"/etc/mtab") at libmount/src/tab_parse.c:529
#5  0x00007ffff7961e26 in mnt_table_parse_file (tb=0x7ffff7ffb360,
filename=0x7ffff7973e78 "/etc/mtab") at libmount/src/tab_parse.c:584
#6  0x00007ffff796246f in mnt_table_parse_mtab (tb=0x7ffff7ffb360,
filename=0x7ffff7973e78 "/etc/mtab") at libmount/src/tab_parse.c:968
#7  0x00007ffff794fbf5 in mnt_context_get_mtab (cxt=cxt@...ry=0x7ffff7ffb260,
tb=tb@...ry=0x7fffffffec90) at libmount/src/context.c:958
#8  0x0000000000403c7d in print_all (show_label=0, pattern=0x0,
cxt=0x7ffff7ffb260) at sys-utils/mount.c:130
#9  main (argc=0, argv=0x7fffffffed40) at sys-utils/mount.c:1004
(gdb)



On Thu, May 30, 2013 at 7:17 AM, plan9assembler <plan9assembler@...il.com>wrote:

> correction:
>
> #if 1
> #define _IO(a,b) _IOC(0U,(a),(b),0)                 //?
> #define _IOW(a,b,c) _IOC(1U,(a),(b),sizeof(c)) //?
> #else
> #define _IO(a,b) _IOC(0,(a),(b),0)                   //ok
> #define _IOW(a,b,c) _IOC(1,(a),(b),sizeof(c))   //ok
> #endif
>
> #define _IOR(a,b,c) _IOC(2U,(a),(b),sizeof(c))  //ok
> - #define _IOW(a,b,c) _IOC(3U,(a),(b),sizeof(c)) //ok
> + #define _IOWR(a,b,c) _IOC(3U,(a),(b),sizeof(c)) //ok
>
>
> On Thu, May 30, 2013 at 7:07 AM, plan9assembler <plan9assembler@...il.com>wrote:
>
>> could you send me the patch? i will test it.
>>
>> BTW, in latest musl-git version, i found something wrong with ioctl.h
>>
>> #if 1
>> #define _IO(a,b) _IOC(0U,(a),(b),0)                 //?
>> #define _IOW(a,b,c) _IOC(1U,(a),(b),sizeof(c)) //?
>> #else
>> #define _IO(a,b) _IOC(0,(a),(b),0)                   //ok
>> #define _IOW(a,b,c) _IOC(1,(a),(b),sizeof(c))   //ok
>> #endif
>>
>> #define _IOR(a,b,c) _IOC(2U,(a),(b),sizeof(c))  //ok
>> #define _IOW(a,b,c) _IOC(3U,(a),(b),sizeof(c)) //ok
>>
>> if i set 0, it works fine run as "./mount", but set 1 then,
>>
>>
>> # ./mount /dev/sda1 /mnt
>> EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
>>
>> < 30 - 40  seconds waiting without return to shell>
>>
>> mount: /mnt: filesystem mounted, but mount(8) failedOperation timed out
>> // <-- this is weird.
>> #
>>
>>
>>
>>
>>
>> On Thu, May 30, 2013 at 5:04 AM, Szabolcs Nagy <nsz@...t70.net> wrote:
>>
>>> * plan9assembler <plan9assembler@...il.com> [2013-05-29 23:41:13 +0900]:
>>> > util-linux umount gets segfaults randomly..(X)
>>> > util-linux umount gets segfaults always..(O)
>>> >
>>> > # ./umount /mnt
>>> > traps: umount[9444] general protection ip:7f9c48e618fb sp:7fff72447b88
>>> > error:0 in libc.so[7f9c48e16000+72000]
>>> > Segmentation fault.
>>>
>>> it seems util-linux uses sscanf with %ms to parse mtab
>>> in libmount in tab_parse.c
>>>
>>> after i fixed that mount and umount does not segfault here
>>> (used fixed size malloc and %s instead)
>>>
>>
>>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.