Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 23 Jan 2018 18:55:13 -0800 (PST)
From: Po-yi Wang <player@....bc.ca>
To: musl@...ts.openwall.com
Subject: Re: seg fault at src/string/strlen.c:15



On Tue, 23 Jan 2018, Rich Felker wrote:

> On Tue, Jan 23, 2018 at 05:07:32PM -0800, Po-yi Wang wrote:
>> hi
>>
>> I try to compile make-4.1 for i486,ppc,arm targets.
>> i486 seem ok. "make --version" runs and no problem.
>> for ppc and arm targets, both seg fault at exactly the same place.
>> I had to recompile musl-1.1.18 for both with "-g3" to narrow down
>> the problem. it should be easy to reproduce. here is some outputs:
>>
>> [ppc][1] cd /build/make-4.1; file make
>> make: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1
>> (SYSV), statically linked, not stripped
>> [ppc][1] cd /build/make-4.1; cp make make-4.1 [ppc][1] cd
>> /build/make-4.1; gdb make-4.1
>> GNU gdb 6.5
>> Copyright (C) 2006 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and
>> you are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB.  Type "show warranty" for
>> details.
>> This GDB was configured as "powerpc-unknown-linux-gnu"...Using host
>> libthread_db library "/lib/libthread_db.so.1".
>>
>> (gdb) run --version
>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> strlen (s=0x0) at src/string/strlen.c:15
>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>> (gdb)
>
> This means make is calling strlen(0), so the bug is somewhere else --
> in whatever causing the string pointer passed to strlen to be a null
> pointer. Can you show a full backtrace (bt) rather than just the point
> of the crash?

for ppc:
Program received signal SIGSEGV, Segmentation fault.
strlen (s=0x0) at src/string/strlen.c:15
15              for (w = (const void *)s; !HASZERO(*w); w++);
(gdb) bt
#0  strlen (s=0x0) at src/string/strlen.c:15
#1  0x10027ff8 in __strdup (s=0x0) at src/string/strdup.c:7
#2  0x1001167c in xstrdup (ptr=0x0) at misc.c:259
#3  0x1001ae94 in define_variable_in_set (name=0x10036474 "MAKE_TERMOUT", 
length=12, value=0x0, origin=o_default,
     recursive=0, set=0x1004d804, flocp=0x0) at variable.c:243
#4  0x1000fb14 in main (argc=2, argv=0xbfc26ea4, envp=0xbfc26eb0) at 
main.c:1404

for arm:
#0  0x0002c3a0 in strlen (s=<optimized out>, s@...ry=0x0)
     at src/string/strlen.c:15
#1  0x0002c350 in __strdup (s=0x0) at src/string/strdup.c:7
#2  0x000180d4 in xstrdup (ptr=ptr@...ry=0x0) at misc.c:259
#3  0x00020ec0 in define_variable_in_set (
     name=name@...ry=0x37e7f "MAKE_TERMOUT", length=length@...ry=12, 
value=0x0,
     origin=origin@...ry=o_default, recursive=recursive@...ry=0,
     set=0x46ae8 <global_variable_set>, flocp=flocp@...ry=0x0) at 
variable.c:243
#4  0x00008768 in main (argc=<optimized out>, argv=<optimized out>,
     envp=<optimized out>) at main.c:1404

After "mount -n -t devpts devpts /dev/pts", both works fine.
Strangely, on i486, even if I "umount /dev/pts", seg fault do not occur.
Thanks.

>
>> output for arm target:
>>
>> GNU gdb (GDB) 8.0
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> <http://gnu.org/licenses/gpl.html>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "armv7l-unknown-linux-gnueabi".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> <http://www.gnu.org/software/gdb/bugs/>.
>> Find the GDB manual and other documentation resources online at:
>> <http://www.gnu.org/software/gdb/documentation/>.
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from make-4.1...done.
>> (gdb) run --version
>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x0002c3a0 in strlen (s=<optimized out>, s@...ry=0x0) at
>> src/string/strlen.c:15
>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>> (gdb)
>
> Same here.
>
> Does the problem also happen with make 4.2? Alpine Linux is using make
> 4.2.1 I think and I haven't heard of such a problem from them.
>
> Rich
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.