Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Jan 2018 18:55:13 -0800 (PST)
From: Po-yi Wang <player@....bc.ca>
To: musl@...ts.openwall.com
Subject: Re: seg fault at src/string/strlen.c:15



On Tue, 23 Jan 2018, Rich Felker wrote:

> On Tue, Jan 23, 2018 at 05:07:32PM -0800, Po-yi Wang wrote:
>> hi
>>
>> I try to compile make-4.1 for i486,ppc,arm targets.
>> i486 seem ok. "make --version" runs and no problem.
>> for ppc and arm targets, both seg fault at exactly the same place.
>> I had to recompile musl-1.1.18 for both with "-g3" to narrow down
>> the problem. it should be easy to reproduce. here is some outputs:
>>
>> [ppc][1] cd /build/make-4.1; file make
>> make: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1
>> (SYSV), statically linked, not stripped
>> [ppc][1] cd /build/make-4.1; cp make make-4.1 [ppc][1] cd
>> /build/make-4.1; gdb make-4.1
>> GNU gdb 6.5
>> Copyright (C) 2006 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and
>> you are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB.  Type "show warranty" for
>> details.
>> This GDB was configured as "powerpc-unknown-linux-gnu"...Using host
>> libthread_db library "/lib/libthread_db.so.1".
>>
>> (gdb) run --version
>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> strlen (s=0x0) at src/string/strlen.c:15
>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>> (gdb)
>
> This means make is calling strlen(0), so the bug is somewhere else --
> in whatever causing the string pointer passed to strlen to be a null
> pointer. Can you show a full backtrace (bt) rather than just the point
> of the crash?

for ppc:
Program received signal SIGSEGV, Segmentation fault.
strlen (s=0x0) at src/string/strlen.c:15
15              for (w = (const void *)s; !HASZERO(*w); w++);
(gdb) bt
#0  strlen (s=0x0) at src/string/strlen.c:15
#1  0x10027ff8 in __strdup (s=0x0) at src/string/strdup.c:7
#2  0x1001167c in xstrdup (ptr=0x0) at misc.c:259
#3  0x1001ae94 in define_variable_in_set (name=0x10036474 "MAKE_TERMOUT", 
length=12, value=0x0, origin=o_default,
     recursive=0, set=0x1004d804, flocp=0x0) at variable.c:243
#4  0x1000fb14 in main (argc=2, argv=0xbfc26ea4, envp=0xbfc26eb0) at 
main.c:1404

for arm:
#0  0x0002c3a0 in strlen (s=<optimized out>, s@...ry=0x0)
     at src/string/strlen.c:15
#1  0x0002c350 in __strdup (s=0x0) at src/string/strdup.c:7
#2  0x000180d4 in xstrdup (ptr=ptr@...ry=0x0) at misc.c:259
#3  0x00020ec0 in define_variable_in_set (
     name=name@...ry=0x37e7f "MAKE_TERMOUT", length=length@...ry=12, 
value=0x0,
     origin=origin@...ry=o_default, recursive=recursive@...ry=0,
     set=0x46ae8 <global_variable_set>, flocp=flocp@...ry=0x0) at 
variable.c:243
#4  0x00008768 in main (argc=<optimized out>, argv=<optimized out>,
     envp=<optimized out>) at main.c:1404

After "mount -n -t devpts devpts /dev/pts", both works fine.
Strangely, on i486, even if I "umount /dev/pts", seg fault do not occur.
Thanks.

>
>> output for arm target:
>>
>> GNU gdb (GDB) 8.0
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> <http://gnu.org/licenses/gpl.html>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "armv7l-unknown-linux-gnueabi".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> <http://www.gnu.org/software/gdb/bugs/>.
>> Find the GDB manual and other documentation resources online at:
>> <http://www.gnu.org/software/gdb/documentation/>.
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from make-4.1...done.
>> (gdb) run --version
>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x0002c3a0 in strlen (s=<optimized out>, s@...ry=0x0) at
>> src/string/strlen.c:15
>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>> (gdb)
>
> Same here.
>
> Does the problem also happen with make 4.2? Alpine Linux is using make
> 4.2.1 I think and I haven't heard of such a problem from them.
>
> Rich
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.