ash r21030 broken?

Cristian Ionescu-Idbohrn cristian.ionescu-idbohrn at axis.com
Tue Feb 19 15:28:54 UTC 2008 

On Tue, 19 Feb 2008, Cristian Ionescu-Idbohrn wrote:

> Doesn't look that way :(  Seems to bail out on this line (see attached
> diff).
>
> 				eq = strchr(str, '=');
>
> str is pointing to something, but that doesn't seem to be the right
> thing (uninitialized?).
>
> # for B in $VAR;do echo $B;done
> sh: LINE 5907
> sh: LINE 5914: name='VAR=', name_len=4
> sh: LINE 5916
> sh: LINE 5920
> sh: LINE 5923

Yes.  Something fishy going on.  This is what happens during init
(runlevel 3, init scripts), a few steps before ash segfaults; please
compare the var_str_list and str pointer values:

,----
| + [ N ]
| sh: LINE 5907
| sh: LINE 5914: name='runlevel=', name_len=9
| sh: LINE 5916
| sh: LINE 5920: var_str_list=0x00118404, str=0x001183fc
| sh: LINE 5923
| sh: LINE 5925
| sh: LINE 5943
| sh: LINE 5946
| sh: LINE 5948
| sh: LINE 5950
| sh: LINE 5952
| + echo New runlevel: 3
| New runlevel: 3
| sh: LINE 5907
| sh: LINE 5914: name='runlevel=.d', name_len=9
| sh: LINE 5916
| sh: LINE 5920: var_str_list=0x0011840c, str=0x00118414
| sh: LINE 5923
| sh: LINE 5925
| sh: LINE 5943
| sh: LINE 5946
| sh: LINE 5948
| sh: LINE 5950
| sh: LINE 5952
| + [ -d /etc/rc3.d ]
| sh: LINE 5907
| sh: LINE 5914: name='prevlevel=', name_len=10
| sh: LINE 5916
| sh: LINE 5920: var_str_list=0x0011840c, str=0x00118414
| sh: LINE 5923
| sh: LINE 5925
| sh: LINE 5943
| sh: LINE 5946
| sh: LINE 5948
| sh: LINE 5950
| sh: LINE 5952
| + [ N != N ]
| sh: LINE 5907
| sh: LINE 5914: name='runlevel=.d/S??*', name_len=9
| sh: LINE 5916
| sh: LINE 5920: var_str_list=0x000b5bee, str=0x8feee1fc
| sh: LINE 5923
| rc (pid 75) segfaults for page address 8feee000 at pc 355a06a6
`----

A new shell is started at this point, which also segfaults when I
execute the following:

,----
| # for B in $VAR;do echo $B;done
| sh: LINE 5907
| sh: LINE 5914: name='VAR=', name_len=4
| sh: LINE 5916
| sh: LINE 5920: var_str_list=0x000b81c2, str=0x201892c1
| sh: LINE 5923
| sh (pid 72) segfaults for page address 20188000 at pc 355a06a6
`----



Cheers,

-- 
Cristian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ash.c.diff
Type: text/x-diff
Size: 1844 bytes
Desc: 
Url : http://lists.busybox.net/pipermail/busybox/attachments/20080219/f80802bf/attachment-0002.bin

More information about the busybox mailing list