busybox 1.9.1 syslogd segfaults on startup

Denys Vlasenko vda.linux at googlemail.com
Mon Feb 25 21:58:45 UTC 2008


On Monday 25 February 2008 22:17, Clem Taylor wrote:
> On Sat, Feb 23, 2008 at 2:58 AM, Tito <farmatito at tiscali.it> wrote:
> >  /* Store away localhost's name before the fork */
> >         if (gethostname(G.localHostName, 64 -1) != 0)
> >                 bb_error_msg_and_die("gethostname");
> >         /* "It is unspecified whether the truncated hostname
> >          * will be null-terminated". Idiots! */
> >         G.localHostName[64 -1] = '\0';
> >         *strchrnul(G.localHostName, '.') = '\0';
> 
> In this case it is crashing inside of gethostname(). The hostname is
> only 10 bytes (9+1), so I don't think the above is the problem. I
> wrote up a quick test program for gethostname() and uname(), and it
> was happy. gdb shows that (*ptr_to_globals) is okay. I can't see any
> obvious reason why this is crashing. I moved localHostName out of
> globals and everything is happy.
> 
>                        Any ideas?

can you test whether other libc functions will crash similarly?
Say,

    memset(G.localHostName, 0x77, 63); // crashes or not?
    memset(G.localHostName, 0x77, 64); // crashes or not?

If they don't crash, then gethostname does not just store
data in G.localHostName. If they crash, then... ptr_to_globals
points to an allocated area which is too small?

PTR_TO_GLOBALS = memcpy(xzalloc(sizeof(G)), &init_data, sizeof(init_data));

Is sizeof(G) ok? (Do printf("%d\n", sizeof(G) somewhere)
--
vda




More information about the busybox mailing list