busybox 1.9.1 syslogd segfaults on startup

Denys Vlasenko vda.linux at googlemail.com
Mon Feb 25 23:30:08 UTC 2008


On Monday 25 February 2008 23:47, Clem Taylor wrote:
> >  can you test whether other libc functions will crash similarly?
> >     memset(G.localHostName, 0x77, 63); // crashes or not?
> >     memset(G.localHostName, 0x77, 64); // crashes or not?
> >
> >  If they don't crash, then gethostname does not just store
> >  data in G.localHostName. If they crash, then... ptr_to_globals
> >  points to an allocated area which is too small?
> >
> >  PTR_TO_GLOBALS = memcpy(xzalloc(sizeof(G)), &init_data, sizeof(init_data));
> >
> >  Is sizeof(G) ok? (Do printf("%d\n", sizeof(G) somewhere)
> 
> This is annoying, with the printf() and the memset() calls it doesn't
> crash. sizeof(G) is 1536.
>         PTR_TO_GLOBALS = memcpy(xzalloc(sizeof(G)), &init_data,
> sizeof(init_dat...
>         printf("G=%d globals=%d\n", sizeof(G), sizeof(struct globals));
>         memset(G.localHostName, 0x55, 63);
>         memset(G.localHostName, 0xAA, 64);
> 
> If I comment out the printf() then it will segfault in the first call
> to memset(), I don't have debug symbols in uclibc, but after the
> crash, gdb shows that localHostName is all '\0'. Weirdness.

Hmm. I have an idea.

Go to libbb.h and delete "const" here:

extern struct globals *const ptr_to_globals;

Then rebuild busybox. Does it segfault now? And how much bigger busybox
now? (output of "size busybox_old busybox").
--
vda



More information about the busybox mailing list