busybox 1.9.1 syslogd segfaults on startup
Denys Vlasenko
vda.linux at googlemail.com
Mon Feb 25 23:30:08 UTC 2008
On Monday 25 February 2008 23:47, Clem Taylor wrote:
> > can you test whether other libc functions will crash similarly?
> > memset(G.localHostName, 0x77, 63); // crashes or not?
> > memset(G.localHostName, 0x77, 64); // crashes or not?
> >
> > If they don't crash, then gethostname does not just store
> > data in G.localHostName. If they crash, then... ptr_to_globals
> > points to an allocated area which is too small?
> >
> > PTR_TO_GLOBALS = memcpy(xzalloc(sizeof(G)), &init_data, sizeof(init_data));
> >
> > Is sizeof(G) ok? (Do printf("%d\n", sizeof(G) somewhere)
>
> This is annoying, with the printf() and the memset() calls it doesn't
> crash. sizeof(G) is 1536.
> PTR_TO_GLOBALS = memcpy(xzalloc(sizeof(G)), &init_data,
> sizeof(init_dat...
> printf("G=%d globals=%d\n", sizeof(G), sizeof(struct globals));
> memset(G.localHostName, 0x55, 63);
> memset(G.localHostName, 0xAA, 64);
>
> If I comment out the printf() then it will segfault in the first call
> to memset(), I don't have debug symbols in uclibc, but after the
> crash, gdb shows that localHostName is all '\0'. Weirdness.
Hmm. I have an idea.
Go to libbb.h and delete "const" here:
extern struct globals *const ptr_to_globals;
Then rebuild busybox. Does it segfault now? And how much bigger busybox
now? (output of "size busybox_old busybox").
--
vda
More information about the busybox
mailing list