sh (pid 1081) segfaults for page address 00000000 at pc 00000000
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Mon Jan 26 16:47:31 UTC 2009
On Sun, 25 Jan 2009, Cristian Ionescu-Idbohrn wrote:
> On Sun, 25 Jan 2009, walter harms wrote:
> > Cristian Ionescu-Idbohrn schrieb:
> > > On Sun, 25 Jan 2009, walter harms wrote:
> > >> does
> > >> if [ -z "$(pidof <process name>)" ]; then
> > >>
> > >> change anything ?
> > >
> > > I'll try that tomorrow at work.
Didn't try that yet.
> > > Thinking about it a little more...
> > > It is the _shell_ that runs pidof that is actually segfaulting.
> > > May very well be a compiler bug, but I'm not looking in that
> > > direction right now.
> > >
> > > The SIGSEVG signal handler I'm playing with is in ash.c.
> > > The idea is to put ash in a while(1); loop and gdb attach to the
> > > process.
Got a backtrace now; shows a few intetesting things:
(gdb) bt full
#0 0x0009bcd0 in segv_handler (signal_number=0)
at .../busybox-1.13.2/shell/ash.c:3301
rc = 0
#1 <signal handler called>
No symbol table info available.
#2 0x00000000 in ?? ()
No symbol table info available.
#3 0x000876a2 in safe_read (fd=-1346920368, buf=0x80, count=5)
at .../busybox-1.13.2/libbb/read.c:27
n = 984538520
#4 0x0009e0a2 in expbackq (cmd=0xf9934, quoted=-123, quotes=1)
at .../busybox-1.13.2/shell/ash.c:5604
in = {fd = 647890, nleft = 1, buf = 0x5 <Address 0x5 out of bounds>,
jp = 0x0}
i = -1346920368
buf = "<garbage>"
p = 0x0
dest = 0x0
startloc = 1
syntax = 1
smark = {stackp = 0xe8211, stacknxt = 0x1 <Address 0x1 out of bounds>,
stacknleft = 1028400, marknext = 0xfb264}
#5 0x0009e408 in argstr (p=0xf1498 ",\231\017", flag=1023232,
var_str_list=0xffffffff)
at .../busybox-1.13.2/shell/ash.c:5830
spclchars = "=:\210\203\201\202\204\205\207"
reject = 0x0
c = 1022260
quotes = -1346912370
breakall = 0
inquotes = 1
length = 4294967173
startloc = 1
#6 0x00000001 in ?? ()
> > i think it would be interessting to make sure that pidof is needed to
> > cause the bug.
> > yes: no clue
> > no : the subshell is the most likely candidate but i doubt it, since it
> > is used to heavly and the bug should have surfaced in other
> > applications
> >
> > do older versions of ash behave the same ? (e.g. 1.12 ?)
>
> This is the first time I noticed that. The "older" version is really old
> 1.1.3 and does not expose the problem.
>
> > maybe "test" is broken ? (note: build-in yes/no )
>
> That's an interesting point. I'll look into it.
Still on the todo-list...
> Yes, builtin ATM. I'll check with a non-builtin "test".
...and this too.
Cheers,
--
Cristian
More information about the busybox
mailing list