sh (pid 1081) segfaults for page address 00000000 at pc 00000000

Mon Jan 26 16:47:31 UTC 2009

On Sun, 25 Jan 2009, Cristian Ionescu-Idbohrn wrote:

> On Sun, 25 Jan 2009, walter harms wrote:
> > Cristian Ionescu-Idbohrn schrieb:
> > > On Sun, 25 Jan 2009, walter harms wrote:
> > >> does
> > >> if [ -z "$(pidof <process name>)" ]; then
> > >>
> > >> change anything ?
> > >
> > > I'll try that tomorrow at work.

Didn't try that yet.

> > > Thinking about it a little more...
> > > It is the _shell_ that runs pidof that is actually segfaulting.
> > > May very well be a compiler bug, but I'm not looking in that
> > > direction right now.
> > >
> > > The SIGSEVG signal handler I'm playing with is in ash.c.
> > > The idea is to put ash in a while(1); loop and gdb attach to the
> > > process.

Got a backtrace now; shows a few intetesting things:

(gdb) bt full
#0  0x0009bcd0 in segv_handler (signal_number=0)
    at .../busybox-1.13.2/shell/ash.c:3301
        rc = 0
#1  <signal handler called>
No symbol table info available.
#2  0x00000000 in ?? ()
No symbol table info available.
#3  0x000876a2 in safe_read (fd=-1346920368, buf=0x80, count=5)
    at .../busybox-1.13.2/libbb/read.c:27
        n = 984538520
#4  0x0009e0a2 in expbackq (cmd=0xf9934, quoted=-123, quotes=1)
    at .../busybox-1.13.2/shell/ash.c:5604
        in = {fd = 647890, nleft = 1, buf = 0x5 <Address 0x5 out of bounds>,
  jp = 0x0}
        i = -1346920368
        buf = "<garbage>"
        p = 0x0
        dest = 0x0
        startloc = 1
        syntax = 1
        smark = {stackp = 0xe8211, stacknxt = 0x1 <Address 0x1 out of bounds>,
  stacknleft = 1028400, marknext = 0xfb264}
#5  0x0009e408 in argstr (p=0xf1498 ",\231\017", flag=1023232,
    var_str_list=0xffffffff)
    at .../busybox-1.13.2/shell/ash.c:5830
        spclchars = "=:\210\203\201\202\204\205\207"
        reject = 0x0
        c = 1022260
        quotes = -1346912370
        breakall = 0
        inquotes = 1
        length = 4294967173
        startloc = 1
#6  0x00000001 in ?? ()

> > i think it would be interessting to make sure that pidof is needed to
> > cause the bug.
> > yes: no clue
> > no : the subshell is the most likely candidate but i doubt it, since it
> >      is used to heavly and the bug should have surfaced in other
> >       applications
> >
> > do older versions of ash behave the same ? (e.g. 1.12 ?)
>
> This is the first time I noticed that.  The "older" version is really old
> 1.1.3 and does not expose the problem.
>
> > maybe "test" is broken ? (note: build-in yes/no )
>
> That's an interesting point.  I'll look into it.

Still on the todo-list...

> Yes, builtin ATM.  I'll check with a non-builtin "test".

...and this too.

Cheers,

-- 
Cristian