[PATCH 0/1] BUG in lineedit.c: SEGFAULT

Alexey Fomenko ext-alexey.fomenko at nokia.com
Mon May 16 14:01:25 UTC 2011

 In libbb/linnedit.c, read_line_input():
after signal handler assignment
> previous_SIGWINCH_handler = signal(SIGWINCH, win_changed);
function win_changed() will take care of signales, but cmdedit_prompt at this
moment is uninitialized, value will be assigned only in
parse_and_put_prompt(). So if we're getting SIGWINCH before
parse_and_put_prompt run, cmdedit_prompt (which is NULL) will be passed to
strlen() in the end, and there will be a SEGFAULT.
 Steps to produce: 
stop debugger on win_changed (line 2026, lineedit.c) and send SIGWINCH -
SEGFAULT immediately. 
 GDB example log is in attachment.

 Suggesting simple solution: move signal handler assignment to be called after
cmdedit_prompt initialization.

Alexey Fomenko (1):
  Move signal handler assignment to be called after cmdedit_prompt init

 libbb/lineedit.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


-------------- next part --------------
# gdb sh
GNU gdb (GDB) 7.2-debian
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabi".
For bug reporting instructions, please see:
Reading symbols from /bin/sh...Reading symbols from /usr/lib/debug/bin/busybox...done.
(gdb) break win_changed
Breakpoint 1 at 0x4fa0c: file libbb/lineedit.c, line 1835.
(gdb) run
Starting program: /bin/sh 

Breakpoint 1, win_changed (nsig=0) at libbb/lineedit.c:1835
1835    libbb/lineedit.c: No such file or directory.
        in libbb/lineedit.c
(gdb) signal SIGWINCH
Continuing with signal SIGWINCH.

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../ports/sysdeps/arm/strlen.S:67
67      ../ports/sysdeps/arm/strlen.S: No such file or directory.
        in ../ports/sysdeps/arm/strlen.S

More information about the busybox mailing list