Busybox awk throws glibc failure if using standalone/preferred applet feature

[Denys Vlasenko]

On Sunday 12 August 2012 18:48, Harald Becker wrote:
> They way I have setup busybox.conf (root.root -rw-------), and the way
> it worked for a long time. I have not stepped into this bug before, but
> possibly due to the fact that most of my Busybox based control scripts
> run as root or did not rely on that preferred applet feature.
> 
> >I suppose the missing of the entry leeds to some free error.
> 
> Yes, I ought we stumbled on a long standing bug, which hasn't bean
> detected earlier.
> 
> >By intuition I would check (comment out for testing) llist_free at the
> >end of parse_config_file(void) in libbb/appletlib.c
> >(or maybe try sct_head = xzalloc(sizeof(*sct_head)) at the beginning
> >of parse_config_file). Another candidate is list_free at the end of
> >check_suid(int applet_no). All this calls to list_free look suspicious
> >to me.
> 
> Need to look into this, haven't had the time/"inspiration" to do that
> before ...
> 
> >So the bug is triggered when /etc/busybox.conf is parsed
> >and there is no entry for the applet, permissions
> >seem to be irrelevant.

In case it is still not solved...

This part of your strace output can be useful:

28347 write(3, "======= Backtrace: =========\n", 29) = 29
28347 writev(3, [{"/lib/libc.so.6", 14}, {"(", 1}, {"+0x", 3}, {"75772", 5}, {")", 1}, {"[0x", 3}, {"6f61e772", 8}, {"]\n", 2}], 8) = 37
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804ebc1", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804ebf3", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804e858", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"8078497", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"807c3e2", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"8080c2a", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"807df8b", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"807f710", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"8081a90", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804e86a", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804e88d", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804ea0a", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804eaa5", 7}, {"]\n", 2}], 4) = 24
28347 writev(3, [{"/lib/libc.so.6", 14}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"f3", 2}, {")", 1}, {"[0x", 3}, {"6f5c5943", 8}, {"]\n", 2}], 9) = 51
28347 writev(3, [{"/bin/busybox", 12}, {"[0x", 3}, {"804e1cd", 7}, {"]\n", 2}], 4) = 24

Addresses aren't resolved, but you have busybox_unstripped in your build dir.

Run it through "objdump -dr busybox_unstripped >busybox.disasm", and see where these
addresses point to.

I can do it for you if you send me your busybox_unstripped and a matching
backtrace. Please also send your /etc/busybox.conf

-- 
vda