[BusyBox 0002344]: fdisk from busybox 1.9.0 and 1.9.1 = segmentation fault

bugs at busybox.net bugs at busybox.net
Tue Feb 26 11:52:08 UTC 2008


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=2344 
====================================================================== 
Reported By:                hawq
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   2344
Category:                   Security
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             02-25-2008 10:15 PST
Last Modified:              02-26-2008 03:52 PST
====================================================================== 
Summary:                    fdisk from busybox 1.9.0 and 1.9.1 = segmentation
fault
Description: 
fdisk from busybox 1.9.0 and 1.9.1 causes segmentation fault when run:

busybox-1.9.1 $ ./busybox fdisk
Segmentation fault

gdb says:

Program received signal SIGSEGV, Segmentation fault.
0x080952f5 in fdisk_main (argc=1, argv=0xbfb8ebf8) at
util-linux/fdisk.c:2776
2776            INIT_G();
(gdb) bt
http://busybox.net/bugs/view.php?id=0  0x080952f5 in fdisk_main (argc=1,
argv=0xbfb8ebf8) at
util-linux/fdisk.c:2776
http://busybox.net/bugs/view.php?id=1  0x0804edf8 in run_applet_no_and_exit
(applet_no=-1078400008,
argv=0xbfb8ebf8) at libbb/appletlib.c:649
http://busybox.net/bugs/view.php?id=2  0x0804ee1e in run_applet_and_exit
(name=0xbfb8ed41 "fdisk",
argv=0xbfb8ebf8) at libbb/appletlib.c:656
http://busybox.net/bugs/view.php?id=3  0x080d4d7d in applet_install_loc ()
http://busybox.net/bugs/view.php?id=4  0xbfb8ed41 in ?? ()
http://busybox.net/bugs/view.php?id=5  0x0804ed67 in busybox_main (argv=0x44) at
libbb/appletlib.c:629
http://busybox.net/bugs/view.php?id=6  0x080d53ef in bb_path_wtmp_file ()
http://busybox.net/bugs/view.php?id=7  0xbfb8ebf4 in ?? ()
http://busybox.net/bugs/view.php?id=8  0x0804ee35 in run_applet_and_exit
(name=0xffffffff <Address 0xffffffff
out of bounds>, argv=0xbfb8ed35) at libbb/appletlib.c:658
http://busybox.net/bugs/view.php?id=9  0x0804ee87 in main (argc=-1078400012,
argv=0xbfb8ebf4) at
libbb/appletlib.c:684

Busybox was compiled on system with:

glibc 2.3.6
gcc 3.3.6
uClibc 0.9.28

Same version with same config compiled on other system works ok. Here are
versions from other system:

glibc 2.7
gcc 4.2.3
uClibc 0.9.29
====================================================================== 

---------------------------------------------------------------------- 
 vda - 02-25-08 15:33  
---------------------------------------------------------------------- 
Works for me:

# ./busybox fdisk
BusyBox v1.9.1 (2008-02-15 15:10:21 CET) multi-call binary

Usage: fdisk [-luv] [-C CYLINDERS] [-H HEADS] [-S SECTORS] [-b SSZ] DISK

Change partition table

Options:
        -l              List partition table(s)
        -u              Give Start and End in sector (instead of cylinder)
units
        -s PARTITION    Give partition size(s) in blocks
        -b 2048         (for certain MO disks) use 2048-byte sectors
        -C CYLINDERS    Set the number of cylinders
        -H HEADS        Set the number of heads
        -S SECTORS      Set the number of sectors
        -v              Give fdisk version

Can you attach your .config to the bug? 

---------------------------------------------------------------------- 
 hawq - 02-26-08 00:34  
---------------------------------------------------------------------- 
I've uploaded my config. I think its because older gcc or glibc I've used
to compile. Unfortunatelly, I can't use newer glibc/gcc there. 

---------------------------------------------------------------------- 
 vda - 02-26-08 03:52  
---------------------------------------------------------------------- 
You need to debug it further.

You have CONFIG_FEATURE_FDISK_WRITABLE=y. Therefore this part of code is
active in fdisk_main():


#if ENABLE_FEATURE_FDISK_WRITABLE
        if (argc != 1)
                bb_show_usage();

Since usage message is not printed, this code is not reached. SEGV is
before it - and this narrows things a lot.

Got ot fdisk_main and instrument it as follows:

int fdisk_main(...)
{
...
        enum {
                OPT_b = 1 << 0,
...
        };
+bb_error_msg("HERE A");
        INIT_G();
+bb_error_msg("HERE B");

        opt = getopt32(argv, "b:C:H:lS:u" USE_FEATURE_FDISK_BLKSIZE("s"),
                                &str_b, &str_C, &str_H, &str_S);
        argc -= optind;
        argv += optind;
+bb_error_msg("HERE C");
        if (opt & OPT_b) { // -b
        }
        if (opt & OPT_C) user_cylinders = xatoi_u(str_C); // -C
+bb_error_msg("HERE D");
        if (opt & OPT_H) { // -H
...
#if ENABLE_FEATURE_FDISK_WRITABLE
+bb_error_msg("HERE Z");
        if (argc != 1)
                bb_show_usage();

rebuild and run. Where will it die? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
02-25-08 10:15  hawq           New Issue                                    
02-25-08 10:15  hawq           Status                   new => assigned     
02-25-08 10:15  hawq           Assigned To               => BusyBox         
02-25-08 15:33  vda            Note Added: 0005314                          
02-26-08 00:32  hawq           File Added: busybox.config                    
02-26-08 00:34  hawq           Note Added: 0005344                          
02-26-08 03:52  vda            Note Added: 0005354                          
======================================================================




More information about the busybox-cvs mailing list