[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Segmentation fault in logmsg.c
|
From: |
Marc Prewitt |
|
Subject: |
Segmentation fault in logmsg.c |
|
Date: |
Thu, 06 Feb 2003 12:40:16 -0500 |
>Submitter-Id:
>Originator: Marc Prewitt
>Organization:
Wall Street Source
>Confidential: no
>Synopsis: Segmentation fault in logmsg.c
>Severity: serious
>Priority: medium
>Category: cvs
>Class: sw-bug
>Release: 1.11.5
>Environment:
System: SunOS bohemia 5.8 Generic_108528-18 sun4u sparc
SUNW,Sun-Blade-1000
Architecture: sun4
>Description:
Here's a bug which I've been able to pretty reliably reproduce. We're
using a script in loginfo to generate an e-mail. If the user enters an
empty log message, cvs gets a segmentation fault trying to write the empty
log message to the script. Here's our loginfo file:
^cvs-log.test /usr/local/src/flatiron/0.1/scripts/cvs-log
/usr/local/src/flatiron/0.1/scripts/cvs-log.conf '%{sVv}'
Here's the core dump:
Core was generated by `/usr/local/bin/cvs commit
/home/httpd22/DOMAINS/brade.wssource.com/cgi-bin/li
b/'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libxnet.so.1...done.
Loaded symbols for /usr/lib/libxnet.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
#0 0xff1b31ac in strlen () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff1b31ac in strlen () from /usr/lib/libc.so.1
#1 0xff206138 in _doprnt () from /usr/lib/libc.so.1
#2 0xff207be0 in fprintf () from /usr/lib/libc.so.1
#3 0x0003d864 in logfile_write (repository=0xc3328
"/home/cvs/wssource/htdocs/admin",
filter=0xcbe00 "/usr/local/sbin/cvs-log
/home/cvs/wssource/CVSROOT/cvs-log.conf '%{sVv}'",
message=0x0, logfp=0x0, changes=0xb5920) at logmsg.c:930
#4 0x000422dc in Parse_Info (infofile=0x8ca00 "loginfo",
repository=0xc3328 "/home/cvs/wssource/htdocs/admin", callproc=0x3d3cc
<update_logfile_proc>,
all=1) at parseinfo.c:151
#5 0x00027354 in commit_filesdoneproc (callerdat=0x0, err=0,
repository=0xc3328 "/home/cvs/wssource/htdocs/admin",
update_dir=0xc5338
"/home/httpd22/DOMAINS/brade.wssource.com/htdocs/admin", entries=0xb93f8)
at commit.c:1430
#6 0x0005049c in do_recursion (frame=0xffbee0e0) at recurse.c:748
#7 0x00051038 in unroll_files_proc (p=0xbd540, closure=0xffbee0e0) at
recurse.c:1209
#8 0x00031c84 in walklist (list=0xb0400, proc=0x50f44
<unroll_files_proc>, closure=0xffbee0e0)
at hash.c:370
#9 0x0004fddc in start_recursion (fileproc=0xc1790, filesdoneproc=0x2730c
<commit_filesdoneproc>,
direntproc=0xc2ea0, dirleaveproc=0x38, callerdat=0xc17f0, argc=15,
argv=0xb6698, local=0,
which=1, aflag=0, locktype=0, update_preload=0x0, dosrcs=1) at
recurse.c:347
#10 0x00026160 in commit (argc=15, argv=0xffbee2c4) at commit.c:658
#11 0x0003e54c in main (argc=16, argv=0xffbee2c0) at main.c:991
>How-To-Repeat:
Setup a loginfo which runs any script. Commit a file without a message.
>Fix:
Need to check if message is blank before using fprintf on it.
This type of fix does the trick but I'm not sure if message should be
initalized to an empty string somehwere up higher in the stack:
diff -c -r1.1 logmsg.c
*** logmsg.c 2003-02-06 12:10:43-05 1.1
--- logmsg.c 2003-02-06 12:27:14-05
***************
*** 927,933 ****
}
setup_tmpfile (pipefp, "", changes);
! (void) fprintf (pipefp, "Log Message:\n%s\n", message);
if (logfp != (FILE *) 0)
{
(void) fprintf (pipefp, "Status:\n");
--- 927,937 ----
}
setup_tmpfile (pipefp, "", changes);
!
! char *tmp_message = message;
! if (tmp_message == NULL)
! tmp_message = "(empty)";
! (void) fprintf (pipefp, "Log Message:\n%s\n", tmp_message);
if (logfp != (FILE *) 0)
{
(void) fprintf (pipefp, "Status:\n");
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Segmentation fault in logmsg.c,
Marc Prewitt <=