[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] [MERGE-REQUEST]: segfault using variable length argumen
From: |
Wolfgang Treutterer E1 |
Subject: |
[Gnu-arch-users] [MERGE-REQUEST]: segfault using variable length argument list of rel_add_records() |
Date: |
Wed, 06 Apr 2005 10:48:22 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.3) Gecko/20040919 |
As a new user I wanted to try out GNU Arch on my Solaris 2.8 workstation
(gcc 3.3.2) but soon got stuck with the following problem:
After downloading configuring and compiling tla-1.3.1fix1 I encountered
a segmentation fault running "make test". It failed in "Simple archive
creation : Archive creation 2 (with listing)".
The same occurred if I issued commands like "tla archives".
Examining the core file with gdb I found that all crashes occurred at
the same location, namely in libawk/relational.c line 340 :
333 void
334 rel_add_records (rel_table * table, ...)
335 {
336 va_list rp;
337 rel_record r;
338
339 va_start (rp, table);
340 for (r = va_arg (rp, rel_record); r._c; r = va_arg (rp, rel_record))
341 {
342 *(rel_record *)ar_push ((void **)&table->_r, 0, sizeof
(rel_record)) = r;
343 }
344 va_end (rp);
345 }
In the archive creation test for example this routine was called by
function directory_files() in libfsutils/dir-listing.c line 29 :
rel_add_records (&answer, rel_singleton_record_taking
(rel_make_field_str (file)), 0);
In the developer mailing list I found a thread which possibly addresses
the same problem:
[GNU-arch-dev] Re: [BUG] Segfault in tla 1.3.1 and 1.3.1fix1
http://lists.seyza.com/pipermail/gnu-arch-dev/2005-April/000974.html
I could figure out that the segfault occurred in the second call to
va_arg(rp, rel_record) and the corresponding argument was the concluding
0. Obviously the compiler could not interpret the zero as rel_record
type. The same observation applied to the other segfaults.
There is a simple solution: replace the 0 in the calling function by
rel_record_nil so that the compiler knows about the intended type when
building the argument list.
However, the function rel_add_record is widely used by other routines in
libarch, libfsutils and libawk. Thus there are quite a lot locations to
patch. After fixing all occurences no more segfaults occurred.
Now, as I was able to learn and try tla, I finally made a patchset
including the fix and I would be glad if it could be merged into the
next distribution.
patch-rel_add_records.tgz
Description: Unix tar archive
- [Gnu-arch-users] [MERGE-REQUEST]: segfault using variable length argument list of rel_add_records(),
Wolfgang Treutterer E1 <=