Date: Thu, 19 Aug 2004 14:37:27 -0700 From: Sean McNeil <sean@mcneil.com> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-current@freebsd.org Subject: Re: bsdtar core dumps Message-ID: <1092951447.1167.12.camel@server.mcneil.com> In-Reply-To: <20040817213813.GE3827@gothmog.gr> References: <1092777586.92327.9.camel@server.mcneil.com> <20040817213813.GE3827@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2004-08-17 at 14:38, Giorgos Keramidas wrote:
> On 2004-08-17 14:19, Sean McNeil <sean@mcneil.com> wrote:
> > Don't think this is amd64-specific, but perhaps....
>
> It could be. Or it might be a recent change that I haven't caught up
> with yet at home (see below).
>
> > I just tried to unarchive a file that didn't exist and got a core dump:
> > tar zxvvf nonexistent.tar.gz
>
> $ sysctl hw.machine_arch
> hw.machine_arch: i386
> $ tar zxvvf nonexistent.tar.gz
> tar: Error opening archive: Failed to open 'nonexistent.tar.gz': No such file or directory
> $ uname -v
> FreeBSD 5.2-CURRENT #0: Sun Aug 15 23:21:29 EEST 2004 \
> sysop@gothmog.gr:/usr/obj/usr/src/sys/SOLERO
>
> If versions of bsdtar more recent than Sunday night (around 19:00 UTC)
> all exhibit this problem, look for a recent change that causes this.
>
> - Giorgos
Here is a backtrace of the error:
#0 0x0000000200926d7e in __vfprintf (fp=0x7fffffffe360,
fmt0=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640)
at /usr/src/lib/libc/stdio/vfprintf.c:1052
#1 0x00000002008c4006 in vsnprintf (str=0x32 <Address 0x32 out of bounds>,
n=4284889, fmt=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640)
at /usr/src/lib/libc/stdio/vsnprintf.c:75
#2 0x0000000000411478 in __archive_string_vsprintf (as=0x520240,
fmt=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640)
at /usr/src/lib/libarchive/archive_string_sprintf.c:60
#3 0x00000000004112f5 in archive_set_error (a=0x520000, error_number=2,
fmt=0x0) at /usr/src/lib/libarchive/archive_util.c:133
#4 0x00000000004080cd in file_open (a=0x520000, client_data=0x4161d9)
at /usr/src/lib/libarchive/archive_read_open_file.c:90
#5 0x0000000000411639 in archive_read_open (a=0x520000, client_data=0x51e0c0,
opener=0x408060 <file_open>, reader=0x408130 <file_read>,
closer=0x408160 <file_close>) at /usr/src/lib/libarchive/archive_read.c:124
#6 0x0000000000408039 in archive_read_open_file (a=0x520000,
filename=0x7fffffffec02 "nonexistent.tar.gz", block_size=10240)
at /usr/src/lib/libarchive/archive_read_open_file.c:75
#7 0x0000000000403a90 in read_archive (bsdtar=0x7fffffffe8b0, mode=120 'x')
at /usr/src/usr.bin/tar/read.c:86
#8 0x000000000040398e in tar_mode_x (bsdtar=0x32)
at /usr/src/usr.bin/tar/read.c:62
#9 0x0000000000402e1a in main (argc=7, argv=0xffffffff)
at /usr/src/usr.bin/tar/bsdtar.c:525
Looks like something wrote past the end of a buffer as the str argument
to vsnprintf is not correct.
(gdb) p *as
$8 = {s = 0x51e100 "", length = 0, buffer_length = 64}
should be
str=0x51e100, n=0
and on the callback trace it is
str=0x32 <Address 0x32 out of bounds>, n=4284889
Could be a compiler bug I suppose, but more likely I think it is this
code:
if (n == 0) {
if (on > 0)
*str = '\0';
str = dummy;
n = 1;
}
in vsnprintf.c::vsnprintf. It doesn't make sense to me. I think it
should be
if (n == 0) {
str = dummy;
*str = '\0';
n = 1;
}
It seems very inappropriate to be messing with an input parameter like
that and then using an uninitialized string in it's place.
Cheers,
Sean
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1092951447.1167.12.camel>