From owner-freebsd-bugs Mon Apr 12 9:32:27 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 5FA4515226 for ; Mon, 12 Apr 1999 09:32:19 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.2/8.9.2) id JAA16202; Mon, 12 Apr 1999 09:30:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Mon, 12 Apr 1999 09:30:02 -0700 (PDT) Message-Id: <199904121630.JAA16202@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Martin Cracauer Subject: Re: bin/7059: sh dumps core on this script Reply-To: Martin Cracauer Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/7059; it has been noted by GNATS. From: Martin Cracauer To: freebsd-gnats-submit@freebsd.org, mi@aldan.algebra.com Cc: Subject: Re: bin/7059: sh dumps core on this script Date: Mon, 12 Apr 1999 18:22:40 +0200 I tangled with this problem, but it looks like a serious memory corruption, the variable stack is being damaged. I just committed a fix for the stack problem that prints a more meaningful error message, but that's all for now. Appended are three variations of one simple script, where the last one fails for me, while the others do not. This happens on 2.2-stable, 3.1-stable and 4.0-current on machines from 486 to PII-450. As you can see, the variations are of a kind that surely shouldn't change anything real. Maybe someone with Purify or similar can run the last of these scripts with an instance of /bin/sh compiled on that machine? I'm happy to send you a binary for Solaris or whatever you run Purify on (bet the coredump doesn't happen on SPARC, but it's worth a try). Martin # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # test3a # test3b # test3c # echo x - test3a sed 's/^X//' >test3a << 'END-of-test3a' X#! /bin/sh X X# The coredump happens with the last entry of this string X# It doesn't happen when you shorten the string even when leaving the X# offending last entry intact. Xexport QUERY_STRING='First_Name=Mikhail&Last_Name=Teterin&Phone=617-332-0552&Fax=&Email=mi%40aldan.algebra.com&Company=%26ls&Division=&Title=&Company_Size=less+than+25&Address=&City=&State=&Postal_Code=&Country=&Reference=Softimage+Website&Intended_Use=&Number_Users=single&Programming=Yes&B2=Submit&QQQLINKQQQ=./dura' X X# somewhere before memalloc.c, line 190, variable stackp is set to NULL X# definitivly a timing problem. X Xfor pair in `echo ${QUERY_STRING} | sed 's/&/ /g'` ; do X _TY_FILE=${pair#QQQLINKQQQ=} X if [ $_TY_FILE != $pair ] X then X# If you activate the following echo's, it will work in my machine X# Looks like a timing problem... X# echo check 1 1>&1 X _TY_FILE2=${DOCUMENT_ROOT}${_TY_FILE} X# echo check 2 1>&1 X X# The following works when used without the next X test -f '/e' || echo bla 1>&2 X# This one doesn't X# test -f '/e' \ X# || echo bla 1>&2 X break X fi Xdone END-of-test3a echo x - test3b sed 's/^X//' >test3b << 'END-of-test3b' X#! /bin/sh X X# The coredump happens with the last entry of this string X# It doesn't happen when you shorten the string even when leaving the X# offending last entry intact. Xexport QUERY_STRING='First_Name=Mikhail&Last_Name=Teterin&Phone=617-332-0552&Fax=&Email=mi%40aldan.algebra.com&Company=%26ls&Division=&Title=&Company_Size=less+than+25&Address=&City=&State=&Postal_Code=&Country=&Reference=Softimage+Website&Intended_Use=&Number_Users=single&Programming=Yes&B2=Submit&QQQLINKQQQ=./dura' X X# somewhere before memalloc.c, line 190, variable stackp is set to NULL X# definitivly a timing problem. X Xfor pair in `echo ${QUERY_STRING} | sed 's/&/ /g'` ; do X _TY_FILE=${pair#QQQLINKQQQ=} X if [ $_TY_FILE != $pair ] X then X# If you activate the following echo's, it will work in my machine X# Looks like a timing problem... X echo check 1 1>&1 X _TY_FILE2=${DOCUMENT_ROOT}${_TY_FILE} X echo check 2 1>&1 X X# The following works when used without the next X test -f '/e' || echo bla 1>&2 X# This one doesn't X test -f '/e' \ X || echo bla 1>&2 X break X fi Xdone END-of-test3b echo x - test3c sed 's/^X//' >test3c << 'END-of-test3c' X#! /bin/sh X X# The coredump happens with the last entry of this string X# It doesn't happen when you shorten the string even when leaving the X# offending last entry intact. Xexport QUERY_STRING='First_Name=Mikhail&Last_Name=Teterin&Phone=617-332-0552&Fax=&Email=mi%40aldan.algebra.com&Company=%26ls&Division=&Title=&Company_Size=less+than+25&Address=&City=&State=&Postal_Code=&Country=&Reference=Softimage+Website&Intended_Use=&Number_Users=single&Programming=Yes&B2=Submit&QQQLINKQQQ=./dura' X X# somewhere before memalloc.c, line 190, variable stackp is set to NULL X# definitivly a timing problem. X Xfor pair in `echo ${QUERY_STRING} | sed 's/&/ /g'` ; do X _TY_FILE=${pair#QQQLINKQQQ=} X if [ $_TY_FILE != $pair ] X then X# If you activate the following echo's, it will work in my machine X# Looks like a timing problem... X# echo check 1 1>&1 X _TY_FILE2=${DOCUMENT_ROOT}${_TY_FILE} X# echo check 2 1>&1 X X# The following works when used without the next X test -f '/e' || echo bla 1>&2 X# This one doesn't X test -f '/e' \ X || echo bla 1>&2 X break X fi Xdone END-of-test3c exit -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer http://www.cons.org/cracauer/ BSD User Group Hamburg, Germany http://www.bsdhh.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message