Date: Wed, 19 Sep 2007 00:36:13 +0400 From: Boris Samorodov <bsam@ipt.ru> To: Roman Divacky <rdivacky@freebsd.org> Cc: freebsd-emulation@freebsd.org, sam <samflanker@gmail.com> Subject: Re: linuxolator problem on i386 Message-ID: <41596338@srv.sem.ipt.ru> In-Reply-To: <89768331@srv.sem.ipt.ru> (Boris Samorodov's message of "Tue\, 18 Sep 2007 12\:38\:28 %2B0400") References: <20070916171044.GA89893@freebsd.org> <66582704@bs1.sp34.ru> <20070916205434.GA70997@freebsd.org> <20070917152625.GA507@freebsd.org> <64815375@srv.sem.ipt.ru> <46EF62C5.5090704@gmail.com> <00483937@srv.sem.ipt.ru> <46EF7E05.5040405@gmail.com> <20070918074332.GA30053@freebsd.org> <88000019@srv.sem.ipt.ru> <20070918082119.GA30932@freebsd.org> <89768331@srv.sem.ipt.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
I like magic numbers. Ex. 4096. ;-)
And I like to play with them.
On Tue, 18 Sep 2007 12:38:28 +0400 Boris Samorodov wrote:
> > 2) when the directory is moved it works ok
> Yes. And I suppose if some files are deletted the program should
> work.
It so happened that here we get a deal with magic (number). Let me
show you the broken behaviour one more time:
-----
14594 hlds_i686 NAMI "/usr/home/bsam/hlds_l/./cstrike/sound/weapons"
14594 hlds_i686 RET linux_open 6
14594 hlds_i686 CALL linux_fstat64(0x6,0xbfbecd34,0x2820cff4)
14594 hlds_i686 RET linux_fstat64 0
14594 hlds_i686 CALL linux_fcntl64(0x6,0x2,0x1)
14594 hlds_i686 RET linux_fcntl64 0
14594 hlds_i686 CALL linux_getdents(0x6,0x8da5b44,0x1000)
14594 hlds_i686 RET linux_getdents 4096/0x1000
14594 hlds_i686 CALL linux_getdents(0x6,0x8da5b44,0x1000)
14594 hlds_i686 RET linux_getdents 444/0x1bc
14594 hlds_i686 CALL linux_getdents(0x6,0x8da5b44,0x1000)
14594 hlds_i686 RET linux_getdents 0
14594 hlds_i686 CALL linux_open(0x281e0fc7,0x902,0)
14594 hlds_i686 NAMI "/compat/linux/dev/tty"
14594 hlds_i686 NAMI "/dev/tty"
14594 hlds_i686 RET linux_open 7
14595 hlds_i686 CALL linux_sys_futex(0x2820e120,0,0x2,0,0x8da5720,0x2f45b0f8)
14594 hlds_i686 CALL writev(0x7,0xbfbec6b0,0x7)
14594 hlds_i686 GIO fd 7 wrote 86 bytes
"*** glibc detected *** ./hlds_i686: double free or corruption (!prev):\
0x08da5b28 ***
"
-----
Look at the first linux_getdents() line. The third parameter (buffer
length?) equals to 0x1000 which is 4096. The second line with
linux_getdents shows that it has read precisely 4096 (bytes?). What if
we face here a (so called at our high school) border-case
(border-problem)?
OK, the program reads the directory contents. Lets touch a new file
at this directory. What does happen? Follow me:
-----
14579 hlds_i686 NAMI "/usr/home/bsam/hlds_l/./cstrike/sound/weapons"
14579 hlds_i686 RET linux_open 6
14579 hlds_i686 CALL linux_fstat64(0x6,0xbfbecd34,0x2820cff4)
14579 hlds_i686 RET linux_fstat64 0
14579 hlds_i686 CALL linux_fcntl64(0x6,0x2,0x1)
14579 hlds_i686 RET linux_fcntl64 0
14579 hlds_i686 CALL linux_getdents(0x6,0x8da574c,0x1000)
14579 hlds_i686 RET linux_getdents 4084/0xff4
14579 hlds_i686 CALL linux_getdents(0x6,0x8da574c,0x1000)
14579 hlds_i686 RET linux_getdents 472/0x1d8
14579 hlds_i686 CALL linux_getdents(0x6,0x8da574c,0x1000)
14579 hlds_i686 RET linux_getdents 0
14579 hlds_i686 CALL close(0x6)
14579 hlds_i686 RET close 0
14579 hlds_i686 CALL linux_stat64(0xbfbecec4,0xbfbecdc4,0x2820cff4)
14579 hlds_i686 NAMI "/compat/linux/usr/home/bsam/hlds_l/./valve/sound/weapons/reload1.wav"
-----
That's it! <loud long applauses>
Roman, I hope now you may create the needed patch.
As for me I'm too tied (and too proud :-) ) today and 'm going to have
a little sleep.
WBR and good night to all ya!
--
Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone & Internet SP
FreeBSD committer, http://www.FreeBSD.org The Power To Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41596338>