Site Navigation

Date:      Thu, 3 Jul 2014 15:48:12 +0200
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        FreeBSD Current <freebsd-current@freebsd.org>
Cc:        Trond =?UTF-8?B?RW5kcmVzdMO4bA==?= <Trond.Endrestol@fagskolen.gjovik.no>
Subject:   Re: getenv("TZ") crashes triggered by tzset_basic()
Message-ID:  <20140703154812.049d9b1e@fabiankeil.de>
In-Reply-To: <alpine.BSF.2.11.1407031529060.11883@mail.fig.ol.no>
References:  <20140703140105.41065cd2@fabiankeil.de> <alpine.BSF.2.11.1407031529060.11883@mail.fig.ol.no>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--Sig_/1ta7n4zOwK1P6X/FxKFXw5y
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Trond Endrest=C3=B8l <Trond.Endrestol@fagskolen.gjovik.no> wrote:

> On Thu, 3 Jul 2014 14:01+0200, Fabian Keil wrote:
>=20
> > Using HEAD, www/gatling reproducible crashes for me after receiving
> > a single request if TZ isn't set:
> >=20
> > (gdb) where
> > #0  strncmp (s1=3D<optimized out>, s2=3D<optimized out>, n=3D<optimized=
 out>) at /usr/src/lib/libc/string/strncmp.c:46
> > #1  0x00000008011a9ffe in strncmpeq (nameValue=3D0x7fffffffeb5e "LC_PAP=
ER=3Dde_DE.UTF-8", name=3D0x8011be49e "TZ", nameLen=3D<optimized out>) at /=
usr/src/lib/libc/stdlib/getenv.c:144
> > #2  __findenv_environ (name=3D<optimized out>, nameLen=3D<optimized out=
>) at /usr/src/lib/libc/stdlib/getenv.c:195
> > #3  getenv (name=3D0x8011be49e "TZ") at /usr/src/lib/libc/stdlib/getenv=
.c:441
> > #4  0x0000000801189f49 in tzset_basic (rdlocked=3D0) at /usr/src/lib/li=
bc/../../contrib/tzcode/stdtime/localtime.c:1274
> > #5  0x000000080118a13e in localtime (timep=3D0x801c12030) at /usr/src/l=
ib/libc/../../contrib/tzcode/stdtime/localtime.c:1467
> > #6  0x000000000040d38d in http_dirlisting (h=3D0x801c07140, D=3D0x801c0=
e080, path=3D0x7fffffffbb50 "/", arg=3D0x0) at http.c:214
> > #7  0x000000000040ff9d in http_openfile (h=3D0x801c07140, filename=3D0x=
801c0c085 "/", ss=3D0x7fffffffc108, sockfd=3D9, nobody=3D1) at http.c:1485
> > #8  0x0000000000413922 in httpresponse (h=3D0x801c07140, s=3D9, headerl=
en=3D76) at http.c:1940
> > #9  0x000000000040657d in handle_read_misc (i=3D9, h=3D0x801c07140, ftp=
timeout_secs=3D600, nextftp=3D...) at gatling.c:1051
> > #10 0x0000000000404d54 in main (argc=3D3, argv=3D0x7fffffffe840, envp=
=3D0x7fffffffe860) at gatling.c:2247
> >=20
> > This is not a recent regression, I first noticed it a couple
> > of months ago but haven't had time to look into it yet.
> >=20
> > If was reminded of this because a program I'm working on
> > (Privoxy) recently crashed thusly:
> >=20
> > (gdb) where
> > #0  0x000000080128ef40 in strncmp (s1=3D<optimized out>, s2=3D<optimize=
d out>, n=3D<optimized out>) at /usr/src/lib/libc/string/strncmp.c:46
> > #1  0x000000080128bb92 in getenv (name=3D<optimized out>) at /usr/src/l=
ib/libc/stdlib/getenv.c:424
> > #2  0x000000080126bb39 in tzset_basic (rdlocked=3D0) at /usr/src/lib/li=
bc/../../contrib/tzcode/stdtime/localtime.c:1281
> > #3  0x000000080126bb1b in tzset_basic (rdlocked=3D-14721152) at /usr/sr=
c/lib/libc/../../contrib/tzcode/stdtime/localtime.c:1274
> > #4  0x000000080122c0a0 in _fmt (format=3D0x22313031734e6863 <Address 0x=
22313031734e6863 out of bounds>, t=3D0x8012a009e, pt=3D0x2 <Address 0x2 out=
 of bounds>, ptlim=3D0xf5 <Address 0xf5 out of bounds>,=20
> >     warnp=3D0x8014cc418 <tzname+8>, loc=3D0x80126bb1b <tzset_basic+27>)=
 at /usr/src/lib/libc/stdtime/strftime.c:137
> > #5  0x000000080122d6fb in _conv (n=3D<optimized out>, format=3D<optimiz=
ed out>, pt=3D<optimized out>, n=3D<optimized out>, format=3D<optimized out=
>, pt=3D<optimized out>, ptlim=3D<optimized out>)
> >     at /usr/src/lib/libc/stdtime/strftime.c:597
> > #6  _yconv (a=3D<optimized out>, b=3D<optimized out>, convert_top=3D<op=
timized out>, convert_yy=3D<optimized out>, pt=3D<optimized out>, ptlim=3D<=
optimized out>, a=3D<optimized out>, b=3D<optimized out>,=20
> >     convert_top=3D<optimized out>, convert_yy=3D<optimized out>, pt=3D<=
optimized out>, ptlim=3D<optimized out>) at /usr/src/lib/libc/stdtime/strft=
ime.c:649
> > #7  0x0000000000428747 in get_log_timestamp (buffer=3D0x7fffff1f5f80 "2=
014-06-30 17:03:45.115", buffer_size=3D30) at errlog.c:482
> > [...]
> > (gdb) f 3
> > #3  0x000000080126bb1b in tzset_basic (rdlocked=3D-14721152) at /usr/sr=
c/lib/libc/../../contrib/tzcode/stdtime/localtime.c:1274
>=20
> > 1274		name =3D getenv("TZ");
>=20
> Does the code test at all for the possibility of getenv(3) returning a=20
> NULL pointer?

It does:
http://svnweb.freebsd.org/base/head/contrib/tzcode/stdtime/localtime.c?view=
=3Dmarkup#l1270

Assuming the back traces aren't corrupted, the crashes occur
before getenv() returns, though.

Fabian

--Sig_/1ta7n4zOwK1P6X/FxKFXw5y
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iEYEARECAAYFAlO1Xx8ACgkQBYqIVf93VJ1S6ACfaqCAxzmn8FqczvO/eQ95PPWW
QWsAoIT1+Qu0iFBq6AXOwCWe6/Ch3W5l
=U+H5
-----END PGP SIGNATURE-----

--Sig_/1ta7n4zOwK1P6X/FxKFXw5y--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140703154812.049d9b1e>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact