From owner-freebsd-current@FreeBSD.ORG Thu Jul 3 14:01:01 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3CD4FA90 for ; Thu, 3 Jul 2014 14:01:01 +0000 (UTC) Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.95]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF9D22C19 for ; Thu, 3 Jul 2014 14:01:00 +0000 (UTC) Received: from [78.35.169.188] (helo=fabiankeil.de) by smtprelay06.ispgateway.de with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1X2hN1-0000N4-P0; Thu, 03 Jul 2014 15:48:15 +0200 Date: Thu, 3 Jul 2014 15:48:12 +0200 From: Fabian Keil To: FreeBSD Current Subject: Re: getenv("TZ") crashes triggered by tzset_basic() Message-ID: <20140703154812.049d9b1e@fabiankeil.de> In-Reply-To: References: <20140703140105.41065cd2@fabiankeil.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/1ta7n4zOwK1P6X/FxKFXw5y"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Cc: Trond =?UTF-8?B?RW5kcmVzdMO4bA==?= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 14:01:01 -0000 --Sig_/1ta7n4zOwK1P6X/FxKFXw5y Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Trond Endrest=C3=B8l wrote: > On Thu, 3 Jul 2014 14:01+0200, Fabian Keil wrote: >=20 > > Using HEAD, www/gatling reproducible crashes for me after receiving > > a single request if TZ isn't set: > >=20 > > (gdb) where > > #0 strncmp (s1=3D, s2=3D, n=3D) at /usr/src/lib/libc/string/strncmp.c:46 > > #1 0x00000008011a9ffe in strncmpeq (nameValue=3D0x7fffffffeb5e "LC_PAP= ER=3Dde_DE.UTF-8", name=3D0x8011be49e "TZ", nameLen=3D) at /= usr/src/lib/libc/stdlib/getenv.c:144 > > #2 __findenv_environ (name=3D, nameLen=3D) at /usr/src/lib/libc/stdlib/getenv.c:195 > > #3 getenv (name=3D0x8011be49e "TZ") at /usr/src/lib/libc/stdlib/getenv= .c:441 > > #4 0x0000000801189f49 in tzset_basic (rdlocked=3D0) at /usr/src/lib/li= bc/../../contrib/tzcode/stdtime/localtime.c:1274 > > #5 0x000000080118a13e in localtime (timep=3D0x801c12030) at /usr/src/l= ib/libc/../../contrib/tzcode/stdtime/localtime.c:1467 > > #6 0x000000000040d38d in http_dirlisting (h=3D0x801c07140, D=3D0x801c0= e080, path=3D0x7fffffffbb50 "/", arg=3D0x0) at http.c:214 > > #7 0x000000000040ff9d in http_openfile (h=3D0x801c07140, filename=3D0x= 801c0c085 "/", ss=3D0x7fffffffc108, sockfd=3D9, nobody=3D1) at http.c:1485 > > #8 0x0000000000413922 in httpresponse (h=3D0x801c07140, s=3D9, headerl= en=3D76) at http.c:1940 > > #9 0x000000000040657d in handle_read_misc (i=3D9, h=3D0x801c07140, ftp= timeout_secs=3D600, nextftp=3D...) at gatling.c:1051 > > #10 0x0000000000404d54 in main (argc=3D3, argv=3D0x7fffffffe840, envp= =3D0x7fffffffe860) at gatling.c:2247 > >=20 > > This is not a recent regression, I first noticed it a couple > > of months ago but haven't had time to look into it yet. > >=20 > > If was reminded of this because a program I'm working on > > (Privoxy) recently crashed thusly: > >=20 > > (gdb) where > > #0 0x000000080128ef40 in strncmp (s1=3D, s2=3D, n=3D) at /usr/src/lib/libc/string/strncmp.c:46 > > #1 0x000000080128bb92 in getenv (name=3D) at /usr/src/l= ib/libc/stdlib/getenv.c:424 > > #2 0x000000080126bb39 in tzset_basic (rdlocked=3D0) at /usr/src/lib/li= bc/../../contrib/tzcode/stdtime/localtime.c:1281 > > #3 0x000000080126bb1b in tzset_basic (rdlocked=3D-14721152) at /usr/sr= c/lib/libc/../../contrib/tzcode/stdtime/localtime.c:1274 > > #4 0x000000080122c0a0 in _fmt (format=3D0x22313031734e6863
, t=3D0x8012a009e, pt=3D0x2
, ptlim=3D0xf5
,=20 > > warnp=3D0x8014cc418 , loc=3D0x80126bb1b )= at /usr/src/lib/libc/stdtime/strftime.c:137 > > #5 0x000000080122d6fb in _conv (n=3D, format=3D, pt=3D, n=3D, format=3D, pt=3D, ptlim=3D) > > at /usr/src/lib/libc/stdtime/strftime.c:597 > > #6 _yconv (a=3D, b=3D, convert_top=3D, convert_yy=3D, pt=3D, ptlim=3D<= optimized out>, a=3D, b=3D,=20 > > convert_top=3D, convert_yy=3D, pt=3D<= optimized out>, ptlim=3D) at /usr/src/lib/libc/stdtime/strft= ime.c:649 > > #7 0x0000000000428747 in get_log_timestamp (buffer=3D0x7fffff1f5f80 "2= 014-06-30 17:03:45.115", buffer_size=3D30) at errlog.c:482 > > [...] > > (gdb) f 3 > > #3 0x000000080126bb1b in tzset_basic (rdlocked=3D-14721152) at /usr/sr= c/lib/libc/../../contrib/tzcode/stdtime/localtime.c:1274 >=20 > > 1274 name =3D getenv("TZ"); >=20 > Does the code test at all for the possibility of getenv(3) returning a=20 > NULL pointer? It does: http://svnweb.freebsd.org/base/head/contrib/tzcode/stdtime/localtime.c?view= =3Dmarkup#l1270 Assuming the back traces aren't corrupted, the crashes occur before getenv() returns, though. Fabian --Sig_/1ta7n4zOwK1P6X/FxKFXw5y Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlO1Xx8ACgkQBYqIVf93VJ1S6ACfaqCAxzmn8FqczvO/eQ95PPWW QWsAoIT1+Qu0iFBq6AXOwCWe6/Ch3W5l =U+H5 -----END PGP SIGNATURE----- --Sig_/1ta7n4zOwK1P6X/FxKFXw5y--