From owner-freebsd-current@FreeBSD.ORG Thu Aug 19 21:37:29 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9581B16A4CE for ; Thu, 19 Aug 2004 21:37:29 +0000 (GMT) Received: from mail.mcneil.com (rrcs-west-24-199-45-54.biz.rr.com [24.199.45.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 328F643D5C for ; Thu, 19 Aug 2004 21:37:29 +0000 (GMT) (envelope-from sean@mcneil.com) Received: from localhost (localhost.mcneil.com [127.0.0.1]) by mail.mcneil.com (Postfix) with ESMTP id 82ACCFD0B1; Thu, 19 Aug 2004 14:37:28 -0700 (PDT) Received: from mail.mcneil.com ([127.0.0.1]) by localhost (server.mcneil.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00601-02; Thu, 19 Aug 2004 14:37:28 -0700 (PDT) Received: from [24.199.45.54] (mcneil.com [24.199.45.54]) by mail.mcneil.com (Postfix) with ESMTP id F1F60FD011; Thu, 19 Aug 2004 14:37:27 -0700 (PDT) From: Sean McNeil To: Giorgos Keramidas In-Reply-To: <20040817213813.GE3827@gothmog.gr> References: <1092777586.92327.9.camel@server.mcneil.com> <20040817213813.GE3827@gothmog.gr> Content-Type: text/plain Message-Id: <1092951447.1167.12.camel@server.mcneil.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 19 Aug 2004 14:37:27 -0700 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mcneil.com cc: freebsd-current@freebsd.org Subject: Re: bsdtar core dumps X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 21:37:29 -0000 On Tue, 2004-08-17 at 14:38, Giorgos Keramidas wrote: > On 2004-08-17 14:19, Sean McNeil wrote: > > Don't think this is amd64-specific, but perhaps.... > > It could be. Or it might be a recent change that I haven't caught up > with yet at home (see below). > > > I just tried to unarchive a file that didn't exist and got a core dump: > > tar zxvvf nonexistent.tar.gz > > $ sysctl hw.machine_arch > hw.machine_arch: i386 > $ tar zxvvf nonexistent.tar.gz > tar: Error opening archive: Failed to open 'nonexistent.tar.gz': No such file or directory > $ uname -v > FreeBSD 5.2-CURRENT #0: Sun Aug 15 23:21:29 EEST 2004 \ > sysop@gothmog.gr:/usr/obj/usr/src/sys/SOLERO > > If versions of bsdtar more recent than Sunday night (around 19:00 UTC) > all exhibit this problem, look for a recent change that causes this. > > - Giorgos Here is a backtrace of the error: #0 0x0000000200926d7e in __vfprintf (fp=0x7fffffffe360, fmt0=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640) at /usr/src/lib/libc/stdio/vfprintf.c:1052 #1 0x00000002008c4006 in vsnprintf (str=0x32
, n=4284889, fmt=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640) at /usr/src/lib/libc/stdio/vsnprintf.c:75 #2 0x0000000000411478 in __archive_string_vsprintf (as=0x520240, fmt=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640) at /usr/src/lib/libarchive/archive_string_sprintf.c:60 #3 0x00000000004112f5 in archive_set_error (a=0x520000, error_number=2, fmt=0x0) at /usr/src/lib/libarchive/archive_util.c:133 #4 0x00000000004080cd in file_open (a=0x520000, client_data=0x4161d9) at /usr/src/lib/libarchive/archive_read_open_file.c:90 #5 0x0000000000411639 in archive_read_open (a=0x520000, client_data=0x51e0c0, opener=0x408060 , reader=0x408130 , closer=0x408160 ) at /usr/src/lib/libarchive/archive_read.c:124 #6 0x0000000000408039 in archive_read_open_file (a=0x520000, filename=0x7fffffffec02 "nonexistent.tar.gz", block_size=10240) at /usr/src/lib/libarchive/archive_read_open_file.c:75 #7 0x0000000000403a90 in read_archive (bsdtar=0x7fffffffe8b0, mode=120 'x') at /usr/src/usr.bin/tar/read.c:86 #8 0x000000000040398e in tar_mode_x (bsdtar=0x32) at /usr/src/usr.bin/tar/read.c:62 #9 0x0000000000402e1a in main (argc=7, argv=0xffffffff) at /usr/src/usr.bin/tar/bsdtar.c:525 Looks like something wrote past the end of a buffer as the str argument to vsnprintf is not correct. (gdb) p *as $8 = {s = 0x51e100 "", length = 0, buffer_length = 64} should be str=0x51e100, n=0 and on the callback trace it is str=0x32
, n=4284889 Could be a compiler bug I suppose, but more likely I think it is this code: if (n == 0) { if (on > 0) *str = '\0'; str = dummy; n = 1; } in vsnprintf.c::vsnprintf. It doesn't make sense to me. I think it should be if (n == 0) { str = dummy; *str = '\0'; n = 1; } It seems very inappropriate to be messing with an input parameter like that and then using an uninitialized string in it's place. Cheers, Sean