From owner-freebsd-current  Sun Jun  3 15:30:49 2001
Delivered-To: freebsd-current@freebsd.org
Received: from pcnet1.pcnet.com (pcnet1.pcnet.com [204.213.232.3])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7BC6937B401; Sun,  3 Jun 2001 15:30:45 -0700 (PDT)
	(envelope-from eischen@vigrid.com)
Received: (from eischen@localhost)
	by pcnet1.pcnet.com (8.8.7/PCNet) id SAA27829;
	Sun, 3 Jun 2001 18:29:52 -0400 (EDT)
Date: Sun, 3 Jun 2001 18:29:52 -0400 (EDT)
From: Daniel Eischen <eischen@vigrid.com>
To: Bruce Evans <bde@zeta.org.au>
Cc: sobomax@FreeBSD.ORG, current@FreeBSD.ORG, deischen@FreeBSD.ORG
Subject: Re: sscanf(3) is broken in 5-CURRENT [SIGBUS]
In-Reply-To: <Pine.BSF.4.21.0106040426420.51343-100000@besplex.bde.org>
Message-ID: <Pine.SUN.3.91.1010603182456.27210A-100000@pcnet1.pcnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, 4 Jun 2001, Bruce Evans wrote:
> On Sat, 2 Jun 2001, Maxim Sobolev wrote:
> 
> > It seems that something is wrong with sscanf(3) in -current - in
> > some cases it may cause SIGBUS. I failed to reproduce the
> > problem on 4-STABLE, so it is a -current specific bug. Attached
> > please find small showcase that exposes the bug in question
> > and a backtrace after SIGBUS.
[ ... ]
> 
> This is because fp->_extra is not initialized by sscanf() (it is stack
> garbage that happened to be 0 when I looked at it).

Yes, it looks like the change from _up to _extra (to hold _up and other
locking stuff) screwed this up.  Here's a fix.  My source is a month
out of date (DEVFS won't let my old X applications work, so I need
to upgrade my systems before it becomes mandatory), so I don't know
if it'll apply cleanly to -current sources.

-- 
Dan Eischen

Index: local.h
===================================================================
RCS file: /opt/b/CVS/src/lib/libc/stdio/local.h,v
retrieving revision 1.3
diff -u -r1.3 local.h
--- local.h	2001/03/01 05:22:14	1.3
+++ local.h	2001/06/03 22:22:18
@@ -103,3 +103,10 @@
 	free((char *)(fp)->_lb._base); \
 	(fp)->_lb._base = NULL; \
 }
+
+#define	INITEXTRA(fp) { \
+	(fp)->_extra->_up = NULL; \
+	(fp)->_extra->fl_mutex = PTHREAD_MUTEX_INITIALIZER; \
+	(fp)->_extra->fl_owner = NULL; \
+	(fp)->_extra->fl_count = 0; \
+}
Index: sscanf.c
===================================================================
RCS file: /opt/b/CVS/src/lib/libc/stdio/sscanf.c,v
retrieving revision 1.6
diff -u -r1.6 sscanf.c
--- sscanf.c	1999/08/28 00:01:17	1.6
+++ sscanf.c	2001/06/03 22:20:22
@@ -77,6 +77,7 @@
 {
 	int ret;
 	va_list ap;
+	struct __sFILEX extra;
 	FILE f;
 
 	f._file = -1;
@@ -86,6 +87,8 @@
 	f._read = eofread;
 	f._ub._base = NULL;
 	f._lb._base = NULL;
+	f._extra = &extra;
+	INITEXTRA(&f);
 #if __STDC__
 	va_start(ap, fmt);
 #else


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message