Bugs with qualify in strace 4.5.15
Xiaoning Ding
dingxn at gmail.com
Mon Aug 20 20:05:25 UTC 2007
Hi, all
I think these two parts of code in strace version 4.5.15 may be bugs.
1. function qualify() in syscall.c.
The sizes of sysent0, sysent1, and systen2 are usually smaller than
MAX_QUALS, which is defined as 5000 for MIPS+LINUX and 2048 for
others. The inner loop accessing syscall entries beyond the defined
scope.
The related source code is quoted below.
for (p = strtok(s, ","); p; p = strtok(NULL, ",")) {
if (opt->bitflag == QUAL_TRACE && (n = lookup_class(p)) > 0) {
for (i = 0; i < MAX_QUALS; i++) {
if (sysent0[i].sys_flags & n)
qualify_one(i, opt, not, 0);
#if SUPPORTED_PERSONALITIES >= 2
if (sysent1[i].sys_flags & n)
qualify_one(i, opt, not, 1);
#endif /* SUPPORTED_PERSONALITIES >= 2 */
#if SUPPORTED_PERSONALITIES >= 3
if (sysent2[i].sys_flags & n)
qualify_one(i, opt, not, 2);
#endif /* SUPPORTED_PERSONALITIES >= 3 */
}
continue;
}
2. function dumpio() in syscall.c.
Before dumpstr() or dumpiov() is called, qual_flags[tcp->u_arg[0]] is
examined against the corresponding qualifier flag. eg.
if (qual_flags[tcp->u_arg[0]] & QUAL_WRITE)
dumpstr(...)..
However, tcp->u_arg[0] does not contain any syscall number. Should it
be replaced with tcp->scno?
Xiaoning
More information about the Strace-devel
mailing list