4.10 crash

Dmitry V. Levin ldv at altlinux.org
Wed Apr 6 03:00:12 UTC 2016


Hi,

On Tue, Apr 05, 2016 at 10:08:51PM -0400, John Fleming wrote:
> Hi all! First off a quick bit of history. I have a Checkpoint firewall
> running busybox with glibc 2.5 linux 2.6.22.18 and a arm ARM926EJ-S rev 1
> (v5l). I spent around 3 months pushing my known how, but after countless
> searches, lfs attempts and many rounds of cursing, I have what I think its
> a working cross compile environment. Strace was one of the main reasons I
> wanted to do get this cross compiler going.
> 
> So.. Now that I have done that and found that strace will crash when i
> using the -f option when calling checkpoint's cli utility. I don't know if
> there are other commands that will do this, but I know Checkpoint's cli
> will fork/create many other sub processes.
> 
> In this example i'm just asking cli utilty what the BGP as number is. I'm
> running this as uid 0 under bash.
> 
> So .. for example.
> 
> /strace -o /logs/output.txt -s 1048 -f clish -c "show as"
> Segmentation fault (core dumped)
> [Expert at FW#
> Autonomous system number: 0
> 
> Strace crashes, clish (this is the checkpoint shell) works fine.
> 
> Side note, strace seems to work without the -f option.
> 
> Here is a backtrace. I recompiled with -O0, but i don't know enough about
> gdb to take this any further. BTW gdb was built with same cross compiler.
> 
> Core was generated by `/strace -o /logs/output.txt -s 1048 -f clish -c show
> as'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x4009b094 in strlen () from /lib/libc.so.6
> (gdb) where
> #0  0x4009b094 in strlen () from /lib/libc.so.6
> #1  0x4008d138 in fputs_unlocked () from /lib/libc.so.6
> #2  0x00025818 in tprints (str=0x0) at strace.c:562
> #3  0x0003104c in printflags (xlat=0x3e23c <sock_type_flags>, flags=0,
> dflt=0x3edd0 "SOCK_???") at util.c:345

This is a side effect of old/incomplete system headers that do not provide
definitions for SOCK_CLOEXEC and SOCK_NONBLOCK.

This potential null dereference bug was fixed by commit v4.11~147,
so try building v4.11 instead of v4.10.  


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20160406/2f421761/attachment.bin>


More information about the Strace-devel mailing list