NetBSD Problem Report #43964
From dyoung@ojctech.com Tue Oct 12 22:35:31 2010
Return-Path: <dyoung@ojctech.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 299AC63BAC4
for <gnats-bugs@gnats.NetBSD.org>; Tue, 12 Oct 2010 22:35:31 +0000 (UTC)
Message-Id: <20101012223529.EBE1D1BF912@elmendorf.ojctech.com>
Date: Tue, 12 Oct 2010 17:35:29 -0500 (CDT)
From: dyoung@ojctech.com
Reply-To: dyoung@ojctech.com
To: gnats-bugs@gnats.NetBSD.org
Subject: prop_dictionary_equals(3) fails with Segmentation fault
X-Send-Pr-Version: 3.95
>Number: 43964
>Category: lib
>Synopsis: prop_dictionary_equals(3) fails with Segmentation fault
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: martin
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Oct 12 22:40:00 +0000 2010
>Closed-Date: Thu Apr 21 04:57:07 +0000 2011
>Last-Modified: Thu Apr 21 04:57:07 +0000 2011
>Originator: David Young
>Release: NetBSD 5.99.36
>Organization:
David Young OJC Technologies
dyoung@ojctech.com Urbana, IL * (217) 278-3933
>Environment:
System: NetBSD elmendorf.ojctech.com 5.99.36 NetBSD 5.99.36 (modular.ojctech.com) #66: Mon Jul 12 10:54:25 CDT 2010 dyoung@skyking.ojctech.com:/home/dyoung/nbsd/i386/O/sys/arch/i386/compile/modular.ojctech.com i386
Architecture: i386
Machine: i386
>Description:
prop_dictionary_equals(3) fails with a Segmentation fault. Perhaps it's
calling through a NULL function pointer? Backtrace from gdb:
(gdb) bt
#0 0x00000000 in ?? ()
#1 0xbbbdf326 in prop_object_equals_with_error () from /usr/lib/libprop.so.1
#2 0xbbbdf482 in prop_object_equals () from /usr/lib/libprop.so.1
#3 0xbbbe1912 in prop_dictionary_equals () from /usr/lib/libprop.so.1
#4 0x0804afb0 in atfu_copyset_bool_success_body (tc=0x80564e0)
at t_ppath.c:416
#5 0x0804ea05 in atf_tc_run ()
#6 0x0804e08c in atf_tp_main ()
#7 0x08049ac2 in main (argc=-1147985792, argv=0x0) at t_ppath.c:888
(gdb)
>How-To-Repeat:
Download and extract and run the test case,
% ftp ftp://elmendorf.ojctech.com/users/netbsd-a0a9c4ee/ppath.tgz
% pax -rzf ppath.tgz
% cd ppath
% make dependall
% tests/t_proplib prop_dictionary_equals
Quits with "Segmentation fault (core dumped)".
>Fix:
Unknown.
>Release-Note:
>Audit-Trail:
From: Jukka Ruohonen <jruohonen@iki.fi>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: lib/43964: prop_dictionary_equals(3) fails with Segmentation fault
Date: Wed, 6 Apr 2011 20:20:00 +0300
On Tue, Oct 12, 2010 at 10:40:01PM +0000, dyoung@ojctech.com wrote:
> prop_dictionary_equals(3) fails with a Segmentation fault. Perhaps it's
> calling through a NULL function pointer? Backtrace from gdb:
Indeed it is a NULL pointer deref; in your test case 'd' is a valid
dictionary but 'od' is NULL so the following segfaults
prop_dictionary_equals(d, NULL);
as
bool
prop_dictionary_equals(prop_dictionary_t dict1, prop_dictionary_t dict2)
{
if (!prop_object_is_dictionary(dict1) ||
!prop_object_is_dictionary(dict2))
return (false);
return (prop_object_equals(dict1, dict2));
}
and prop_object_is_dictionary() is a macro defined as
#define prop_object_is_dictionary(x) \
((x) != NULL && (x)->pd_obj.po_type == &_prop_object_type_dictionary)
I don't know about the design choices of proplib(3), but it seems that the
API is not meant to check for NULL pointers and thus this is sort of PEBKAC...
From: Jukka Ruohonen <jruohonen@iki.fi>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: lib/43964: prop_dictionary_equals(3) fails with Segmentation fault
Date: Wed, 6 Apr 2011 20:36:08 +0300
Actually, the PEBKAC was at the other end, so nevermind.
From: "Jukka Ruohonen" <jruoho@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43964 CVS commit: src/tests/lib/libprop
Date: Wed, 6 Apr 2011 17:41:28 +0000
Module Name: src
Committed By: jruoho
Date: Wed Apr 6 17:41:27 UTC 2011
Modified Files:
src/tests/lib/libprop: t_basic.c
Log Message:
Add a test case for the segfault reported in PR lib/43964.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/tests/lib/libprop/t_basic.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43964 CVS commit: src/common/lib/libprop
Date: Wed, 20 Apr 2011 19:40:01 +0000
Module Name: src
Committed By: martin
Date: Wed Apr 20 19:40:01 UTC 2011
Modified Files:
src/common/lib/libprop: prop_dictionary.c
Log Message:
Fix "address of a void*" vs. void* confusion.
Part of fixing PR lib/43964.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/common/lib/libprop/prop_dictionary.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: lib-bug-people->martin
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Wed, 20 Apr 2011 20:04:11 +0000
Responsible-Changed-Why:
I handled it
State-Changed-From-To: open->feedback
State-Changed-By: martin@NetBSD.org
State-Changed-When: Wed, 20 Apr 2011 20:04:11 +0000
State-Changed-Why:
Should be fixed now, can you confirm?
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43964 CVS commit: src/common/lib/libprop
Date: Wed, 20 Apr 2011 20:00:07 +0000
Module Name: src
Committed By: martin
Date: Wed Apr 20 20:00:07 UTC 2011
Modified Files:
src/common/lib/libprop: prop_object.c
Log Message:
Update also the non-void pointers to the current test objects.
Finaly fixes PR lib/43964.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/common/lib/libprop/prop_object.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: feedback->closed
State-Changed-By: jruoho@NetBSD.org
State-Changed-When: Thu, 21 Apr 2011 04:57:07 +0000
State-Changed-Why:
Should be fixed, thanks.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.