NetBSD Problem Report #56974

From hauke@causeuse.org  Sun Aug 21 18:49:44 2022
Return-Path: <hauke@causeuse.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 0D1411A921F
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 21 Aug 2022 18:49:44 +0000 (UTC)
Message-Id: <202208211700.27LH0jm9000498@localhost.>
Date: Sun, 21 Aug 2022 19:00:45 +0200 (CEST)
From: Hauke Fath <hauke@causeuse.org>
Reply-To: Hauke Fath <hauke@causeuse.org>
To: gnats-bugs@NetBSD.org
Cc: Hauke Fath <hauke@causeuse.org>
Subject: 'amq -i' dumps core
X-Send-Pr-Version: 3.95

>Number:         56974
>Category:       bin
>Synopsis:       'amq -i' dumps core with sigsev
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          needs-pullups
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 21 18:50:01 +0000 2022
>Closed-Date:    
>Last-Modified:  Wed Aug 02 18:10:01 +0000 2023
>Originator:     Hauke Fath
>Release:        NetBSD 9.2_STABLE
>Organization:
Mahlzeit!
>Environment:


System: NetBSD Smallpad 9.2_STABLE NetBSD 9.2_STABLE (X61) #9: Sat Jul 30 15:53:30 CEST 2022 hauke@pizza:/var/obj/netbsd-build-objects/9/amd64/sys/arch/amd64/compile/X61 amd64
Architecture: x86_64
Machine: amd64
>Description:

	Invoking 'amq -i', to obtain information about amd(8) mount
	maps, SIGSEVs on both netbsd-9 and -current.


>How-To-Repeat:

	Set up amd(8) on a system, then run 'amq -i'.

[hauke@Smallpad] /<5>bsd/am-utils > gdb bin/amq/amq
GNU gdb (GDB) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from bin/amq/amq...
(gdb) set args -i
(gdb) run
Starting program: /local/source/netbsd-9/src/external/bsd/am-utils/bin/amq/amq -i
Name               Wild                                          Flags    Refcnt  Entries Reloads Stat Modified

Program received signal SIGSEGV, Segmentation fault.
0x00000001c7c023a0 in time_print (tt=0x61e410ff) at /local/source/netbsd-9/src/external/bsd/am-utils/dist/amq/amq.c:84
84        time_t t = (time_t)*tt;
(gdb) bt
#0  0x00000001c7c023a0 in time_print (tt=0x61e410ff) at /local/source/netbsd-9/src/external/bsd/am-utils/dist/amq/amq.c:84
#1  0x00000001c7c02dd7 in show_mapinfo (ml=0x1c7e05290 <res>, e=Full, nwid=0x7f7fff9421f4, wwid=0x7f7fff9421f0)
    at /local/source/netbsd-9/src/external/bsd/am-utils/dist/amq/amq.c:294
#2  0x00000001c7c0399d in main (argc=2, argv=0x7f7fff942388) at /local/source/netbsd-9/src/external/bsd/am-utils/dist/amq/amq.c:727
(gdb) frame 1
#1  0x00000001c7c02dd7 in show_mapinfo (ml=0x1c7e05290 <res>, e=Full, nwid=0x7f7fff9421f4, wwid=0x7f7fff9421f0)
    at /local/source/netbsd-9/src/external/bsd/am-utils/dist/amq/amq.c:294
294             time_print(mi->mi_modify);
(gdb) print mi->mi_modify
$1 = (time_type) 0x61e410ff
(gdb) print *mi->mi_modify
Cannot access memory at address 0x61e410ff
(gdb) 

	The mi_modify field is set in amq_xdr.c::xdr_amq_map_info(),
	and that's about my current level of understanding.


>Fix:

	Yes, please.



>Release-Note:

>Audit-Trail:
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/56974: 'amq -i' dumps core
Date: Mon, 22 Aug 2022 07:32:39 -0000 (UTC)

 hauke@causeuse.org (Hauke Fath) writes:

 >	Set up amd(8) on a system, then run 'amq -i'.

 The handling of time_type is broken.

 Defined as (long *), while it contains UNIX timestamps (possibly 32bit only).
 Then dereferenced assuming it's a pointer -> your segfault.

From: RVP <rvp@SDF.ORG>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/56974: 'amq -i' dumps core
Date: Mon, 22 Aug 2022 07:37:45 +0000 (UTC)

 On Sun, 21 Aug 2022, Hauke Fath wrote:

 >> Description:
 >
 > 	Invoking 'amq -i', to obtain information about amd(8) mount
 > 	maps, SIGSEVs on both netbsd-9 and -current.
 >
 >

 Please try:

 ---START---
 diff -urN am-utils.orig/dist/amq/amq.c am-utils/dist/amq/amq.c
 --- am-utils.orig/dist/amq/amq.c	2015-01-18 15:37:57.000000000 +0000
 +++ am-utils/dist/amq/amq.c	2022-08-22 07:21:13.836270095 +0000
 @@ -81,7 +81,7 @@
   static void
   time_print(time_type tt)
   {
 -  time_t t = (time_t)*tt;
 +  time_t t = (time_t)tt;
     struct tm *tp = localtime(&t);
     printf("%02d/%02d/%04d %02d:%02d:%02d",
   	 tp->tm_mon + 1, tp->tm_mday,
 diff -urN am-utils.orig/dist/include/amq_defs.h am-utils/dist/include/amq_defs.h
 --- am-utils.orig/dist/include/amq_defs.h	2015-01-17 16:34:18.000000000 +0000
 +++ am-utils/dist/include/amq_defs.h	2022-08-22 07:21:43.554778519 +0000
 @@ -68,7 +68,7 @@
   /*
    * TYPEDEFS
    */
 -typedef long *time_type;
 +typedef long time_type;
   typedef struct amq_mount_info amq_mount_info;
   typedef struct amq_map_info amq_map_info;
   typedef struct amq_mount_stats amq_mount_stats;
 ---END---

 -RVP

From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, RVP <rvp@SDF.ORG>
Subject: Re: bin/56974: 'amq -i' dumps core
Date: Mon, 22 Aug 2022 13:11:03 +0200

 On 8/22/22 9:40 AM, RVP wrote:
 >   > 	Invoking 'amq -i', to obtain information about amd(8) mount
 >   > 	maps, SIGSEVs on both netbsd-9 and -current.
 >   
 >   Please try: [...]

 Better:

 [hf@Hochstuhl] /<6>bin/amq > ./amq -i
 Name               Wild 
     Flags    Refcnt  Entries Reloads Stat Modified
 /etc/amd/amd.misc 
     0        1       8       1       root 12/03/2021 18:10:18
 /etc/amd/amd.home 
 host==hochstuhl;type:=link;fs:=/u/homes;sublink=${key} 0        1 
 2       1       root 12/03/2021 16:59:49
 "root" 
     0        2       2       0       root 08/09/2022 15:00:49
 [hf@Hochstuhl] /<6>bin/amq >


 Thanks!

 -- 
       The ASCII Ribbon Campaign                    Hauke Fath
 ()     No HTML/RTF in email	        Institut für Nachrichtentechnik
 /\     No Word docs in email                     TU Darmstadt
       Respect for open standards              Ruf +49-6151-16-21344

From: RVP <rvp@SDF.ORG>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/56974: 'amq -i' dumps core
Date: Mon, 22 Aug 2022 21:55:12 +0000 (UTC)

 On Mon, 22 Aug 2022, Hauke Fath wrote:

 > On 8/22/22 9:40 AM, RVP wrote:
 > >   > 	Invoking 'amq -i', to obtain information about amd(8) mount
 > >   > 	maps, SIGSEVs on both netbsd-9 and -current.
 > >
 > >   Please try: [...]
 >
 > Better:
 >

 OK. But keep an eye on it ~19 Jan 2038: As mlelstv@ pointed out, the
 program uses 32-bit ints to transport times...

 -RVP

State-Changed-From-To: open->needs-pullups
State-Changed-By: hauke@NetBSD.org
State-Changed-When: Wed, 24 Aug 2022 08:58:39 +0000
State-Changed-Why:
christos@ committed changes based on findings from rvp@ -- thanks!

At least the pointer bug fix should be pulled up.


From: Taylor R Campbell <riastradh@NetBSD.org>
To: Hauke Fath <hauke@causeuse.org>
Cc: gnats-bugs@NetBSD.org, hauke@NetBSD.org
Subject: Re: bin/56974: 'amq -i' dumps core with sigsev
Date: Wed, 2 Aug 2023 14:33:40 +0000

 Should the fix be pulled up or should this be closed?

 The commit message indicates a compatibility problem but I haven't
 looked at the details closely enough to understand the consequences,
 something about xdr_long vs xdr_longlong:

 Author: christos <christos@NetBSD.org>
 Date:   Tue Aug 23 07:42:28 2022 +0000

     fix pointer bug (thanks RVP) and change to use 64 bit times. Don't both=
 er
     with backwards compatibility; too much work for little benefit.

 https://mail-index.netbsd.org/source-changes/2022/08/23/msg140520.html

 plus potentially
 https://mail-index.netbsd.org/source-changes/2022/08/24/msg140533.html

From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, Hauke Fath <hauke@causeuse.org>,
        Christos Zoulas <christos@zoulas.com>
Subject: Re: bin/56974: 'amq -i' dumps core with sigsev
Date: Wed, 2 Aug 2023 20:01:40 +0200

 [cc'ed Christos]

 On Wed,  2 Aug 2023 14:35:01 +0000 (UTC), Taylor R Campbell wrote:
 >  Should the fix be pulled up or should this be closed?

 I think the fix needs to be pulled up. I am running -9 and -10 with=20
 RVP's patch.
  =20
 >  The commit message indicates a compatibility problem but I haven't
 >  looked at the details closely enough to understand the consequences,
 >  something about xdr_long vs xdr_longlong:
 > =20
 >  Author: christos <christos@NetBSD.org>
 >  Date:   Tue Aug 23 07:42:28 2022 +0000
 > =20
 >      [...]

 To my understanding, this potential (line protocol) incompatibility=20
 relates to a version skew between amd(8) and amq(1), which shouldn't=20
 happen unless the admin fatfingered things.

 Christos?

 Cheerio,
 Hauke

 --=20
 Hauke Fath                        <hauke@Espresso.Rhein-Neckar.DE>
 Linn=E9weg 7
 64342 Seeheim-Jugenheim
 Germany

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.