Bug 577987

Summary: strace segfault in sprinttime
Product: Red Hat Enterprise Linux 4 Reporter: Jeff Bastian <jbastian>
Component: straceAssignee: Jeff Law <law>
Status: CLOSED CURRENTRELEASE QA Contact: qe-baseos-tools-bugs
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: jwest, mnewsome, mnowak, tao
Target Milestone: rcKeywords: Patch, Upstream, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: strace-4.5.16-5.el4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-14 20:55:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 485811, 589872    
Attachments:
Description Flags
patch to check for NULL pointer in sprinttime
none
reproducer program none

Description Jeff Bastian 2010-03-29 22:15:49 UTC 
Created attachment 403374 [details]
patch to check for NULL pointer in sprinttime

Description of problem:
strace can segfault in sprinttime if there is a NULL dereference due to invalid time structures.  A patch for this problem exists upstream at
http://strace.git.sourceforge.net/git/gitweb.cgi?p=strace/strace;a=commitdiff;h=dc7715baadf94b370d7737d2581d733ebe2e95a1

Version-Release number of selected component (if applicable):
strace-4.5.16-1.el4.2-x86_64

How reproducible:
not sure

Steps to Reproduce:
1. strace -v ?
  
Actual results:
strace seg faults

Expected results:
no seg faults

Additional info:
Comment 9 Jeff Bastian 2010-05-03 16:12:44 UTC 
Created attachment 411050 [details]
reproducer program

I have not been able to reproduce this by tracing a program included with RHEL, however, I was able to demonstrate the bug by intercepting localtime() with a pre-loaded library.  My localtime() override simply returns NULL to simulate an error.

$ LD_PRELOAD=./mylocaltime.so strace -v ./test
execve("./test", <snip>) = 0
uname({sysname="Linux", <snip>}) = 0
...
fstat(3, Segmentation fault


With the sprinttime patch from comment 0, strace handles the NULL gracefully:

$ LD_PRELOAD=./mylocaltime.so strace -v ./test
execve("./test", <snip>) = 0
uname({sysname="Linux", <snip>}) = 0
...
fstat(3, {st_dev=makedev(253, 0), st_ino=13418520, st_mode=S_IFREG|0775, st_nlink=1, st_uid=12257, st_gid=12257, st_blksize=4096, st_blocks=24, st_size=6088, st_atime=1272902720, st_mtime=1272902385, st_ctime=1272902385}) = 0
...


Attached is a tar of the mylocaltime source and the simple test program.  Build and run it with
   make
   make strace
Comment 10 Jeff Bastian 2010-05-03 17:21:19 UTC 
Actually, you don't even need the test.c program from my reproducer.  Just use the mylocaltime.so library and call /usr/bin/stat on a file.

$ LD_PRELOAD=./mylocaltime.so strace -v stat /proc