Bug 595996

Summary: [abrt] crash in coreutils-8.4-6.fc13: __memmove_ssse3: Process /bin/readlink was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Liam Dunn <liam.dunn144>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: kdudka, ovasik, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard: abrt_hash:0582aba68cf5f0234060bdaa80fee4ce55520b5a
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-16 09:57:55 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Attachments:
Description Flags
File: backtrace none

Description Liam Dunn 2010-05-26 01:32:23 EDT
abrt 1.1.0 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: readlink -m /home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike78
component: coreutils
crash_function: __memmove_ssse3
executable: /bin/readlink
global_uuid: 0582aba68cf5f0234060bdaa80fee4ce55520b5a
kernel: 2.6.33.4-95.fc13.i686
package: coreutils-8.4-6.fc13
rating: 4
reason: Process /bin/readlink was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

comment
-----
1.Download latest version o f Pike
2.Compile it. 

How to reproduce
-----
1.Download latest version o f Pike
2.Compile it.
Comment 1 Liam Dunn 2010-05-26 01:32:25 EDT
Created attachment 416659 [details]
File: backtrace
Comment 2 Kamil Dudka 2010-06-02 07:51:15 EDT
Comment on attachment 416659 [details]
File: backtrace

>[New Thread 32382]
>Core was generated by `readlink -m /home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike7'.
>Program terminated with signal 11, Segmentation fault.
>#0  __memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160
>160	../sysdeps/i386/i686/multiarch/memcpy-ssse3.S: No such file or directory.
>	in ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S
>
>Thread 1 (Thread 32382):
>#0  __memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160
>No locals
>#1  0x0804a521 in canonicalize_filename_mode (
>    name=0xb5fe1008 <Address 0xb5fe1008 out of bounds>, can_mode=CAN_MISSING)
>    at /usr/include/bits/string3.h:59

The problem is at this point.  The parameter 'name' of 'canonicalize_filename_mode' is a dangling pointer.

>#2  0x08049519 in main (argc=3, argv=0xbfe3d344) at readlink.c:157
>        can_mode = 2
>        fname = 0xbfe3f359 "/home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike78"
>        value = <value optimized out>
>        optc = <value optimized out>

The argument 'name' is given by directly by argv[2].  It means that the string in argv[2] is not properly allocated as it should be.  I suspect an improper call of exec here.  It can't be a flaw in readlink itself.
Comment 3 Kamil Dudka 2010-06-02 07:53:22 EDT
Do you have that SRPM anywhere?  I am not able to reproduce the crash in readlink, tried Pike-v7.6.86, but it crashed elsewhere:

*** glibc detected *** /home/xdudka00/rpmbuild/BUILD/Pike-v7.6.86/build/linux-2.6.31.12-174.2.22.fc12.x86_64-x86_64/pike: double free or corruption (out): 0x00000000012011a0 ***
*** glibc detected *** /home/xdudka00/rpmbuild/BUILD/Pike-v7.6.86/build/linux-2.6.31.12-174.2.22.fc12.x86_64-x86_64/pike: malloc(): smallbin double linked list corrupted: 0x0000000000daf790 ***
Comment 4 Ondrej Vasik 2010-08-16 09:57:55 EDT
Bugzilla is in needinfo for more than two months. It can't be analyzed further without the requested srpm, therefore closing INSUFFICIENT_DATA. Problem is likely not in readlink itself but with some improper execve() use. But feel free to reopen it if you provide some reproducer or requested srpm causing the crash. TIA.