Bug 799643

Summary: [abrt] cscope-15.7a-7.fc16: check_for_assignment: Process /usr/bin/cscope was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Peter Portante <pportant>
Component: cscopeAssignee: Neil Horman <nhorman>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: nhorman, pportant
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:c7e1679e9207a6b2f714ec8b47bedc13772ab00b
Fixed In Version: cscope-15.7a-9.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-02 23:30:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace none

Description Peter Portante 2012-03-03 19:15:52 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        cscope -d
comment:        Ran cscope against pycscope-0.3, modified a bit for an upcoming poster presentation at PyCon 2012.
crash_function: check_for_assignment
executable:     /usr/bin/cscope
kernel:         3.2.7-1.fc16.x86_64
pid:            16321
pwd:            /home/pportant/Documents/PyCon/2012/pycscope-0
reason:         Process /usr/bin/cscope was killed by signal 11 (SIGSEGV)
time:           Sat 03 Mar 2012 01:36:17 PM EST
uid:            17930
username:       pportant

backtrace:      Text file, 27587 bytes

dso_list:
:/lib64/libdl-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1330617672
:/lib64/libtinfo.so.5.9 ncurses-libs-5.9-2.20110716.fc16.x86_64 (Fedora Project) 1320287304
:/lib64/libc-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1330617672
:/usr/bin/cscope cscope-15.7a-7.fc16.x86_64 (Fedora Project) 1323368622
:/lib64/libncurses.so.5.9 ncurses-libs-5.9-2.20110716.fc16.x86_64 (Fedora Project) 1320287304
:/lib64/ld-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1330617672

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=frodo
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GPG_AGENT_INFO=/tmp/keyring-OB2zjH/gpg:0:1
:TERM=xterm
:SHELL=/bin/bash
:HISTSIZE=1000
:XDG_SESSION_COOKIE=4aead52ed7c7ceeea083fa4c0000001b-1330700818.625644-1881028768
:WINDOWID=69206020
:GNOME_KEYRING_CONTROL=/tmp/keyring-OB2zjH
:IMSETTINGS_MODULE=none
:USER=pportant
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:*.pdf=00;33:*.ps=00;33:*.ps.gz=00;33:*.txt=00;33:*.patch=00;33:*.diff=00;33:*.log=00;33:*.tex=00;33:*.xls=00;33:*.xlsx=00;33:*.ppt=00;33:*.pptx=00;33:*.rtf=00;33:*.doc=00;33:*.docx=00;33:*.odt=00;33:*.ods=00;33:*.odp=00;33:*.xml=00;33:*.epub=00;33:*.abw=00;33:*.html=00;33:*.wpd=00;33:
:SSH_AUTH_SOCK=/tmp/keyring-OB2zjH/ssh
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1576,unix/unix:/tmp/.ICE-unix/1576
:USERNAME=pportant
:PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/pportant/.local/bin:/home/pportant/bin
:MAIL=/var/spool/mail/pportant
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/pportant/Documents/PyCon/2012/pycscope-0
:XMODIFIERS=@im=none
:GNOME_KEYRING_PID=1570
:LANG=en_US.UTF-8
:GDMSESSION=gnome
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HISTCONTROL=ignoredups
:XDG_SEAT=seat0
:HOME=/home/pportant
:SHLVL=2
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:LOGNAME=pportant
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-CFc2HCdKPZ,guid=82a30b2ad12fcdfdaaad2f6700000058
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/pportant
:DISPLAY=:0.0
:CCACHE_HASHDIR=
:COLORTERM=gnome-terminal
:XAUTHORITY=/var/run/gdm/auth-for-pportant-3jJIhe/database
:_=/usr/bin/cscope
:OLDPWD=/home/pportant

maps:
:00400000-00450000 r-xp 00000000 fd:02 141498                             /usr/bin/cscope
:0064f000-00650000 r--p 0004f000 fd:02 141498                             /usr/bin/cscope
:00650000-00651000 rw-p 00050000 fd:02 141498                             /usr/bin/cscope
:00651000-0066e000 rw-p 00000000 00:00 0 
:0169c000-016ff000 rw-p 00000000 00:00 0                                  [heap]
:35c0400000-35c0422000 r-xp 00000000 fd:02 136312                         /lib64/ld-2.14.90.so
:35c0621000-35c0622000 r--p 00021000 fd:02 136312                         /lib64/ld-2.14.90.so
:35c0622000-35c0623000 rw-p 00022000 fd:02 136312                         /lib64/ld-2.14.90.so
:35c0623000-35c0624000 rw-p 00000000 00:00 0 
:35c0800000-35c09ad000 r-xp 00000000 fd:02 136700                         /lib64/libc-2.14.90.so
:35c09ad000-35c0bad000 ---p 001ad000 fd:02 136700                         /lib64/libc-2.14.90.so
:35c0bad000-35c0bb1000 r--p 001ad000 fd:02 136700                         /lib64/libc-2.14.90.so
:35c0bb1000-35c0bb3000 rw-p 001b1000 fd:02 136700                         /lib64/libc-2.14.90.so
:35c0bb3000-35c0bb8000 rw-p 00000000 00:00 0 
:35c1400000-35c1402000 r-xp 00000000 fd:02 142005                         /lib64/libdl-2.14.90.so
:35c1402000-35c1602000 ---p 00002000 fd:02 142005                         /lib64/libdl-2.14.90.so
:35c1602000-35c1603000 r--p 00002000 fd:02 142005                         /lib64/libdl-2.14.90.so
:35c1603000-35c1604000 rw-p 00003000 fd:02 142005                         /lib64/libdl-2.14.90.so
:35d2400000-35d2423000 r-xp 00000000 fd:02 160753                         /lib64/libtinfo.so.5.9
:35d2423000-35d2622000 ---p 00023000 fd:02 160753                         /lib64/libtinfo.so.5.9
:35d2622000-35d2626000 r--p 00022000 fd:02 160753                         /lib64/libtinfo.so.5.9
:35d2626000-35d2627000 rw-p 00026000 fd:02 160753                         /lib64/libtinfo.so.5.9
:35d6000000-35d6023000 r-xp 00000000 fd:02 175384                         /lib64/libncurses.so.5.9
:35d6023000-35d6222000 ---p 00023000 fd:02 175384                         /lib64/libncurses.so.5.9
:35d6222000-35d6223000 r--p 00022000 fd:02 175384                         /lib64/libncurses.so.5.9
:35d6223000-35d6224000 rw-p 00023000 fd:02 175384                         /lib64/libncurses.so.5.9
:7fdff8330000-7fdff8334000 rw-p 00000000 00:00 0 
:7fdff8350000-7fdff8352000 rw-p 00000000 00:00 0 
:7fff00559000-7fff0057a000 rw-p 00000000 00:00 0                          [stack]
:7fff005ff000-7fff00600000 r-xp 00000000 00:00 0                          [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

smolt_data:
:
:
:General
:=================================
:UUID: 1f04c76f-c1ca-4fb0-9d5e-33733f8d191f
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: x86_64
:BogoMIPS: 5382.49
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
:CPU Stepping: 7
:CPU Family: 6
:CPU Model Num: 42
:Number of CPUs: 4
:CPU Speed: 2701
:System Memory: 7870
:System Swap: 10015
:Vendor: LENOVO
:System: 4243B37 ThinkPad T520
:Form factor: Notebook
:Kernel: 3.2.7-1.fc16.x86_64
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(32902:7247:6058:8655) pci, None, PCI/ISA, QM67 Express Chipset Family LPC Controller
:(4480:59427:6058:8655) pci, sdhci-pci, BASE, N/A
:(32902:294:6058:8655) pci, i915, VIDEO, 2nd Generation Core Processor Family Integrated Graphics Controller
:(32902:7190:6058:8655) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 4
:(32902:7184:6058:8655) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 1
:(32902:7186:6058:8655) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 2
:(32902:7192:6058:8655) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 5
:(32902:7200:6058:8655) pci, snd_hda_intel, MULTIMEDIA, 6 Series/C200 Series Chipset Family High Definition Audio Controller
:(32902:5378:6058:8654) pci, e1000e, ETHERNET, 82579LM Gigabit Network Connection
:(32902:7213:6058:8655) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
:(32902:7202:6058:8655) pci, i801_smbus, SERIAL, 6 Series/C200 Series Chipset Family SMBus Controller
:(4480:59442:6058:8655) pci, firewire_ohci, FIREWIRE, FireWire Host Controller
:(32902:16952:32902:4369) pci, iwlwifi, NETWORK, Centrino Ultimate-N 6300 3x3 AGN
:(32902:7171:6058:8655) pci, ahci, STORAGE, 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller
:(32902:7229:6058:8655) pci, serial, 16550_SERIAL, 6 Series/C200 Series Chipset Family KT Controller
:(32902:7206:6058:8655) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
:(32902:260:6058:8655) pci, agpgart-intel, HOST/PCI, 2nd Generation Core Processor Family DRAM Controller
:(32902:7226:6058:8655) pci, None, SIMPLE, 6 Series/C200 Series Chipset Family MEI Controller #1
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/vg_frodo-lv_root / ext4 4096 4096 13092026 10815145 10684123 3276800 3008295 3008295
:/dev/sda1 /boot ext4 1024 1024 508745 409423 383823 128016 127737 127737
:/dev/mapper/vg_frodo-lv_home /home ext4 4096 4096 106175076 103829416 98514856 26574848 26552317 26552317
:

var_log_messages:
:Mar  3 13:36:17 frodo kernel: [87115.739193] cscope[16321]: segfault at 0 ip 0000000000411b32 sp 00007fff005779d0 error 4 in cscope[400000+50000]
:Mar  3 13:36:18 frodo abrt[16323]: Saved core dump of pid 16321 (/usr/bin/cscope) to /var/spool/abrt/ccpp-2012-03-03-13:36:17-16321 (823296 bytes)
Comment 1 Peter Portante 2012-03-03 19:15:57 UTC 
Created attachment 567323 [details]
File: backtrace
Comment 2 Peter Portante 2012-03-04 04:26:00 UTC 
Here is the diff that fixes it, the check_for_assignment routine is not properly looking for ending block marker, and both it and its caller need to account for possibly hitting EOF:

--- /usr/src/debug/cscope-15.7a/src/find.c	2011-06-29 12:20:22.000000000 -0400
+++ ./find.c	2012-03-03 23:23:48.049904994 -0500
@@ -109,51 +109,51 @@
 	* assignment or not Do this by examining the next character
 	* or two in blockp */
 	char *asgn_char = blockp;
-	int i = 1; /*skip any leading \n*/
+	unsigned int i = 0;
 
-	while(1) {
-		if (asgn_char[i] == blockmark) {
-			/* get the next block when we reach the end of
-			* the current block */
-			asgn_char = read_block();
-			i=0;
-		}
-		while (isspace((unsigned char) asgn_char[i])) {
-			/* skip any whitespace or \n */
-			i++;
-		}
-		/* this next character better be one of the assignment
-		* characters, ie: =, +=, -=, *=, %=, /=, &=, |=, ^=,
-		* ~= if not, then its a notmatched case */
-		if ((asgn_char[i] != '=') &&
-		   (asgn_char[i] != '+') && 
-		   (asgn_char[i] != '-') && 
-		   (asgn_char[i] != '*') && 
-		   (asgn_char[i] != '/') && 
-		   (asgn_char[i] != '%') && 
-		   (asgn_char[i] != '&') && 
-		   (asgn_char[i] != '|') && 
-		   (asgn_char[i] != '^') && 
-		   (asgn_char[i] != '~')) {
-			return NO;
-		} else {
-			/* if the first found character is = and the
-			* next found character is also =, then this
-			* is not an assignment.  likewise if the
-			* first character is not = (i.e. one of the
-			* +,-,*,etc. chars and the next character is
-			* not =, then this is not an assignment */
-			if ((((asgn_char[i] == '=')
-			     && (asgn_char[i+1] == '='))) 
-			   || ((asgn_char[i] != '=')
+	while (isspace((unsigned char) asgn_char[i])) {
+		/* skip any whitespace or \n */
+		i++;
+	}
+		if (asgn_char == NULL) return NO;
+		i=0;
+    }
+
+	/* this next character better be one of the assignment
+	* characters, ie: =, +=, -=, *=, %=, /=, &=, |=, ^=,
+	* ~= if not, then its a notmatched case */
+	if ((asgn_char[i] != '=') &&
+		(asgn_char[i] != '+') && 
+		(asgn_char[i] != '-') && 
+		(asgn_char[i] != '*') && 
+		(asgn_char[i] != '/') && 
+		(asgn_char[i] != '%') && 
+		(asgn_char[i] != '&') && 
+		(asgn_char[i] != '|') && 
+		(asgn_char[i] != '^') && 
+		(asgn_char[i] != '~')) {
+		return NO;
+	} else {
+		/* if the first found character is = and the
+		* next found character is also =, then this
+		* is not an assignment.  likewise if the
+		* first character is not = (i.e. one of the
+		* +,-,*,etc. chars and the next character is
+		* not =, then this is not an assignment */
+		if ((((asgn_char[i] == '=')
+			  && (asgn_char[i+1] == '='))) 
+			|| ((asgn_char[i] != '=')
 				&& (asgn_char[i+1] != '='))) {
-				return NO;
-			}
-			/* if we pass all these filters then this is
-			* an assignment */
-			return YES;
-		} /* else(operator char?) */
-	} /* while(endless) */
+			return NO;
+		}
+		/* if we pass all these filters then this is
+		* an assignment */
+		return YES;
+	} /* else(operator char?) */
 }
 
 
 /* The actual routine that does the work for findsymbol() and
@@ -341,11 +341,11 @@
 				else {
 					putref(0, file, global);
 				}
-				if (blockp == NULL) {
-					return NULL;
-				}
 			}
 		notmatched:
+			if (blockp == NULL) {
+				return NULL;
+			}
 			cp = blockp;
 		}
 	}
Comment 3 Peter Portante 2012-03-04 18:31:11 UTC 
For what it is worth, I have forked cscope-15.7a from the original source forge, applied those fixes, and added my changes for pycscope at: https://github.com/portante/cscope.
Comment 4 Neil Horman 2012-03-05 19:11:20 UTC 
thanks for the patch, its in fedora git now, I'll have an update shorly.  I've been meaning to get the assignment search pushed into upstream forever.  Thanks for the reminder!
Comment 5 Fedora Update System 2012-03-05 19:33:21 UTC 
cscope-15.7a-8.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/cscope-15.7a-8.fc16
Comment 6 Fedora Update System 2012-03-06 19:31:05 UTC 
Package cscope-15.7a-8.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing cscope-15.7a-8.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-3040/cscope-15.7a-8.fc16
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2012-03-12 18:24:21 UTC 
cscope-15.7a-9.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/cscope-15.7a-9.fc16
Comment 8 Fedora Update System 2012-04-02 23:30:14 UTC 
cscope-15.7a-9.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.