Bug 122808 - Strace segfault following bogus sched_*affinity calls
Summary: Strace segfault following bogus sched_*affinity calls
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: strace
Version: 1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Roland McGrath
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-08 10:22 UTC by jonny robertson
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version: 4.5.4-0.FC1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-06-24 08:04:19 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description jonny robertson 2004-05-08 10:22:14 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116

Description of problem:
Strace segfaults while trying to trace calls to sched_getaffinity and
sched_setaffinity which have bogus values, rather than handling them
gracefully.



Version-Release number of selected component (if applicable):
strace-4.5.1-1

How reproducible:
Always

Steps to Reproduce:
1.
[jonny@pichu x]$ cat foo.c
#include <sched.h>
 
int main(void)
{
  int ret;
  ret = sched_getaffinity(0xf00f00f0, 0xf00f00f0, 0xf00f00f0);
  printf("%d\n", ret);
  exit(0);
}

2.
[jonny@pichu x]$ gcc -o foo foo.c

3.
[jonny@pichu x]$ ./foo
-1
[jonny@pichu x]$

4.
[jonny@pichu x]$ gdb strace
GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging
symbols found)...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
 
(gdb) r ./foo
Starting program: /usr/bin/strace ./foo
(no debugging symbols found)...(no debugging symbols
found)...execve("./foo", ["./foo"], [/* 31 vars */]) = 0
uname({sys="Linux", node="pichu.prophecy.net.nz", ...}) = 0
brk(0)                                  = 0x8073000
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=43816, ...}) = 0
old_mmap(NULL, 43816, PROT_READ, MAP_PRIVATE, 5, 0) = 0xbf5e7000
close(5)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 5
read(5,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\310l\000"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=1578228, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xbf5e6000
old_mmap(0x6b7000, 1281996, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0x6b7000
old_mmap(0x7ea000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
5, 0x132000) = 0x7ea000
old_mmap(0x7ee000, 8140, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ee000
close(5)                                = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xbf5e6740,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xbf5e7000, 43816)               = 0
sched_getaffinity(-267452176, 128,
Program received signal SIGSEGV, Segmentation fault.
0x08055c80 in ?? ()
(gdb) x/i $eip
0x8055c80:      mov    (%esi),%eax
(gdb) info reg $esi
esi            0xf00f00f0       -267452176
(gdb) info reg $eax
eax            0x2      2
(gdb)
    

Actual Results:  Strace dies.

Expected Results:  I guess it should be able to handle this sort of
condition.

Additional info:
Comment 1 Roland McGrath 2004-05-10 20:24:17 UTC 
This is already fixed upstream and you can get the FC2/rawhide package
for that now.  I will make an FC1 update rpm as well.
Note You need to log in before you can comment on or make changes to this bug.