Bug 122808 - Strace segfault following bogus sched_*affinity calls
Strace segfault following bogus sched_*affinity calls
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: strace (Show other bugs)
1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-08 06:22 EDT by jonny robertson
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: 4.5.4-0.FC1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-06-24 04:04:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description jonny robertson 2004-05-08 06:22:14 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116

Description of problem:
Strace segfaults while trying to trace calls to sched_getaffinity and
sched_setaffinity which have bogus values, rather than handling them
gracefully.



Version-Release number of selected component (if applicable):
strace-4.5.1-1

How reproducible:
Always

Steps to Reproduce:
1.
[jonny@pichu x]$ cat foo.c
#include <sched.h>
 
int main(void)
{
  int ret;
  ret = sched_getaffinity(0xf00f00f0, 0xf00f00f0, 0xf00f00f0);
  printf("%d\n", ret);
  exit(0);
}

2.
[jonny@pichu x]$ gcc -o foo foo.c

3.
[jonny@pichu x]$ ./foo
-1
[jonny@pichu x]$

4.
[jonny@pichu x]$ gdb strace
GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging
symbols found)...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
 
(gdb) r ./foo
Starting program: /usr/bin/strace ./foo
(no debugging symbols found)...(no debugging symbols
found)...execve("./foo", ["./foo"], [/* 31 vars */]) = 0
uname({sys="Linux", node="pichu.prophecy.net.nz", ...}) = 0
brk(0)                                  = 0x8073000
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=43816, ...}) = 0
old_mmap(NULL, 43816, PROT_READ, MAP_PRIVATE, 5, 0) = 0xbf5e7000
close(5)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 5
read(5,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\310l\000"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=1578228, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xbf5e6000
old_mmap(0x6b7000, 1281996, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0x6b7000
old_mmap(0x7ea000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
5, 0x132000) = 0x7ea000
old_mmap(0x7ee000, 8140, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ee000
close(5)                                = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xbf5e6740,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xbf5e7000, 43816)               = 0
sched_getaffinity(-267452176, 128,
Program received signal SIGSEGV, Segmentation fault.
0x08055c80 in ?? ()
(gdb) x/i $eip
0x8055c80:      mov    (%esi),%eax
(gdb) info reg $esi
esi            0xf00f00f0       -267452176
(gdb) info reg $eax
eax            0x2      2
(gdb)
    

Actual Results:  Strace dies.

Expected Results:  I guess it should be able to handle this sort of
condition.

Additional info:
Comment 1 Roland McGrath 2004-05-10 16:24:17 EDT
This is already fixed upstream and you can get the FC2/rawhide package
for that now.  I will make an FC1 update rpm as well. 

Note You need to log in before you can comment on or make changes to this bug.