From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050327 Firefox/1.0.2 (Debian package 1.0.2-1.0.libranet.1) Description of problem: Kudzu segfaults on some machines that have a firewire controller, due to an incorrectly checked file descriptor. The code allows bufFromFd to be called with a file descriptor < 0, causing a segfault due to a memset called in bufFromFd. Version-Release number of selected component (if applicable): CVS How reproducible: Always Steps to Reproduce: 1. kudzu -p Actual Results: The relevant information from a backtrace: --- Program received signal SIGSEGV, Segmentation fault. 0xb7f0878b in memset () from /lib/tls/libc.so.6 #0 0xb7f0878b in memset () from /lib/tls/libc.so.6 No symbol table info available. #1 0x08051328 in bufFromFd (fd=-1) at kudzu.c:587 sbuf = {st_dev = 13257478449905010208, __pad1 = 1568, st_ino = 3086747168, st_mode = 135081096, st_nlink = 2, st_uid = 16, st_gid = 3086747168, st_rdev = 13257478140667362400, __pad2 = 1, st_size = -1073744648, st_blksize = -1209005885, st_blocks = -1208220128, st_atim = {tv_sec = 5, tv_nsec = -1208222624}, st_mtim = {tv_sec = -1208222624, tv_nsec = 135081048}, st_ctim = {tv_sec = -1073743608, tv_nsec = -1073744616}, __unused4 = 3085813524, __unused5 = 3221222720} buf = 0x0 bytes = 0 tmpbuf = "8����#���\221\004\by:<\a�\214\004\b���P\221��\003\000\000\000\210��\000\000\000\000\001\000\000\000���\000\000\000\000���`��\000\000\000\000y:<\ap���\000\220��\000\020\002\000�2\000\000�\037\r\b�\"\r\b\000\020\002\000\000\000\000\000`\026\v\b�\"\r\b", '\0' <repeats 16 times>, "\004\000\000\0008a\021\b\234a\021\b\233a\021\b\234a\021\b\001\000\000\000\000\000\000\000\000@\000\000\026Z��\234\221��\210��\001\000\000\000\000\000\000\000\001\000\000\000p����\b�\b@\000\000 \006�4\231\006\bl\000\000\000�\221"... #2 0x08063f0d in firewireProbe (probeClass=CLASS_UNSPEC, probeFlags=1, devlist=0x80d2be0) at firewire.c:102 path = "/sys/bus/ieee1394/devices/000048000003d0fc-0/model_name_kv\000\000 \006�`�� \006�\001\000\000\000�����\b� \006�\b\000\000\000`��\b\000\000\000�\212\006\b����\026m��+\r\b\000\000\000\000\b\000\000\000T\201\006\b\022\000\000\000�n\000\000�n\000\000\000\000\000\000\000\000\001", '\0' <repeats 13 times>, "\001", '\0' <repeats 31 times>, "�\000\000\000H&\r\be/\177\017�+\r\bH1440\000�?\000\000\000\000�%\r\b"... specifier_id = 0x8116d58 "0x00609e" version = 0x8117d60 "0x010483" dir = (DIR *) 0x8115d38 entry = (struct dirent *) 0x8115d94 fd = -1 fwdev = (struct firewireDevice *) 0x80d2c58 loaded_driver = 0 --- Expected Results: No segfault. Additional info: Patch: Index: firewire.c =================================================================== RCS file: /usr/local/CVS/kudzu/firewire.c,v retrieving revision 1.9 diff -b -u -r1.9 firewire.c --- firewire.c 26 Aug 2004 08:04:15 -0000 1.9 +++ firewire.c 6 Apr 2005 13:31:21 -0000 @@ -98,7 +98,7 @@ fwdev->next = devlist; snprintf(path,255,"/sys/bus/ieee1394/devices/%s/model_name_kv",entry->d_name); fd = open(path, O_RDONLY); - if (fd) { + if (fd >= 0) { fwdev->desc = bufFromFd(fd); fwdev->desc[strlen(fwdev->desc) - 1] = '\0'; } else
Added in CVS, will be in the next build. Thanks!