Bug 33741 - sndconfig --mungeftp segmentation fault (opl3sa2, NEC Versa 2780MT)
Summary: sndconfig --mungeftp segmentation fault (opl3sa2, NEC Versa 2780MT)
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sndconfig
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-03-29 05:22 UTC by Jay Berkenbilt
Modified: 2014-03-17 02:20 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2001-03-29 05:46:25 UTC

Attachments (Terms of Use)
strace and gdb output (24.98 KB, text/plain)
2001-03-29 05:23 UTC, Jay Berkenbilt
no flags Details
correct strace and gdb output (24.08 KB, text/plain)
2001-03-29 05:26 UTC, Jay Berkenbilt
no flags Details
end of ltrace output (22.27 KB, text/plain)
2001-03-29 05:37 UTC, Jay Berkenbilt
no flags Details
oops, probably should check this. :) (582 bytes, patch)
2001-03-29 05:46 UTC, Bill Nottingham
no flags Details | Diff

Description Jay Berkenbilt 2001-03-29 05:22:44 UTC
On my laptop, a NEC Versa 2780MT (ca. January, 1998 and very
Linux-friendly) with wolverine + up2date (sndconfig-0.64.5-1), sndconfig
--mungeftp has a segmentation fault and dumps core.

Right now, as I write this, I can't find rawhide on the ftp site in the
usual location, so I have no way of getting the source RPM for this.  I
don't think this happened with the original sndconfig on wolverine, and on
this machine, I jumped straight from that to all the updates as of this

Since I don't have sources right now and sndconfig is stripped, I can't
provide much useful information at this time.  I will provide two pieces of
information that could be helpful:

1. sound support actually does work in spite of this -- both dsp and midi
work fine.

2. here's an excerpt of what strace and gdb give:

# strace sndconfig --mungeftp
open("./isapnp", O_RDONLY)              = -1 ENOENT (No such file or
open("/proc/isapnp", O_RDONLY)          = 3
read(3, "Card 1 \'AKY0019:Lucent Venus Mod"..., 4096) = 1347
read(3, "", 4096)                       = 0
close(3)                                = 0
syslog(0x8, 0, 0x6)                     = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

# gdb /sbin/sndconfig core
Core was generated by `sndconfig --mungepnp'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x0804df2f in strcpy () at ../sysdeps/generic/strcpy.c:31
31	../sysdeps/generic/strcpy.c: No such file or directory.
	in ../sysdeps/generic/strcpy.c

So something's passing a null pointer to syslog().  Hopefully this won't be
too hard to track down.

I'm attaching the full strace and gdb output to this report though I doubt
it will provide more information than the summary I've given here.

Comment 1 Jay Berkenbilt 2001-03-29 05:23:15 UTC
Created attachment 14067 [details]
strace and gdb output

Comment 2 Jay Berkenbilt 2001-03-29 05:25:48 UTC
Oops!  I attached the strace output without saving it after cleaning up control
codes, etc.  I'm attaching a clean version.  Please ignore attachment 14067 [details].

Comment 3 Bill Nottingham 2001-03-29 05:26:03 UTC
Actually, it's almost certainly dying after syslogging, I would think.

What does ltrace say?

Comment 4 Jay Berkenbilt 2001-03-29 05:26:32 UTC
Created attachment 14068 [details]
correct strace and gdb output

Comment 5 Jay Berkenbilt 2001-03-29 05:36:19 UTC
Wow [expression of amazement] -- I've been using strace for years and I never
knew about ltrace.  Whatever else happens today, I've just learned of a
fantastic tool.  Thanks!

Here's the end of the ltrace output:

strcmp("sb1000", "unknown")                       = -2
strcmp("smc-ultra", "unknown")                    = -2
strcmp("aha1542", "unknown")                      = -20
strcmp("g_NCR5380", "unknown")                    = -14
free(0x080dd288)                                  = <void>
free(0x080dd268)                                  = <void>
free(0x080dd298)                                  = <void>
free(0x080dd2c8)                                  = <void>
free(0x080de8e8)                                  = <void>
free(0x080dd278)                                  = <void>
free(0x080dd2a8)                                  = <void>
free(0x080dd208)                                  = <void>
free(0x080dc200)                                  = <void>
syscall(103, 8, 0, 6, 288)                        = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

I'm attaching the full ltrace output to this report.  No, I'm not.  It's over
7mb.  Anyway, you can see the syslog call is the last thing to happen and that
this seems to happen after going through a bunch of stuff in /proc.  I'm
attaching the ltrace output starting from when it attempts to open ./isapnp.

Comment 6 Jay Berkenbilt 2001-03-29 05:37:00 UTC
Created attachment 14069 [details]
end of ltrace output

Comment 7 Bill Nottingham 2001-03-29 05:45:40 UTC

Patch attached, will be fixed in next build. I'm 99 1/100% sure this is it.

(FYI, rawhide is now at ftp://ftp.redhat.com/pub/redhat/linux/rawhide/)

Comment 8 Bill Nottingham 2001-03-29 05:46:21 UTC
Created attachment 14070 [details]
oops, probably should check this. :)

Comment 9 Jay Berkenbilt 2001-03-29 05:51:04 UTC
I'll try it sometime, but not right now. Anyway, where you have:

               if (devs && devs[0]->bus == BUS_ISAPNP && 

I would have coded

	       if (devs && devs[0] && devs[0]->bus == BUS_ISAPNP &&

just to be safe.  Maybe you know devs non-zero implies devs[0] non-zero -- I
haven't looked at the code at all.

Thanks for the info on the updated rawhide path.

Comment 10 Jay Berkenbilt 2001-03-29 06:00:55 UTC
I lied.  I did check it now.  Your patch (as attached, without my extra mod)
does indeed solve the problem for me.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.