Bug 33741 - sndconfig --mungeftp segmentation fault (opl3sa2, NEC Versa 2780MT)
sndconfig --mungeftp segmentation fault (opl3sa2, NEC Versa 2780MT)
Product: Red Hat Linux
Classification: Retired
Component: sndconfig (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-03-29 00:22 EST by Jay Berkenbilt
Modified: 2014-03-16 22:20 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-29 00:46:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
strace and gdb output (24.98 KB, text/plain)
2001-03-29 00:23 EST, Jay Berkenbilt
no flags Details
correct strace and gdb output (24.08 KB, text/plain)
2001-03-29 00:26 EST, Jay Berkenbilt
no flags Details
end of ltrace output (22.27 KB, text/plain)
2001-03-29 00:37 EST, Jay Berkenbilt
no flags Details
oops, probably should check this. :) (582 bytes, patch)
2001-03-29 00:46 EST, Bill Nottingham
no flags Details | Diff

  None (edit)
Description Jay Berkenbilt 2001-03-29 00:22:44 EST
On my laptop, a NEC Versa 2780MT (ca. January, 1998 and very
Linux-friendly) with wolverine + up2date (sndconfig-0.64.5-1), sndconfig
--mungeftp has a segmentation fault and dumps core.

Right now, as I write this, I can't find rawhide on the ftp site in the
usual location, so I have no way of getting the source RPM for this.  I
don't think this happened with the original sndconfig on wolverine, and on
this machine, I jumped straight from that to all the updates as of this

Since I don't have sources right now and sndconfig is stripped, I can't
provide much useful information at this time.  I will provide two pieces of
information that could be helpful:

1. sound support actually does work in spite of this -- both dsp and midi
work fine.

2. here's an excerpt of what strace and gdb give:

# strace sndconfig --mungeftp
open("./isapnp", O_RDONLY)              = -1 ENOENT (No such file or
open("/proc/isapnp", O_RDONLY)          = 3
read(3, "Card 1 \'AKY0019:Lucent Venus Mod"..., 4096) = 1347
read(3, "", 4096)                       = 0
close(3)                                = 0
syslog(0x8, 0, 0x6)                     = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

# gdb /sbin/sndconfig core
Core was generated by `sndconfig --mungepnp'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x0804df2f in strcpy () at ../sysdeps/generic/strcpy.c:31
31	../sysdeps/generic/strcpy.c: No such file or directory.
	in ../sysdeps/generic/strcpy.c

So something's passing a null pointer to syslog().  Hopefully this won't be
too hard to track down.

I'm attaching the full strace and gdb output to this report though I doubt
it will provide more information than the summary I've given here.
Comment 1 Jay Berkenbilt 2001-03-29 00:23:15 EST
Created attachment 14067 [details]
strace and gdb output
Comment 2 Jay Berkenbilt 2001-03-29 00:25:48 EST
Oops!  I attached the strace output without saving it after cleaning up control
codes, etc.  I'm attaching a clean version.  Please ignore attachment 14067 [details].
Comment 3 Bill Nottingham 2001-03-29 00:26:03 EST
Actually, it's almost certainly dying after syslogging, I would think.

What does ltrace say?
Comment 4 Jay Berkenbilt 2001-03-29 00:26:32 EST
Created attachment 14068 [details]
correct strace and gdb output
Comment 5 Jay Berkenbilt 2001-03-29 00:36:19 EST
Wow [expression of amazement] -- I've been using strace for years and I never
knew about ltrace.  Whatever else happens today, I've just learned of a
fantastic tool.  Thanks!

Here's the end of the ltrace output:

strcmp("sb1000", "unknown")                       = -2
strcmp("smc-ultra", "unknown")                    = -2
strcmp("aha1542", "unknown")                      = -20
strcmp("g_NCR5380", "unknown")                    = -14
free(0x080dd288)                                  = <void>
free(0x080dd268)                                  = <void>
free(0x080dd298)                                  = <void>
free(0x080dd2c8)                                  = <void>
free(0x080de8e8)                                  = <void>
free(0x080dd278)                                  = <void>
free(0x080dd2a8)                                  = <void>
free(0x080dd208)                                  = <void>
free(0x080dc200)                                  = <void>
syscall(103, 8, 0, 6, 288)                        = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

I'm attaching the full ltrace output to this report.  No, I'm not.  It's over
7mb.  Anyway, you can see the syslog call is the last thing to happen and that
this seems to happen after going through a bunch of stuff in /proc.  I'm
attaching the ltrace output starting from when it attempts to open ./isapnp.

Comment 6 Jay Berkenbilt 2001-03-29 00:37:00 EST
Created attachment 14069 [details]
end of ltrace output
Comment 7 Bill Nottingham 2001-03-29 00:45:40 EST

Patch attached, will be fixed in next build. I'm 99 1/100% sure this is it.

(FYI, rawhide is now at ftp://ftp.redhat.com/pub/redhat/linux/rawhide/)

Comment 8 Bill Nottingham 2001-03-29 00:46:21 EST
Created attachment 14070 [details]
oops, probably should check this. :)
Comment 9 Jay Berkenbilt 2001-03-29 00:51:04 EST
I'll try it sometime, but not right now. Anyway, where you have:

               if (devs && devs[0]->bus == BUS_ISAPNP && 

I would have coded

	       if (devs && devs[0] && devs[0]->bus == BUS_ISAPNP &&

just to be safe.  Maybe you know devs non-zero implies devs[0] non-zero -- I
haven't looked at the code at all.

Thanks for the info on the updated rawhide path.
Comment 10 Jay Berkenbilt 2001-03-29 01:00:55 EST
I lied.  I did check it now.  Your patch (as attached, without my extra mod)
does indeed solve the problem for me.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.