Created attachment 403374 [details] patch to check for NULL pointer in sprinttime Description of problem: strace can segfault in sprinttime if there is a NULL dereference due to invalid time structures. A patch for this problem exists upstream at http://strace.git.sourceforge.net/git/gitweb.cgi?p=strace/strace;a=commitdiff;h=dc7715baadf94b370d7737d2581d733ebe2e95a1 Version-Release number of selected component (if applicable): strace-4.5.16-1.el4.2-x86_64 How reproducible: not sure Steps to Reproduce: 1. strace -v ? Actual results: strace seg faults Expected results: no seg faults Additional info:
Created attachment 411050 [details] reproducer program I have not been able to reproduce this by tracing a program included with RHEL, however, I was able to demonstrate the bug by intercepting localtime() with a pre-loaded library. My localtime() override simply returns NULL to simulate an error. $ LD_PRELOAD=./mylocaltime.so strace -v ./test execve("./test", <snip>) = 0 uname({sysname="Linux", <snip>}) = 0 ... fstat(3, Segmentation fault With the sprinttime patch from comment 0, strace handles the NULL gracefully: $ LD_PRELOAD=./mylocaltime.so strace -v ./test execve("./test", <snip>) = 0 uname({sysname="Linux", <snip>}) = 0 ... fstat(3, {st_dev=makedev(253, 0), st_ino=13418520, st_mode=S_IFREG|0775, st_nlink=1, st_uid=12257, st_gid=12257, st_blksize=4096, st_blocks=24, st_size=6088, st_atime=1272902720, st_mtime=1272902385, st_ctime=1272902385}) = 0 ... Attached is a tar of the mylocaltime source and the simple test program. Build and run it with make make strace
Actually, you don't even need the test.c program from my reproducer. Just use the mylocaltime.so library and call /usr/bin/stat on a file. $ LD_PRELOAD=./mylocaltime.so strace -v stat /proc