Bug 595996 - [abrt] crash in coreutils-8.4-6.fc13: __memmove_ssse3: Process /bin/readlink was killed by signal 11 (SIGSEGV)
Summary: [abrt] crash in coreutils-8.4-6.fc13: __memmove_ssse3: Process /bin/readlink ...
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: coreutils   
(Show other bugs)
Version: 13
Hardware: i686
OS: Linux
low
medium
Target Milestone: ---
Assignee: Ondrej Vasik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:0582aba68cf5f0234060bdaa80f...
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-26 05:32 UTC by Liam Dunn
Modified: 2010-08-16 13:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-16 13:57:55 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (53.31 KB, text/plain)
2010-05-26 05:32 UTC, Liam Dunn
no flags Details

Description Liam Dunn 2010-05-26 05:32:23 UTC
abrt 1.1.0 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: readlink -m /home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike78
component: coreutils
crash_function: __memmove_ssse3
executable: /bin/readlink
global_uuid: 0582aba68cf5f0234060bdaa80fee4ce55520b5a
kernel: 2.6.33.4-95.fc13.i686
package: coreutils-8.4-6.fc13
rating: 4
reason: Process /bin/readlink was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

comment
-----
1.Download latest version o f Pike
2.Compile it. 

How to reproduce
-----
1.Download latest version o f Pike
2.Compile it.

Comment 1 Liam Dunn 2010-05-26 05:32:25 UTC
Created attachment 416659 [details]
File: backtrace

Comment 2 Kamil Dudka 2010-06-02 11:51:15 UTC
Comment on attachment 416659 [details]
File: backtrace

>[New Thread 32382]
>Core was generated by `readlink -m /home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike7'.
>Program terminated with signal 11, Segmentation fault.
>#0  __memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160
>160	../sysdeps/i386/i686/multiarch/memcpy-ssse3.S: No such file or directory.
>	in ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S
>
>Thread 1 (Thread 32382):
>#0  __memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160
>No locals
>#1  0x0804a521 in canonicalize_filename_mode (
>    name=0xb5fe1008 <Address 0xb5fe1008 out of bounds>, can_mode=CAN_MISSING)
>    at /usr/include/bits/string3.h:59

The problem is at this point.  The parameter 'name' of 'canonicalize_filename_mode' is a dangling pointer.

>#2  0x08049519 in main (argc=3, argv=0xbfe3d344) at readlink.c:157
>        can_mode = 2
>        fname = 0xbfe3f359 "/home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike78"
>        value = <value optimized out>
>        optc = <value optimized out>

The argument 'name' is given by directly by argv[2].  It means that the string in argv[2] is not properly allocated as it should be.  I suspect an improper call of exec here.  It can't be a flaw in readlink itself.

Comment 3 Kamil Dudka 2010-06-02 11:53:22 UTC
Do you have that SRPM anywhere?  I am not able to reproduce the crash in readlink, tried Pike-v7.6.86, but it crashed elsewhere:

*** glibc detected *** /home/xdudka00/rpmbuild/BUILD/Pike-v7.6.86/build/linux-2.6.31.12-174.2.22.fc12.x86_64-x86_64/pike: double free or corruption (out): 0x00000000012011a0 ***
*** glibc detected *** /home/xdudka00/rpmbuild/BUILD/Pike-v7.6.86/build/linux-2.6.31.12-174.2.22.fc12.x86_64-x86_64/pike: malloc(): smallbin double linked list corrupted: 0x0000000000daf790 ***

Comment 4 Ondrej Vasik 2010-08-16 13:57:55 UTC
Bugzilla is in needinfo for more than two months. It can't be analyzed further without the requested srpm, therefore closing INSUFFICIENT_DATA. Problem is likely not in readlink itself but with some improper execve() use. But feel free to reopen it if you provide some reproducer or requested srpm causing the crash. TIA.


Note You need to log in before you can comment on or make changes to this bug.