Bug 595996 - [abrt] crash in coreutils-8.4-6.fc13: __memmove_ssse3: Process /bin/readlink was killed by signal 11 (SIGSEGV)
[abrt] crash in coreutils-8.4-6.fc13: __memmove_ssse3: Process /bin/readlink ...
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Ondrej Vasik
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2010-05-26 01:32 EDT by Liam Dunn
Modified: 2010-08-16 09:57 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-08-16 09:57:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
File: backtrace (53.31 KB, text/plain)
2010-05-26 01:32 EDT, Liam Dunn
no flags Details

  None (edit)
Description Liam Dunn 2010-05-26 01:32:23 EDT
abrt 1.1.0 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: readlink -m /home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike78
component: coreutils
crash_function: __memmove_ssse3
executable: /bin/readlink
global_uuid: 0582aba68cf5f0234060bdaa80fee4ce55520b5a
package: coreutils-8.4-6.fc13
rating: 4
reason: Process /bin/readlink was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

1.Download latest version o f Pike
2.Compile it. 

How to reproduce
1.Download latest version o f Pike
2.Compile it.
Comment 1 Liam Dunn 2010-05-26 01:32:25 EDT
Created attachment 416659 [details]
File: backtrace
Comment 2 Kamil Dudka 2010-06-02 07:51:15 EDT
Comment on attachment 416659 [details]
File: backtrace

>[New Thread 32382]
>Core was generated by `readlink -m /home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike7'.
>Program terminated with signal 11, Segmentation fault.
>#0  __memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160
>160	../sysdeps/i386/i686/multiarch/memcpy-ssse3.S: No such file or directory.
>	in ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S
>Thread 1 (Thread 32382):
>#0  __memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160
>No locals
>#1  0x0804a521 in canonicalize_filename_mode (
>    name=0xb5fe1008 <Address 0xb5fe1008 out of bounds>, can_mode=CAN_MISSING)
>    at /usr/include/bits/string3.h:59

The problem is at this point.  The parameter 'name' of 'canonicalize_filename_mode' is a dangling pointer.

>#2  0x08049519 in main (argc=3, argv=0xbfe3d344) at readlink.c:157
>        can_mode = 2
>        fname = 0xbfe3f359 "/home/baddog/rpmbuild/BUILDROOT/Pike-v7.8.352-1.fc13.i386/usr/pike78"
>        value = <value optimized out>
>        optc = <value optimized out>

The argument 'name' is given by directly by argv[2].  It means that the string in argv[2] is not properly allocated as it should be.  I suspect an improper call of exec here.  It can't be a flaw in readlink itself.
Comment 3 Kamil Dudka 2010-06-02 07:53:22 EDT
Do you have that SRPM anywhere?  I am not able to reproduce the crash in readlink, tried Pike-v7.6.86, but it crashed elsewhere:

*** glibc detected *** /home/xdudka00/rpmbuild/BUILD/Pike-v7.6.86/build/linux- double free or corruption (out): 0x00000000012011a0 ***
*** glibc detected *** /home/xdudka00/rpmbuild/BUILD/Pike-v7.6.86/build/linux- malloc(): smallbin double linked list corrupted: 0x0000000000daf790 ***
Comment 4 Ondrej Vasik 2010-08-16 09:57:55 EDT
Bugzilla is in needinfo for more than two months. It can't be analyzed further without the requested srpm, therefore closing INSUFFICIENT_DATA. Problem is likely not in readlink itself but with some improper execve() use. But feel free to reopen it if you provide some reproducer or requested srpm causing the crash. TIA.

Note You need to log in before you can comment on or make changes to this bug.