[DragonFlyBSD - Bug #1596] installer segfaults on AMD64 while configuring nfe0 DHCP

YONETANI Tomokazu via Redmine Wed, 07 Mar 2012 06:29:59 -0800

Issue #1596 has been updated by YONETANI Tomokazu.


Hi,

I don't have any nForce NIC here, but I guess show_ifconfig() is
responsible to this crash, because it passes the string returned by
ifconfig command as the format string.

in dfuibe_installer/fn_diagnostic.c:
void
show_ifconfig(struct dfui_connection *c, char *ifname)
{
        struct aura_buffer *e;

        e = aura_buffer_new(1024);
        aura_buffer_cat_pipe(e, "/sbin/ifconfig %s", ifname);
        inform(c, aura_buffer_buf(e));
        aura_buffer_free(e);
}

Since GENERIC kernel has IPv6 enabled, the output from ifconfig command
contains an auto-configured address for nfe0, like this:

        inet6 fe80::290:ccff:feef:93a8%nfe0 prefixlen 64 scopeid 0x3
                                      ^^
The `%n', by the way, has special meaning to *printf functions:

    n       The number of characters written so far is stored into the inte-
            ger indicated by the int * (or variant) pointer argument.  No
            argument is converted.

which attempts to store the number to the memory location pointed to
by some garbage on the stack.  So the fix is simple: just add `"%s"' as
the second argument in the call to inform().

On Wed, Mar 07, 2012 at 02:12:01AM -0800, Sascha Wildner via Redmine wrote:
> 
> Issue #1596 has been updated by Sascha Wildner.
> 
> Status changed from New to In Progress
> 
> Okay, I'm really at a loss here.
> 
> Brett or Saifi, or anyone else who has this issue. I would like to put up an 
> .iso or .img with debug symbols for you, and you could try again configuring 
> nfe(4) from it, which requires no reinstallation. Then you could give us a 
> usable trace and put up the .core for review.
> 
> Tell me if it is possible for you and I'll prepare the ISO.
> 
> ----------------------------------------
> Bug #1596: installer segfaults on AMD64 while configuring nfe0 DHCP
> http://bugs.dragonflybsd.org/issues/1596
> 
> Author: Saifi Khan
> Status: In Progress
> Priority: Normal
> Assignee: Sascha Wildner
> Category: 
> Target version: 
> 
> 
> Hi:
> 
> Summary:
> The DragonFlyBSD installer seg-faults on AMD64 while configuring
> a nfe0 interface with DHCP.
> 
> Version:
> DragonFlyBSD 2.4.1 
> 
> Reproducible:
> always
> 
> Stack trace:
> Script started on Wed Nov  4 22:33:08 2009
> 
> # gdb /usr/sbin/dfuibe_installer ./dfuibe_installer.core 
> gdb 6.7.1
> This GDB was configured as "amd64-dragonfly"...
> (no debugging symbols found)
> Reading symbols from /usr/lib/libc.so.7...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libc.so.7
> Reading symbols from /usr/libexec/ld-elf.so.2...(no debugging symbols 
> found)...done.
> Loaded symbols for /usr/libexec/ld-elf.so.2
> 
> Core was generated by `dfuibe_installer'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
> (gdb) bt
> #0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
> #1  0x00000008006f4fe3 in vasprintf () from /usr/lib/libc.so.7
> #2  0x000000000040fc82 in ?? ()
> #3  0x00000000004053c7 in ?? ()
> #4  0x00000000004086b5 in ?? ()
> #5  0x00000000004051b7 in ?? ()
> #6  0x000000000040245d in ?? ()
> #7  0x000000000040e71f in ?? ()
> #8  0x0000000000402360 in ?? ()
> #9  0x0000000800554000 in ?? ()
> #10 0x0000000000000000 in ?? ()
> (gdb) q
> # exit
> exit
> 
> Script done on Wed Nov  4 22:34:02 2009
> 
> thanks
> Saifi.
> 
> 
> -- 
> You have received this notification because you have either subscribed to it, 
> or are involved in it.
> To change your notification preferences, please click here: 
> http://bugs.dragonflybsd.org/my/account
----------------------------------------
Bug #1596: installer segfaults on AMD64 while configuring nfe0 DHCP
http://bugs.dragonflybsd.org/issues/1596

Author: Saifi Khan
Status: In Progress
Priority: Normal
Assignee: Sascha Wildner
Category: 
Target version: 


Hi:

Summary:
The DragonFlyBSD installer seg-faults on AMD64 while configuring
a nfe0 interface with DHCP.

Version:
DragonFlyBSD 2.4.1 

Reproducible:
always

Stack trace:
Script started on Wed Nov  4 22:33:08 2009

# gdb /usr/sbin/dfuibe_installer ./dfuibe_installer.core 
gdb 6.7.1
This GDB was configured as "amd64-dragonfly"...
(no debugging symbols found)
Reading symbols from /usr/lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libc.so.7
Reading symbols from /usr/libexec/ld-elf.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/libexec/ld-elf.so.2

Core was generated by `dfuibe_installer'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
(gdb) bt
#0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
#1  0x00000008006f4fe3 in vasprintf () from /usr/lib/libc.so.7
#2  0x000000000040fc82 in ?? ()
#3  0x00000000004053c7 in ?? ()
#4  0x00000000004086b5 in ?? ()
#5  0x00000000004051b7 in ?? ()
#6  0x000000000040245d in ?? ()
#7  0x000000000040e71f in ?? ()
#8  0x0000000000402360 in ?? ()
#9  0x0000000800554000 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb) q
# exit
exit

Script done on Wed Nov  4 22:34:02 2009

thanks
Saifi.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://bugs.dragonflybsd.org/my/account

[DragonFlyBSD - Bug #1596] installer segfaults on AMD64 while configuring nfe0 DHCP

Reply via email to