Bug#858316: confirm the bug on 32 bit machine

Bernhard Übelacker Wed, 19 Apr 2017 09:27:50 -0700

Hello,
tried to have a look at it.


Program received signal SIGSEGV, Segmentation fault.
0x80015110 in mount ()
(gdb) bt
#0  0x80015110 in mount ()
#1  0xb7f8ff03 in fuse_mount_sys (mnt_opts=0x800163a8 "rw,nosuid,nodev", 
mo=0xbffff398, 
    mnt=0x80016288 "/home/benutzer/rdiff-backup-fs-test/mnt") at mount.c:499
#2  fuse_kern_mount (mountpoint=0x80016288 
"/home/benutzer/rdiff-backup-fs-test/mnt", args=0xbffff550) at mount.c:607
#3  0xb7f8b89c in fuse_mount_compat25 (mountpoint=0x80016288 
"/home/benutzer/rdiff-backup-fs-test/mnt", args=0xbffff550) at helper.c:488
#4  0xb7f8b908 in fuse_mount_common (mountpoint=0x80016288 
"/home/benutzer/rdiff-backup-fs-test/mnt", args=args@entry=0xbffff550)
    at helper.c:248
#5  0xb7f8b9de in fuse_setup_common (argc=2, argv=0xbffff5f4, op=0x80015200 
<operations>, op_size=180, mountpoint=0xbffff5b4, 
    multithreaded=0xbffff5b8, fd=0x0, user_data=0x0, compat=0) at helper.c:298
#6  0xb7f8bb5d in fuse_main_common (argc=<optimized out>, argv=<optimized out>, 
op=<optimized out>, op_size=180, user_data=0x0, compat=0)
    at helper.c:363
#7  0x8000112f in run (argc=3, argv=0xbffff6d4) at rdiff-backup-fs.c:37
#8  0x80000f3b in main (argc=3, argv=0xbffff6d4) at rdiff-backup-fs.c:43
(gdb) print mount
$1 = 0x80016020 "/home/benutzer/rdiff-backup-fs-test/mnt"


It looks like the dynamic linker uses for symbol "mount"
the variable defined in rdiff-backup-fs.c instead of
the function in libc.so.6.

rdiff-backup-fs.c:
  char *mount = NULL;

Later fuse_mount_sys tries to call mount and executes the
interpretes the address saved in the variable as instructions.

Attached are two patches:
- Build with debug info to make dbgsym package useful.
    (Could that be made kind of a lintian check or similar?)
- Rename variable mount to mount_dir.

With these patches applied the crash does not happen anymore
and the mounted directory is browsable.

Kind regards,
Bernhard

From e075d46fe35845f175e15f36af564b632d03dafa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Wed, 19 Apr 2017 17:26:46 +0200
Subject: Build with debug information to make dbgsym package useful.

---
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9afba35..7f7482a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -46,11 +46,11 @@ AC_TYPE_SIZE_T
 dnl checking type of system to provide proper compile and linking flags
 
 case ${host} in
-    *-*-linux-*|*-*-k*bsd*-*)	AC_SUBST(CFLAGS, ["-Wall -O3 `pkg-config --cflags fuse`"])
+    *-*-linux-*|*-*-k*bsd*-*)	AC_SUBST(CFLAGS, ["-Wall -g -O3 `pkg-config --cflags fuse`"])
 			AC_SUBST(LIBS, ["$LIBS `pkg-config --cflags --libs fuse` -lz"]);;
-    *-*-bsd-*)		AC_SUBST(CFLAGS, ["-Wall -O3 `pkg-config --cflags fuse`"])
+    *-*-bsd-*)		AC_SUBST(CFLAGS, ["-Wall -g -O3 `pkg-config --cflags fuse`"])
 			AC_SUBST(LIBS, ["$LIBS `pkg-config --cflags --libs fuse` -lz"]);;
-    *-*-darwin*)	AC_SUBST(CFLAGS, ["-Wall -O3 `pkg-config --cflags fuse`"])
+    *-*-darwin*)	AC_SUBST(CFLAGS, ["-Wall -g -O3 `pkg-config --cflags fuse`"])
 			AC_SUBST(LIBS, ["$LIBS `pkg-config --cflags --libs fuse` -lz"]);;
     *)			AC_MSG_WARN(No automatic flags for this host system; set compile/linking flags manually);;
 esac
-- 
2.11.0

From 9a60b26d8a1e7e7240569561c96006817279b78f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Wed, 19 Apr 2017 18:05:06 +0200
Subject: Rename variable mount to mount_dir to avoid calling it as function.

Looks like the dynamic linker uses here the variable "mount" from
rdiff-backup-fs.c that gets later called by fuse library.

Program received signal SIGSEGV, Segmentation fault.
0x80015110 in mount ()
(gdb) bt
#0  0x80015110 in mount ()
#1  0xb7f8ff03 in fuse_mount_sys (mnt_opts=0x800163a8 "rw,nosuid,nodev", mo=0xbffff398, 
    mnt=0x80016288 "/home/benutzer/rdiff-backup-fs-test/mnt") at mount.c:499
#2  fuse_kern_mount (mountpoint=0x80016288 "/home/benutzer/rdiff-backup-fs-test/mnt", args=0xbffff550) at mount.c:607
#3  0xb7f8b89c in fuse_mount_compat25 (mountpoint=0x80016288 "/home/benutzer/rdiff-backup-fs-test/mnt", args=0xbffff550) at helper.c:488
#4  0xb7f8b908 in fuse_mount_common (mountpoint=0x80016288 "/home/benutzer/rdiff-backup-fs-test/mnt", args=args@entry=0xbffff550)
    at helper.c:248
#5  0xb7f8b9de in fuse_setup_common (argc=2, argv=0xbffff5f4, op=0x80015200 <operations>, op_size=180, mountpoint=0xbffff5b4, 
    multithreaded=0xbffff5b8, fd=0x0, user_data=0x0, compat=0) at helper.c:298
#6  0xb7f8bb5d in fuse_main_common (argc=<optimized out>, argv=<optimized out>, op=<optimized out>, op_size=180, user_data=0x0, compat=0)
    at helper.c:363
#7  0x8000112f in run (argc=3, argv=0xbffff6d4) at rdiff-backup-fs.c:37
#8  0x80000f3b in main (argc=3, argv=0xbffff6d4) at rdiff-backup-fs.c:43
(gdb) print mount
$1 = 0x80016020 "/home/benutzer/rdiff-backup-fs-test/mnt"

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858316
---
 externs.h         | 2 +-
 initialize.c      | 2 +-
 parse.c           | 8 ++++----
 rdiff-backup-fs.c | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/externs.h b/externs.h
index 029dd5c..3cbe455 100644
--- a/externs.h
+++ b/externs.h
@@ -5,7 +5,7 @@
 
 #include <fuse.h>
 
-extern char *mount;
+extern char *mount_dir;
 // directory where data directory should be created
 extern char *tmp_dir;
 // directory where file system's data will be kept
diff --git a/initialize.c b/initialize.c
index 0cc1b65..be32014 100644
--- a/initialize.c
+++ b/initialize.c
@@ -5,7 +5,7 @@
 
 void check_mount(){
     
-    if (gpthpro(&mount) != 0)
+    if (gpthpro(&mount_dir) != 0)
     	fail(ERR_NO_MOUNT);
             
 };
diff --git a/parse.c b/parse.c
index f919f7a..0fccc58 100644
--- a/parse.c
+++ b/parse.c
@@ -138,9 +138,9 @@ void parse_repo(struct file_system_info *fsinfo, int argc, char** argv, int *ind
 
 void parse_mount(char *arg){
 
-    if (mount != NULL)
+    if (mount_dir != NULL)
 		fail(ERR_PARAMETRES);
-    if (gstrcpy(&mount, arg) != 0)
+    if (gstrcpy(&mount_dir, arg) != 0)
     	fail(-1);
 
 };
@@ -160,12 +160,12 @@ int parse(struct file_system_info *fsinfo, int argc, char **argv){
     for (i = 1; i < argc; i++){
 		if (isOption(argv[i]) == 1)
 	    	parse_option(fsinfo, argc, argv, &i);
-		else if (mount == NULL)
+		else if (mount_dir == NULL)
 	    	parse_mount(argv[i]);
 		else
 	    	parse_repo(fsinfo, argc, argv, &i);
 	};
-    if (mount == NULL)
+    if (mount_dir == NULL)
 		fail(ERR_NO_MOUNT);
     if (fsinfo->repo_count == 0)
 		fail(ERR_NO_REPO);
diff --git a/rdiff-backup-fs.c b/rdiff-backup-fs.c
index c97abbb..a15014b 100644
--- a/rdiff-backup-fs.c
+++ b/rdiff-backup-fs.c
@@ -7,7 +7,7 @@
 
 #include <fuse.h>
 
-char *mount = NULL;
+char *mount_dir = NULL;
 char *tmp_dir = NULL;
 char *data_dir = NULL;
 
@@ -28,7 +28,7 @@ int run(int argc, char **argv){
     initialize(file_system_info);
     
     args[0] = argv[0];
-    args[1] = mount;
+    args[1] = mount_dir;
     args[2] = "-d";
     
     if (debug)
-- 
2.11.0

Bug#858316: confirm the bug on 32 bit machine

Reply via email to