Infinite loop in __argp_get_display_len

Mike Gilbert Sun, 26 Feb 2012 11:12:34 -0800

Running grub-mkimage --help triggers an infinite loop in
__argp_get_display_len. Backtrace attached.


The following change seems to resolve it; I wonder if it should be
applied to the other functions in argp-fmtstream.c?

=== modified file 'grub-core/gnulib/argp-fmtstream.c'
--- grub-core/gnulib/argp-fmtstream.c   2012-02-26 18:07:59 +0000
+++ grub-core/gnulib/argp-fmtstream.c   2012-02-26 19:04:10 +0000
@@ -133,7 +133,7 @@
       size_t s;

       s = mbrtowc (&wc, ptr, end - ptr, &ps);
-      if (s == (size_t) -1)
+      if (s == 0 || s == (size_t) -1 || s == (size_t) -2)
        break;
       r += wcwidth (wc);
       ptr += s;

Starting program: /home/floppym/src/grub/build1/grub-mkimage --help
[Thread debugging using libthread_db enabled]

Program received signal SIGINT, Interrupt.
0x000000000041e4d9 in __argp_get_display_len (beg=0x62c4b0 "", end=0x62c518 "1")
    at ../../../branch1/grub-core/gnulib/argp-fmtstream.c:130
130       for (ptr = beg; ptr < end; )
#0  0x000000000041e4d9 in __argp_get_display_len (beg=0x62c4b0 "", end=0x62c518 
"1")
    at ../../../branch1/grub-core/gnulib/argp-fmtstream.c:130
        ptr = 0x62c4b0 ""
        r = 0
        ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
#1  0x000000000041eac4 in _argp_fmtstream_update (fs=0x62c400)
    at ../../../branch1/grub-core/gnulib/argp-fmtstream.c:335
        p = 0x62c486 "R [default=/usr/local/lib/grub/<platform>]"
        nextline = 0x62c488 "[default=/usr/local/lib/grub/<platform>]"
        i = 0
        r = 78
        buf = 0x62c45f "        use images and modules under DIR 
[default=/usr/local/lib/grub/<platform>]"
        nl = 0x62c487 " [default=/usr/local/lib/grub/<platform>]"
        len = 81
#2  0x000000000041f2b5 in argp_fmtstream_set_lmargin (__fs=0x62c400, 
__lmargin=0)
    at ../../../branch1/grub-core/gnulib/argp-fmtstream.h:299
        __old = 140737339663948
#3  0x000000000041ae1b in hol_entry_help (entry=0x62cc20, state=0x7fffffffd820, 
stream=0x62c400, 
    hhstate=0x7fffffffd470) at 
../../../branch1/grub-core/gnulib/argp-help.c:1219
        tstr = 0x421ec8 "use images and modules under DIR 
[default=%s/<platform>]"
        fstr = 0x62c9d0 ""
        num = 0
        real = 0x628d40
        opt = 0x628d70
        so = 0x62c781 "pmcnoOCv?V"
        have_long_opt = 1
        old_lm = 0
        old_wm = 0
        pest = {entry = 0x62cc20, stream = 0x62c400, hhstate = 0x7fffffffd470, 
first = 0, 
          state = 0x7fffffffd820}
#4  0x000000000041aecb in hol_help (hol=0x62c520, state=0x7fffffffd820, 
stream=0x62c400)
    at ../../../branch1/grub-core/gnulib/argp-help.c:1240
        num = 12
        entry = 0x62cc20
        hhstate = {prev_entry = 0x62cbe8, sep_groups = 0, suppressed_dup_arg = 
1}
#5  0x000000000041be95 in _help (argp=0x7fffffffd690, state=0x7fffffffd820, 
stream=0x7ffff753d7c0, 
    flags=634, name=0x7fffffffde31 "grub-mkimage")
    at ../../../branch1/grub-core/gnulib/argp-help.c:1694
        anything = 1
        hol = 0x62c520
        fs = 0x62c400
#6  0x000000000041c060 in argp_state_help (state=0x7fffffffd820, 
stream=0x7ffff753d7c0, flags=634)
    at ../../../branch1/grub-core/gnulib/argp-help.c:1765
No locals.
#7  0x000000000041c524 in argp_default_parser (key=63, arg=0x0, 
state=0x7fffffffd820)
    at ../../../branch1/grub-core/gnulib/argp-parse.c:95
No locals.
#8  0x000000000041c7c0 in group_parse (group=0x62c0f8, state=0x7fffffffd820, 
key=63, arg=0x0)
    at ../../../branch1/grub-core/gnulib/argp-parse.c:232
        err = 0
#9  0x000000000041d7e9 in parser_parse_opt (parser=0x7fffffffd7b0, 
opt=33554495, val=0x0)
    at ../../../branch1/grub-core/gnulib/argp-parse.c:743
        group_key = 2
        err = 7
#10 0x000000000041db3c in parser_parse_next (parser=0x7fffffffd7b0, 
arg_ebadkey=0x7fffffffd7ac)
    at ../../../branch1/grub-core/gnulib/argp-parse.c:855
        opt = 33554495
        err = 0
#11 0x000000000041de6c in argp_parse (argp=0x7fffffffd690, argc=2, 
argv=0x7fffffffda68, flags=0, 
    end_index=0x0, input=0x7fffffffd8e0) at 
../../../branch1/grub-core/gnulib/argp-parse.c:923
        err = 0
        parser = {argp = 0x7fffffffd690, short_opts = 0x62c3c8 
"d:p:m:c:no:O:C:v?V", 
          long_opts = 0x62c1e8, opt_data = {rpl_optind = 2, rpl_opterr = 1, 
rpl_optopt = -1, 
            rpl_optarg = 0x0, __initialized = 1, __nextchar = 0x7fffffffde44 
"", 
            __ordering = PERMUTE, __posixly_correct = 0, __first_nonopt = 1, 
__last_nonopt = 1}, 
          groups = 0x62c0b0, egroup = 0x62c188, child_inputs = 0x62c1d0, 
try_getopt = 1, state = {
            root_argp = 0x7fffffffd690, argc = 2, argv = 0x7fffffffda68, next = 
2, flags = 0, 
            arg_num = 0, quoted = 0, input = 0x0, child_inputs = 0x0, hook = 
0x0, 
            name = 0x7fffffffde31 "grub-mkimage", err_stream = 0x7ffff753d6e0, 
            out_stream = 0x7ffff753d7c0, pstate = 0x7fffffffd7b0}, storage = 
0x62c0b0}
        arg_ebadkey = 0
#12 0x0000000000409e04 in main (argc=2, argv=0x7fffffffda68) at 
../branch1/util/grub-mkimage.c:1838
        fp = 0x7ffff753d7c0
        arguments = {nmodules = 0, modules_max = 3, modules = 0x62c080, output 
= 0x0, dir = 0x0, 
          prefix = 0x0, memdisk = 0x0, font = 0x0, config = 0x0, note = 0, 
image_target = 0x0, 
          comp = COMPRESSION_AUTO}
A debugging session is active.

        Inferior 1 [process 24386] will be killed.

Quit anyway? (y or n)

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Infinite loop in __argp_get_display_len

Reply via email to