Hi J?rgen
This is because of the strncpy() in string_unquote() at mdb_lex.1:699
<http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/mdb/common/mdb/mdb_lex.l#699>.
The source and destination overlap but the manpage for strncpy.3c says...
If
copying takes place between objects that overlap, the
behavior of strcpy(), strncpy(), and strlcpy() is undefined.
Similar behaviour an be seen in the following short program...
============
#include <stdio.h>
#include <strings.h>
int
main()
{
char *x = "abcdefghijklmnn";
char *y = x+1;
printf("%s\n",x);
strncpy(x, y, 13);
x[13]=0;
printf("%s\n",x);
return (0);
}
============
32bit output
============
abcdefghijklmnn
bcdefghijklmn
64bit output
============
abcdefghijklmnn
bcdefhiijklmn
The other strncpy() and the strcpy() in string_unquote() also involve
overlapping source and destination strings.
Thanks for reporting this.
/kuriakose
On 02/06/10 12:34, J?rgen Keil wrote:
> Can anyone reproduce this:
>
> I'm running SX:CE b129 amd64, bfu'ed to current ON bits;
> the same problem exists on OpenSolaris dev build b132.
>
> I'm trying to debug a /usr/sbin/amd64/update_drv problem,
> using mdb. Problem is that the debug target somehow
> receives a :r quoted string argument slightly modified.
>
> Here's an example that reproduces the issue with
> a 64-bit "echo" test program:
>
> % cat x.c
> #include<stdio.h>
>
> int
> main(int argc, char **argv)
> {
> int i;
> for (i = 1; argv[i] != NULL; i++)
> printf("%s ", argv[i]);
> printf("\n");
> return 0;
> }
>
> % cc -m64 -o x x.c
>
> % ./x -d -i '"pci1814,601"' rtls
> -d -i "pci1814,601" rtls
>
> Ok, test program works as expected.
> Now the same under mdb control:
>
> % mdb ./x
>> :r -d -i '"pci1814,601"' rtls
> -d -i "pci1144,601" rtls
> mdb: target has terminated
>
>
> Note how the "pci1814,601" string
> argument was modified when running
> under mdb.
>
> The problem does not happen with a
> 32-bit debug target.
