Yo sebastian. I have finally had access to an x86-64 shell and fixed the problem in few minutes. It was not an abvious bug, but i'll explain how to find it..maybe it will be useful to somebody to learn how to catch bugs.
GLIBC was detecting a heap overflow only in 64 bits. so the problem should be something related to pointers (4 vs 8 bytes). The backtrace of glibc points to a malloc() (use addr2line -e src/radare [addr]) because glibc doesnt resolves symbols when backtracing. once here i ahve decided to use valgrind. which tell me about an invalid write of 8 bytes in a list_add() of code.c:119.. commenting the list-add fixes the problem, but obviously dropping functionalities. Reading a bit in the data_t structure i saw that the 'list' element is a pointer, and it shuoldnt so it must be "struct list_head list" instead of "*list". problem fixed making valgrind happy again I hope next time bugs like this takes less time to get fixed. btw warnaton is always open, so feel free to submit patches cleaning code or removing warnings. hg pull. it should work fine now. --pancake On Mon, 2008-08-11 at 01:00 +0200, Sebastian Reichel wrote: > Hi, > > Sorry, I hat less time the last days. I don't know, what you have fixed, > but my radare still segfaults if file.flag is enabled. Here is the > output of rabin: > > --------------------- > > rabin -isr /bin/ls > fs imports > f imp_printf @ 0xffffffffffffffff > f imp_strcoll @ 0xffffffffffffffff > f imp_mktime @ 0xffffffffffffffff > f imp_memset @ 0xffffffffffffffff > f imp_mbrtowc @ 0xffffffffffffffff > [...] // more imp_ stuff with address @ 0xffffffffffffffff > f imp_fflush_unlocked @ 0xffffffffffffffff > f imp_iswprint @ 0xffffffffffffffff > f imp_getpwnam @ 0xffffffffffffffff > f imp_malloc @ 0x00401f30 > f imp_free @ 0x00401fc0 > 91 imports added > fs symbols > b 00000008 && f sym_stdout @ 0x00619710 > b 00000008 && f sym_stderr @ 0x00619708 > b 00000004 && f sym_optind @ 0x006196e0 > b 00000008 && f sym_optarg @ 0x00619700 > b 512 > 4 symbols added > > --------------------- > > Here is a full rabin (there is no segfault): > > [EMAIL PROTECTED] ~ % rabin -iSszr /bin/ls | grep added > 91 imports added > 4 symbols added > 28 sections added > 635 strings added > [EMAIL PROTECTED] ~ % echo $? > 1 > > > > Am Sonntag, den 10.08.2008, 19:24 +0200 schrieb pancake: > > elektranox, please re-pull the mercurial repository. it's theorically > > fixed now :) > _______________________________________________ > radare mailing list > [email protected] > http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org _______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
