RE: [Bug 901252] Re: atoi segfaults if the auxiliary vector was empty

2013-02-10 Thread Edmund Grimley Evans 
Perhaps I should mention the keyword "locale" here. It seems pretty
clear that the segfault is caused by strtol_l_internal receiving a
null pointer as its locale argument. So the C library start-up code,
when presented with an empty auxiliary vector, is silently failing to
initialise the locale. Perhaps this is a simple oversight, or perhaps
there's a good reason why it's hard to set up a locale without certain
information from the auxiliary vector. (AT_PHDR, perhaps?)

-- IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy
the information in any medium.  Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/901252

Title:
  atoi segfaults if the auxiliary vector was empty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901252/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

RE: [Bug 901252] Re: atoi segfaults if the auxiliary vector was empty

2013-02-10 Thread Edmund Grimley Evans 
> I'm not sure how intentionally corrupting the stack with a debugger to
> cause a segfault constitutes a glibc bug...

Setting the auxiliary vector to empty is not really "corrupting" it. You
just need to ask yourself whether you consider it acceptable for the C
library to segfault when presented with an empty auxiliary vector as
input. Perhaps you do, in which case this behaviour isn't a bug. On the
other hand, if you think the C library should be able to cope more
elegantly with an empty auxiliary vector then my report provides
evidence that something is not working as it should. Your choice.

I don't claim that my technique for demonstrating the problem
"constitutes" a bug. By all means go ahead and demonstrate the problem
by patching the kernel instead, if you prefer. Or perhaps you could
demonstrate it with valgrind.

Or perhaps you're not interested in glibc bugs that do not affect the
normal use of glibc on Linux. I don't really know who you are and what
your area of interest is.

-- IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy
the information in any medium.  Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/901252

Title:
  atoi segfaults if the auxiliary vector was empty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901252/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 901252] [NEW] atoi segfaults if the auxiliary vector was empty

2011-12-07 Thread Edmund Grimley Evans 
Public bug reported:

The auxiliary vector is put onto a process's stack by the kernel and it
normally isn't empty. However, the C library is probably supposed to
cope with the auxiliary vector being empty (you might be running the
program under a different or a modified operating system). Therefore, it
is probably a bug that atoi segfaults when the auxiliary vector was
empty.

I tested this with libc6-dev_2.13-0ubuntu13_armel.deb on a Panda Board.
I haven't seen this bug on x86.

To demonstrate the bug you have to use the debugger to hide the
auxiliary vector. See the transcript below in which I:

- Build a simple statically linked binary that calls atoi().
- Find the entry point.
- Run the program under GDB and stop it at the entry point.
- Find the auxiliary vector on the stack and hide it by overwriting the first 
tag with 0.
- Let the program continue to run: it segfaults in strtol.

$ cat < t.c
#include 
#include 
int main()
{
  printf("%d\n", atoi("123"));
  return 0;
}
END
$ gcc -Wall -O2 t.c -static
$ readelf -l a.out | grep Entry
Entry point 0x8171
$ gdb a.out
...
(gdb) b *0x8170
Breakpoint 1 at 0x8170
(gdb) r
Starting program: /export/egrimley/a.out 

Breakpoint 1, 0x8170 in _start ()
(gdb) info reg
...
sp 0xbefff7d0...
...
(gdb) x/64x 0xbefff7d0
0xbefff7d0: 0x0001  0xbefff8dc  0x  0xbefff8f3
0xbefff7e0: 0xbefff903  0xbefff90e  0xbefff95e  0xbefff97e
0xbefff7f0: 0xbefff991  0xbefff99f  0xbefffe8f  0xbefffe9a
0xbefff800: 0xbefffee7  0xbefffeff  0xbe0e  0xbe1b
0xbefff810: 0xbe30  0xbe3d  0xbe46  0xbe5a
0xbefff820: 0xbe62  0xbe73  0xbea3  0xbec3
0xbefff830: 0x  0x0010  0xb8d7  0x0006
0xbefff840: 0x1000  0x0011  0x0064  0x0003
...
(gdb) p *(int *)0xbefff834 = 0
$1 = 0
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x8c1c in strtol_l_internal ()

** Affects: eglibc (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/901252

Title:
  atoi segfaults if the auxiliary vector was empty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901252/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 732711] Re: gcc-4.4 gave spurious "warning: array subscript is above array bounds"

2011-03-10 Thread Edmund Grimley Evans 
-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/732711

Title:
  gcc-4.4 gave spurious "warning: array subscript is above array bounds"

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 732711] [NEW] gcc-4.4 gave spurious "warning: array subscript is above array bounds"

2011-03-10 Thread Edmund Grimley Evans 
Public bug reported:

Binary package hint: gcc-4.4

// This code gives a spurious
// "warning: array subscript is above array bounds"
// with gcc version 4.4.5 (Ubuntu/Linaro 4.4.4-14ubuntu5) 
// when compiled with: gcc -c -O2 -Wall

struct s { int a[100]; };

void f(struct s *ps, int i)
{
  int *a = ps->a;
  if (i >= 0x2000 && i < 0x2004)
a[i - 0x2000] = 0;
}

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: gcc-4.4 4.4.4-14ubuntu5
ProcVersionSignature: Ubuntu 2.6.35-980.1release9-omap4 2.6.35.3
Uname: Linux 2.6.35-980-omap4 armv7l
Architecture: armel
Date: Thu Mar 10 16:51:56 2011
ProcEnviron:
 LC_COLLATE=C
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: gcc-4.4

** Affects: gcc-4.4 (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: apport-bug armel maverick ubuntu-une

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/732711

Title:
  gcc-4.4 gave spurious "warning: array subscript is above array bounds"

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs