Package: vtun Version: 3.0.2-1.1 Severity: important Hello,
Disclaimer 1: this bug appears both in 3.0.2-1.1 available in lenny and in 3.0.2-2 compiled on my own using lenny toolchain/chroot - I only made one change - I've commented dh_strip from debian/rules to be able to run gdb. Disclaimer 2: I am Cc-ing gcc maintainers because I suspect this could be the main reason of this bug. Please reassing the bug to gcc package if appropriate. I noticed that vtund is segfaulting at exit on both client and server side. Results of debugging the client side are strange. First: tail of gdb output from original 3.0.2-1.1 package after using kill PID: Program received signal SIGTERM, Terminated. 0xb7f07424 in __kernel_vsyscall () (gdb) c Continuing. vtund[21632]: Closing connection Program received signal SIGSEGV, Segmentation fault. 0xb7c811bb in strlen () from /lib/i686/cmov/libc.so.6 (gdb) bt #0 0xb7c811bb in strlen () from /lib/i686/cmov/libc.so.6 #1 0xb7c4d648 in vfprintf () from /lib/i686/cmov/libc.so.6 #2 0xb7c6bcdc in vsprintf () from /lib/i686/cmov/libc.so.6 #3 0x0804e714 in ?? () #4 0xbff23185 in ?? () #5 0x08055e07 in ?? () #6 0xbff23294 in ?? () #7 0x00000000 in ?? () Now: gdb output from 3.0.2-2 (with debug symbols): Program received signal SIGTERM, Terminated. 0xb7f72424 in __kernel_vsyscall () (gdb) c Continuing. vtund[23222]: Closing connection Program received signal SIGSEGV, Segmentation fault. 0xb7cec1bb in strlen () from /lib/i686/cmov/libc.so.6 (gdb) bt #0 0xb7cec1bb in strlen () from /lib/i686/cmov/libc.so.6 #1 0xb7cb8648 in vfprintf () from /lib/i686/cmov/libc.so.6 #2 0xb7cd6cdc in vsprintf () from /lib/i686/cmov/libc.so.6 #3 0x0804e714 in set_title (fmt=0x8055e07 "%s running down commands") at lib.c:102 #4 0x0804f62d in tunnel (host=0x9f85300) at tunnel.c:225 #5 0x0804df2a in client (host=0x9f853f8) at client.c:141 #6 0x0804a917 in main (argc=4, argv=0xbfd8e384, env=0xbfd8e398) at main.c:218 Look at value of host parameter in frames 4 and 5. Let's look at line 223 of tunnel.c file: opt = linkfd(host); Just before this line host has vaule 0x9f853f8 - it's correct. Just after return from linkfd function there is 0x9f85300. Segfault comes from piece of code running from next line: set_title("%s running down commands", host->host); Because host points to invalid fragment of memory and then reference to host->host causes segfault. But there is more. File linkfd.c, line 350. Just at the beginning of linkfd function host has still value 0x9f853f8. End of this function is: setpriority(PRIO_PROCESS,0,old_prio); return linker_term; } between setpriority and return lines host still has value 0x9f853f8. And suddenly, after returning to tunnel function host is 0x9f85300. Why I suspect it could be gcc problem? First I applied followinf patch to the sources: --- vtun-3.0.2.orig/linkfd.c +++ vtun-3.0.2/linkfd.c @@ -353,6 +353,7 @@ int old_prio; lfd_host = host; + vtun_syslog(LOG_NOTICE,"linkfd begin - host=%p",host); old_prio=getpriority(PRIO_PROCESS,0); setpriority(PRIO_PROCESS,0,LINKFD_PRIO); @@ -419,5 +420,6 @@ setpriority(PRIO_PROCESS,0,old_prio); + vtun_syslog(LOG_NOTICE,"linkfd end - host=%p",host); return linker_term; } --- vtun-3.0.2.orig/tunnel.c +++ vtun-3.0.2/tunnel.c @@ -220,7 +220,9 @@ break; } + vtun_syslog(LOG_NOTICE,"tunnel.c pre - host=%p",host); opt = linkfd(host); + vtun_syslog(LOG_NOTICE,"tunnel.c post - host=%p",host); set_title("%s running down commands", host->host); llist_trav(&host->down, run_cmd, &host->sopt); ---- here is end of patch ---- and everything went smoothly. After killing the client it closed itself without segfaults. My next step was removing mentioned patch and adding DEB_BUILD_OPTIONS=noopt. vtun compiled with -O0 instead of -O2 works correctly and closes without segfault. If you wish to compare binaries I use, I put all of them here: http://hell.pl/arturcz/vtun/ ac0 is default 3.0.2-2 but without dh_strip ac1 is like ac0 but with additional syslog messages (mentioned above patch) ac2 is like ac0 but compiled with -O0 instead of -O2. For compilation of all above I used freshly update pbuilder image of lenny with following gcc version: r...@szczaw:/# gcc --version gcc (Debian 4.3.2-1.1) 4.3.2 Copyright (C) 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Best regards Artur -- System Information: Debian Release: 5.0.3 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages vtun depends on: ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.9-6 GNU C Library: Shared libraries ii liblzo2-2 2.03-1 data compression library ii libssl0.9.8 0.9.8g-15+lenny5 SSL shared libraries ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime vtun recommends no packages. vtun suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org