DragonFly BSD
DragonFly bugs List (threaded) for 2012-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

[DragonFlyBSD - Bug #1596] installer segfaults on AMD64 while configuring nfe0 DHCP


From: YONETANI Tomokazu via Redmine <bugtracker-admin@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 7 Mar 2012 06:28:27 -0800

Issue #1596 has been updated by YONETANI Tomokazu.


Hi,

I don't have any nForce NIC here, but I guess show_ifconfig() is
responsible to this crash, because it passes the string returned by
ifconfig command as the format string.

in dfuibe_installer/fn_diagnostic.c:
void
show_ifconfig(struct dfui_connection *c, char *ifname)
{
	struct aura_buffer *e;

	e = aura_buffer_new(1024);
	aura_buffer_cat_pipe(e, "/sbin/ifconfig %s", ifname);
	inform(c, aura_buffer_buf(e));
	aura_buffer_free(e);
}

Since GENERIC kernel has IPv6 enabled, the output from ifconfig command
contains an auto-configured address for nfe0, like this:

	inet6 fe80::290:ccff:feef:93a8%nfe0 prefixlen 64 scopeid 0x3
                                      ^^
The `%n', by the way, has special meaning to *printf functions:

    n       The number of characters written so far is stored into the inte-
	    ger indicated by the int * (or variant) pointer argument.  No
	    argument is converted.

which attempts to store the number to the memory location pointed to
by some garbage on the stack.  So the fix is simple: just add `"%s"' as
the second argument in the call to inform().

On Wed, Mar 07, 2012 at 02:12:01AM -0800, Sascha Wildner via Redmine wrote:
> 
> Issue #1596 has been updated by Sascha Wildner.
> 
> Status changed from New to In Progress
> 
> Okay, I'm really at a loss here.
> 
> Brett or Saifi, or anyone else who has this issue. I would like to put up an .iso or .img with debug symbols for you, and you could try again configuring nfe(4) from it, which requires no reinstallation. Then you could give us a usable trace and put up the .core for review.
> 
> Tell me if it is possible for you and I'll prepare the ISO.
> 
> ----------------------------------------
> Bug #1596: installer segfaults on AMD64 while configuring nfe0 DHCP
> http://bugs.dragonflybsd.org/issues/1596
> 
> Author: Saifi Khan
> Status: In Progress
> Priority: Normal
> Assignee: Sascha Wildner
> Category: 
> Target version: 
> 
> 
> Hi:
> 
> Summary:
> The DragonFlyBSD installer seg-faults on AMD64 while configuring
> a nfe0 interface with DHCP.
> 
> Version:
> DragonFlyBSD 2.4.1 
> 
> Reproducible:
> always
> 
> Stack trace:
> Script started on Wed Nov  4 22:33:08 2009
> 
> # gdb /usr/sbin/dfuibe_installer ./dfuibe_installer.core 
> gdb 6.7.1
> This GDB was configured as "amd64-dragonfly"...
> (no debugging symbols found)
> Reading symbols from /usr/lib/libc.so.7...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libc.so.7
> Reading symbols from /usr/libexec/ld-elf.so.2...(no debugging symbols found)...done.
> Loaded symbols for /usr/libexec/ld-elf.so.2
> 
> Core was generated by `dfuibe_installer'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
> (gdb) bt
> #0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
> #1  0x00000008006f4fe3 in vasprintf () from /usr/lib/libc.so.7
> #2  0x000000000040fc82 in ?? ()
> #3  0x00000000004053c7 in ?? ()
> #4  0x00000000004086b5 in ?? ()
> #5  0x00000000004051b7 in ?? ()
> #6  0x000000000040245d in ?? ()
> #7  0x000000000040e71f in ?? ()
> #8  0x0000000000402360 in ?? ()
> #9  0x0000000800554000 in ?? ()
> #10 0x0000000000000000 in ?? ()
> (gdb) q
> # exit
> exit
> 
> Script done on Wed Nov  4 22:34:02 2009
> 
> thanks
> Saifi.
> 
> 
> -- 
> You have received this notification because you have either subscribed to it, or are involved in it.
> To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
----------------------------------------
Bug #1596: installer segfaults on AMD64 while configuring nfe0 DHCP
http://bugs.dragonflybsd.org/issues/1596

Author: Saifi Khan
Status: In Progress
Priority: Normal
Assignee: Sascha Wildner
Category: 
Target version: 


Hi:

Summary:
The DragonFlyBSD installer seg-faults on AMD64 while configuring
a nfe0 interface with DHCP.

Version:
DragonFlyBSD 2.4.1 

Reproducible:
always

Stack trace:
Script started on Wed Nov  4 22:33:08 2009

# gdb /usr/sbin/dfuibe_installer ./dfuibe_installer.core 
gdb 6.7.1
This GDB was configured as "amd64-dragonfly"...
(no debugging symbols found)
Reading symbols from /usr/lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libc.so.7
Reading symbols from /usr/libexec/ld-elf.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/libexec/ld-elf.so.2

Core was generated by `dfuibe_installer'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
(gdb) bt
#0  0x00000008006ff8b2 in __vfprintf () from /usr/lib/libc.so.7
#1  0x00000008006f4fe3 in vasprintf () from /usr/lib/libc.so.7
#2  0x000000000040fc82 in ?? ()
#3  0x00000000004053c7 in ?? ()
#4  0x00000000004086b5 in ?? ()
#5  0x00000000004051b7 in ?? ()
#6  0x000000000040245d in ?? ()
#7  0x000000000040e71f in ?? ()
#8  0x0000000000402360 in ?? ()
#9  0x0000000800554000 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb) q
# exit
exit

Script done on Wed Nov  4 22:34:02 2009

thanks
Saifi.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]