Short: xerq crashes in read_socket()
Date: Sun, 15 Aug 1999 03:21:58 +0300 (EET DST)
From: Manu Mki <mtmaki@pultti.turkuai.fi>
Type: Bug
State: Done - fixed in 3.2.8-dev.198
See also: b-000404

Erq seems to crash a lot all the time, I just used gdb and here's the
result:

GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `erq --forked'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
#0  read_socket (sp=0x804d2d0, rw=1) at socket.c:53
53                l=write(fd, qp->buf+qp->pos, qp->len);
(gdb) p read_socket
$1 = {void (struct socket_s *, int)} 0x804a0e8 <read_socket>
(gdb) p sp
$2 = (struct socket_s *) 0x804d2d0
(gdb) p rw
$3 = 1
(gdb) p write
$4 = {<text variable, no debug info>} 0x4000e420 <__libc_write>
(gdb) p fd
$5 = 7
(gdb) p buf
$6 =
"\220`\005\000@5\000\000\000\220\005\000@\020\002\000@0\001@\003\000\000\0008\001@\002\000\000\000D`\005\000@\202\021\000@\bx\000@@\016\000@\216\177\002@,\001@@6\001@Fg\000\000\000\000\000\000\000\000\000\000\003\000\000\0008\001@\003\000\000\000\210\003\000@\000\000\000\000@\016\000@
<\f\000@\000\000\000\000\001@\004\000@\000\000\000\000\220\005\000@\020\002\000@0\001@\003\000\000\0008\001@\003\000\000\0008\b\002@L8\001@\217\013\f8\216\177\002@8\b\002@@6\001@\024\025\000@\003\000\000\000"...

Thanks in advance, Manu Maki


Date: Wed, 27 Oct 1999 10:32:36 +0300 (EET DST)
From: =?ISO-8859-1?Q?Manu_M=E4ki?= <mtmaki@students.turkuai.fi>

On Tue, 26 Oct 1999, Lars Duening wrote:

> >Hmm, this is what I got, nothing new then I guess :O
> >
> >There is absolutely no warranty for GDB.  Type "show warranty" for
> >details.
> >#0  read_socket (sp=3D0x80573e0, rw=3D1) at socket.c:53
> >Source file is more recent than executable.
> >53                l=3Dwrite(fd, qp->buf+qp->pos, qp->len);
> >(gdb) bt
> >#0  read_socket (sp=3D0x80573e0, rw=3D1) at socket.c:53
> >#1  0x8049199 in main (argc=3D2, argv=3D0xbffffdc4) at erq.c:126
> >#2  0x40030cb3 in __libc_start_main (main=3D0x8048d3c <main>, argc=3D2,
> >argv=3D0xbffffdc4, init=3D0x8048860 <_init>, 
> >    fini=3D0x804b0dc <_fini>, rtld_fini=3D0x4000a350 <_dl_fini>,
> >stack_end=3D0xbffffdbc) at ../sysdeps/generic/libc-start.c:78
> >(gdb) p qp
> >No symbol "qp" in current context.
> 
> No symbol? Either something is really wrong, or you were using
> a very aggressive optimizer. What if you use *qpp instead of every
> qp, e.g. "p *(*qpp->buf)" instead of "p *(qp->buf)"?
> 
> I must admit that I am running out of ideas :-(
> 
> -- 
> Lars Duening; lars@bearnip.com
> Note: Currently I can check my mail only occasionally.
> 
> 

Yeah, now I really got something out from gdb :) I hope this helps...

This GDB was configured as "i386-redhat-linux"...
Core was generated by `erq --forked'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /lib/libnss_nisplus.so.2...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libnss_nis.so.2...done.
Reading symbols from /lib/libnss_dns.so.2...done.
Reading symbols from /lib/libresolv.so.2...done.
#0  read_socket (sp=3D0x80573e0, rw=3D1) at socket.c:53
Source file is more recent than executable.
53                l=3Dwrite(fd, qp->buf+qp->pos, qp->len);
(gdb) p qpp
$1 =3D (struct queue_s **) 0x80573f8
(gdb) p *qpp
$2 =3D (struct queue_s *) 0x20
(gdb) p qpp->len
$3 =3D 0
(gdb) p *qpp->len
$4 =3D 83907072
(gdb) p *qpp->buf
$5 =3D 101 'e'
(gdb) p qpp->buf
$6 =3D 0x2c "erq --forked "
(gdb) p *qpp->buf+qpp->pos
$7 =3D 101
(gdb) p *qpp->buf+*qpp->pos
$8 =3D 83907173
(gdb) p qpp->buf+*qpp->pos 
$9 =3D 0x500522c <Address 0x500522c out of bounds>
(gdb) p qpp->buf+qpp->pos 
$10 =3D 0x2c "erq --forked "
(gdb) p fd
$11 =3D 6


  Manu M=E4ki aka Cendor@Winterkill (wk.tuug.fi 4000)

---------- Analysis ----------

The values of qpp and friends look suspiciously like an uninitialized
variable; in fact the global variable "sockets" is never initialized.
This is I corrected in .152, I am now waiting for feedback from Manu
for this change.

