Re: TP_NUM_C_BUFS too small

Mon, 02 Nov 2015 15:08:26 -0800 

Am 02.11.2015, 12:15 Uhr, schrieb Corinna Vinschen:
Glad it's fixed! For the record, could you say what sort of bug would cause 
a fatal internal error like that?
Just curious,


Me too.  Sounds like some kind of recursion.



It all happened after I had replaced all strcpy/strcat by strlcpy like  
this:


strcpy(t,s) -> pos = strlcpy(t,s,size)
strcat(t,s) -> pos += strlcpy(t+pos,s,size-pos)


At some point the pos-parameter was wrong and the resulting string became  
something undesired. And that string probably was passed to fopen, maybe  
pos became very large way beyond the boundaries of the string which is  
from the stack.



It's hard to reproduce what happened in a simple case, and I was in some  
hurry then, but I saved the strace-output:


  459 4265672 [main] ue 460 open: open(u, 0x0)
   33 4265705 [main] ue 460 normalize_posix_path: src u
   33 4265738 [main] ue 460 cwdstuff::get: posix /usr/src/ue314/bin

   32 4265770 [main] ue 460 cwdstuff::get: (/usr/src/ue314/bin) =  
cwdstuff::get (0x80000008, 32768, 1, 0), errno 2
   33 4265803 [main] ue 460 normalize_posix_path: /usr/src/ue314/bin/u =  
normalize_posix_path (u)
   33 4265836 [main] ue 460 mount_info::conv_to_win32_path:  
conv_to_win32_path (/usr/src/ue314/bin/u)

   33 4265869 [main] ue 460 set_flags: flags: binary (0x2)

   33 4265902 [main] ue 460 mount_info::conv_to_win32_path: src_path  
/usr/src/ue314/bin/u, dst C:\cygwin\usr\src\ue314\bin\u, flags 0x3000A, rc  
0
   63 4265965 [main] ue 460 symlink_info::check: 0x0 = NtCreateFile  
(\??\C:\cygwin\usr\src\ue314\bin\u)

   49 4266014 [main] ue 460 symlink_info::check: not a symlink

   47 4266061 [main] ue 460 symlink_info::check: 0 =  
symlink.check(C:\cygwin\usr\src\ue314\bin\u, 0x29B598) (0x3000A)
   35 4266096 [main] ue 460 path_conv::check:  
this->path(C:\cygwin\usr\src\ue314\bin\u), has_acls(1)

   37 4266133 [main] ue 460 build_fh_pc: fh 0x61302754, dev 000000C3

   34 4266167 [main] ue 460 fhandler_base::open:  
(\??\C:\cygwin\usr\src\ue314\bin\u, 0x108000)
   70 4266237 [main] ue 460 fhandler_base::set_flags: flags 0x108000,  
supplied_bin 0x10000
   34 4266271 [main] ue 460 fhandler_base::set_flags: filemode set to  
binary
   33 4266304 [main] ue 460 fhandler_base::open: 0x0 = NtCreateFile  
(0x170, 0x80100000, \??\C:\cygwin\usr\src\ue314\bin\u, io, NULL, 0x0, 0x7,  
0x1, 0x4020, NULL, 0)
   35 4266339 [main] ue 460 fhandler_base::open: 1 =  
fhandler_base::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x108000)
   41 4266380 [main] ue 460 fhandler_base::open_fs: 1 =  
fhandler_disk_file::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x8000)

   34 4266414 [main] ue 460 open: 3 = open(u, 0x8000)

  186 4266600 [main] ue 460 _cygwin_istext_for_stdio: fd 3: opened as  
binary

  232 4266832 [main] ue 460 close: close(3)

   32 4266864 [main] ue 460 fhandler_base::close: closing  
'/usr/src/ue314/bin/u' handle 0x170

   49 4266913 [main] ue 460 close: 0 = close(3)
  460 4267373 [main] 20 460 open: open(u, 0x0)

This loops some 100 times, then:

  460 4267373 [main] 20 460 open: open(u, 0x0)
   32 4267405 [main] 20 460 normalize_posix_path: src u
   32 4267437 [main] 20 460 cwdstuff::get: posix /usr/src/ue314/bin

   33 4267470 [main] 20 460 cwdstuff::get: (/usr/src/ue314/bin) =  
cwdstuff::get (0x80000008, 32768, 1, 0), errno 2
   33 4267503 [main] 20 460 normalize_posix_path: /usr/src/ue314/bin/u =  
normalize_posix_path (u)
   32 4267535 [main] 20 460 mount_info::conv_to_win32_path:  
conv_to_win32_path (/usr/src/ue314/bin/u)

   34 4267569 [main] 20 460 set_flags: flags: binary (0x2)

   32 4267601 [main] 20 460 mount_info::conv_to_win32_path: src_path  
/usr/src/ue314/bin/u, dst C:\cygwin\usr\src\ue314\bin\u, flags 0x3000A, rc  
0
   59 4267660 [main] 20 460 symlink_info::check: 0x0 = NtCreateFile  
(\??\C:\cygwin\usr\src\ue314\bin\u)

   50 4267710 [main] 20 460 symlink_info::check: not a symlink

   47 4267757 [main] 20 460 symlink_info::check: 0 =  
symlink.check(C:\cygwin\usr\src\ue314\bin\u, 0x29B598) (0x3000A)
   35 4267792 [main] 20 460 path_conv::check:  
this->path(C:\cygwin\usr\src\ue314\bin\u), has_acls(1)

   36 4267828 [main] 20 460 build_fh_pc: fh 0x61302754, dev 000000C3

   33 4267861 [main] 20 460 fhandler_base::open:  
(\??\C:\cygwin\usr\src\ue314\bin\u, 0x108000)
   72 4267933 [main] 20 460 fhandler_base::set_flags: flags 0x108000,  
supplied_bin 0x10000
   34 4267967 [main] 20 460 fhandler_base::set_flags: filemode set to  
binary
   33 4268000 [main] 20 460 fhandler_base::open: 0x0 = NtCreateFile  
(0x16C, 0x80100000, \??\C:\cygwin\usr\src\ue314\bin\u, io, NULL, 0x0, 0x7,  
0x1, 0x4020, NULL, 0)
   34 4268034 [main] 20 460 fhandler_base::open: 1 =  
fhandler_base::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x108000)
   42 4268076 [main] 20 460 fhandler_base::open_fs: 1 =  
fhandler_disk_file::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x8000)

   34 4268110 [main] 20 460 open: 3 = open(u, 0x8000)

  186 4268296 [main] 20 460 _cygwin_istext_for_stdio: fd 3: opened as  
binary

  231 4268527 [main] 20 460 close: close(3)

   33 4268560 [main] 20 460 fhandler_base::close: closing  
'/usr/src/ue314/bin/u' handle 0x16C

   49 4268609 [main] 20 460 close: 0 = close(3)
  476 4269085 [main] 2046121 460 open: open(u, 0x0)


Note the process-name gets overwritten by a number of increasing length,  
the last being 254 bytes long before the process exits.


Don't know if that's of any use. It crashed not only on cygwin.


BTW: Is there a documentation about the columns of the strace-output  
somewhere?


-Helmut

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple























					Reply via email to