tag 630824 = patch thanks On Fri, Jun 17, 2011 at 09:01:54PM +0300, Eugene V. Lyubimkin wrote: > tags 630824 + moreinfo > quit > > Hi Julian, > > On 2011-06-17 19:15, Julian Andres Klode wrote: > > Package: cupt > > Version: 2.1.0 > > > > When simulating installation of a package using > > cupt install -y -s PACKAGE > > > > cupt fails with a segmentation fault. Attached > > are the log files from valgrind and gdb on the > > current git master (locally built with cmake > > && make, for debugging symbols) > [...] > > Thanks for the report. > > Logs clearly show where the segfault happens, but I can't understand > why. I cannot reproduce it on my machine. Is it specific to > architecture? > > Could you please share somewhere xz'ed output of `cupt tar-metadata`?
I guess a patch helps more. -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
From 642b7dc7739e99397047192b567cb3914a9c23d2 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode <[email protected]> Date: Mon, 20 Jun 2011 17:30:40 +0200 Subject: [PATCH] lib: common: Fix va_list double-use (Closes: #630824) If __get_formatted_string() is asked to format a string of more than 4096 characters, a second call to vsnprintf() is issued, reusing the same va_list as in the first call. As this va_list is already exhausted, a crash occurs. Reported-by: Julian Andres Klode <[email protected]> Signed-off-by: Julian Andres Klode <[email protected]> --- cpp/lib/src/common.cpp | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/cpp/lib/src/common.cpp b/cpp/lib/src/common.cpp index 422f395..5188a0f 100644 --- a/cpp/lib/src/common.cpp +++ b/cpp/lib/src/common.cpp @@ -55,10 +55,15 @@ string __get_formatted_string(const char* format, va_list va) { char formattedBuffer[4096]; + va_list vb; + va_copy(vb, va); + auto substitutedFormat = __substitute_eee(format, errno); auto bytesWritten = vsnprintf(formattedBuffer, sizeof(formattedBuffer), - substitutedFormat.c_str(), va); + substitutedFormat.c_str(), vb); + + va_end(vb); if ((size_t)bytesWritten < sizeof(formattedBuffer)) { -- 1.7.5.4
pgpSeAfbcWAVS.pgp
Description: PGP signature

