On Mon, 4 Jun 2001, Bruce Evans wrote:
> On Sat, 2 Jun 2001, Maxim Sobolev wrote:
>
> > It seems that something is wrong with sscanf(3) in -current - in
> > some cases it may cause SIGBUS. I failed to reproduce the
> > problem on 4-STABLE, so it is a -current specific bug. Attached
> > please find small showcase that exposes the bug in question
> > and a backtrace after SIGBUS.
[ ... ]
>
> This is because fp->_extra is not initialized by sscanf() (it is stack
> garbage that happened to be 0 when I looked at it).
Yes, it looks like the change from _up to _extra (to hold _up and other
locking stuff) screwed this up. Here's a fix. My source is a month
out of date (DEVFS won't let my old X applications work, so I need
to upgrade my systems before it becomes mandatory), so I don't know
if it'll apply cleanly to -current sources.
--
Dan Eischen
Index: local.h
===================================================================
RCS file: /opt/b/CVS/src/lib/libc/stdio/local.h,v
retrieving revision 1.3
diff -u -r1.3 local.h
--- local.h 2001/03/01 05:22:14 1.3
+++ local.h 2001/06/03 22:22:18
@@ -103,3 +103,10 @@
free((char *)(fp)->_lb._base); \
(fp)->_lb._base = NULL; \
}
+
+#define INITEXTRA(fp) { \
+ (fp)->_extra->_up = NULL; \
+ (fp)->_extra->fl_mutex = PTHREAD_MUTEX_INITIALIZER; \
+ (fp)->_extra->fl_owner = NULL; \
+ (fp)->_extra->fl_count = 0; \
+}
Index: sscanf.c
===================================================================
RCS file: /opt/b/CVS/src/lib/libc/stdio/sscanf.c,v
retrieving revision 1.6
diff -u -r1.6 sscanf.c
--- sscanf.c 1999/08/28 00:01:17 1.6
+++ sscanf.c 2001/06/03 22:20:22
@@ -77,6 +77,7 @@
{
int ret;
va_list ap;
+ struct __sFILEX extra;
FILE f;
f._file = -1;
@@ -86,6 +87,8 @@
f._read = eofread;
f._ub._base = NULL;
f._lb._base = NULL;
+ f._extra = &extra;
+ INITEXTRA(&f);
#if __STDC__
va_start(ap, fmt);
#else
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
