>Submitter-Id: net
>Originator: Matt Krom
>Organization:
net
>Confidential: no
>Synopsis: 'cvs commit nav.txt' causes seg fault; gdb output attached
>Severity: serious
>Priority: high
>Category: cvs
>Class: sw-bug
>Release: cvs-1.10.8
>Environment:
System: SunOS hendrix 5.6 Generic_105181-04 sun4u sparc SUNW,Ultra-4
Architecture: sun4
>Description:
see included gdb output: I type 'cvs commit nav.txt', and get
a segmentation fault. GDB shows where in the source code the error
is; it seems rather internal to CVS programming and I hope that someone
familiar with the code can find out why the addresses stored in
"li" in function "fmt_proc" in line 137 of logmsg.c point to
out-of-bounds addresses.
The GDB script below shows how I invoked CVS, the stack trace,
the line of the source file which caused the error, and the contents
of the "li" data structure and other structs in the function
at the time of the error
- Matt Krom
> gdb cvs
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
(gdb) run commit nav.txt
Starting program: /usr/local/bin/cvs commit nav.txt
Program received signal SIGSEGV, Segmentation fault.
0xef6a46fc in strlen ()
(gdb) bt
#0 0xef6a46fc in strlen ()
#1 0xef6da62c in _doprnt ()
#2 0xef6e3694 in _fprintf ()
#3 0x3b580 in fmt_proc (p=0xba088, closure=0x0) at logmsg.c:137
#4 0x3185c in walklist (list=0xb9f70, proc=0x3b45c <fmt_proc>, closure=0x0)
at hash.c:370
#5 0x3b2e4 in setup_tmpfile (xfp=0xad000, xprefix=0x8a790 "CVS: ",
changes=0xb4f30) at logmsg.c:52
#6 0x3b944 in do_editor (dir=0xb8af8 "", messagep=0xace74,
repository=0xb42f8 "/nfic/f/code/HPCVSRepository/Project/Server/lang/en",
changes=0xb4f30) at logmsg.c:262
#7 0x28594 in commit_fileproc (callerdat=0x0, finfo=0xeffff5f0)
at commit.c:1250
#8 0x508d4 in do_file_proc (p=0xb8080, closure=0xeffff5e8) at recurse.c:821
#9 0x3185c in walklist (list=0xb2468, proc=0x507d8 <do_file_proc>,
closure=0xeffff5e8) at hash.c:370
#10 0x506cc in do_recursion (frame=0xeffff768) at recurse.c:725
#11 0x5109c in unroll_files_proc (p=0xb23c8, closure=0xeffff768)
at recurse.c:1194
#12 0x3185c in walklist (list=0xb2288, proc=0x50f8c <unroll_files_proc>,
closure=0xeffff768) at hash.c:370
#13 0x50190 in start_recursion (fileproc=0x28494 <commit_fileproc>,
filesdoneproc=0xb8b18, direntproc=0xb8b08, dirleaveproc=0x4,
callerdat=0x1, argc=1, argv=0xb1f18, local=0, which=1, aflag=0,
readlock=0, update_preload=0x0, dosrcs=1) at recurse.c:343
#14 0x2790c in commit (argc=1, argv=0xeffff9c4) at commit.c:664
#15 0x3da70 in main (argc=2, argv=0xeffff9c0) at main.c:1008
(gdb) f 3
#3 0x3b580 in fmt_proc (p=0xba088, closure=0x0) at logmsg.c:137
logmsg.c:137: No such file or directory.
(gdb) print *p
$1 = {type = NT_UNKNOWN, next = 0xb9f70, prev = 0xb9ed0, hashnext = 0xba0b0,
hashprev = 0xba0b0,
key = 0xb51e8 "/hendrix/users/mkrom/Work/HP2000/Project/Server/lang/en/nav.txt",
data = 0xb44d8 "", delproc = 0}
(gdb) print li
$2 = (struct logfile_info *) 0xb44d8
(gdb) print *li
$3 = {type = T_MODIFIED, tag = 0x6e6f6e50 <Address 0x6e6f6e50 out of bounds>,
rev_old = 0x8 <Address 0x8 out of bounds>,
rev_new = 0x305f6f76 <Address 0x305f6f76 out of bounds>}
(gdb) print *p
$4 = {type = NT_UNKNOWN, next = 0xb9f70, prev = 0xb9ed0, hashnext = 0xba0b0,
hashprev = 0xba0b0,
key = 0xb51e8 "/hendrix/users/mkrom/Work/HP2000/Project/Server/lang/en/nav.txt",
data = 0xb44d8 "", delproc = 0}
(gdb) print p->data
$5 = 0xb44d8 ""
>How-To-Repeat:
unsure (sorry)
>Fix:
unsure (sorry)
