On Tue, Jul 22, 2008 at 10:23:09AM -0700, Matthew Dillon wrote:
> :Pierre Riteau wrote:
> :> Hi,
> :> I was installing DragonFlyBSD 2.0.0 to try out HAMMER and the installer
> :> segfaulted.
> :> Can anyone reproduce it?
> :> Launch the installer, go to "Configure an Installer System", select the
> :> system then choose "Select timezone", answer YES to the question about
> :> UTC and then select Europe: the installer freezes and I get on the other
> :> tty "pid 1724 (dfuife_curses), uid 0: exited on signal 11 (core dumped)".
> :>
> :> I could debug it but I would need to finish the install and get the
> :> source tree first, so if anyone wants to take a look at it, that would
> :> be great.
> :
> :Try this: Login as "root" and then type "installer". IIRC, I had a
> :similar problem (at least once). Nevertheless, the bug should be fixed.
> :
> :Regards,
> :
> : Michael
>
> Very odd. It seems to work fine when I try it (by logging in as
> 'installer').
>
> Maybe there's a memory corruption issue in the installer and the
> problem is due to some prior action. When you select 'Europe'
> it does have to allocate fairly large list to generate the next
> menu.
>
> -Matt
> Matthew Dillon
> <[EMAIL PROTECTED]>
OK, I tracked it down to an off-by-one that was probably corrupting
malloc internals.
A quick grep through the code found the same issue in other files
(looks like copy and paste).
Diff inline below.
Pierre Riteau
Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c
===================================================================
RCS file:
/home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_caps.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c 12 Mar 2008
22:15:54 -0000 1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c 26 Jul 2008
18:50:59 -0000
@@ -285,7 +285,7 @@ dfui_caps_fe_ll_request(struct dfui_conn
* Construct a message.
*/
- fmsg = aura_malloc(strlen(msg) + 1, "exchange message");
+ fmsg = aura_malloc(strlen(msg) + 2, "exchange message");
fmsg[0] = msgtype;
strcpy(fmsg + 1, msg);
dfui_debug("SEND<<%s>>\n", fmsg);
Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c
===================================================================
RCS file:
/home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_npipe.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c 12 Mar 2008
22:15:54 -0000 1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c 26 Jul 2008
18:49:00 -0000
@@ -340,7 +340,7 @@ dfui_npipe_fe_ll_request(struct dfui_con
* Construct a message.
*/
- fmsg = malloc(strlen(msg) + 1);
+ fmsg = malloc(strlen(msg) + 2);
fmsg[0] = msgtype;
strcpy(fmsg + 1, msg);
Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_tcp.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c 12 Mar 2008
22:15:54 -0000 1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c 26 Jul 2008
17:11:57 -0000
@@ -394,7 +394,7 @@ dfui_tcp_fe_ll_request(struct dfui_conne
* Construct a message.
*/
- fmsg = malloc(strlen(msg) + 1);
+ fmsg = malloc(strlen(msg) + 2);
fmsg[0] = msgtype;
strcpy(fmsg + 1, msg);
dfui_debug("SEND<<%s>>\n", fmsg);
