Re: memcpy abort: xsane

Mon, 01 Dec 2014 03:23:59 -0800 

On Mon, Dec 01, 2014 at 10:24:33AM +0000, Stuart Henderson wrote:

> ports/graphics/xsane crashes at startup with an overlapping memcpy.
> However all it is doing here is an snprintf. Any ideas? Could the
> problem be in snprintf rather than xsane?
> 
> (gdb) r
> Starting program: /usr/local/bin/xsane 
> 
> Program received signal SIGABRT, Aborted.
> 0x000009006ef0070a in kill () at <stdin>:2
> 2     <stdin>: No such file or directory.
>       in <stdin>
> Current language:  auto; currently asm
> (gdb) where
> #0  0x000009006ef0070a in kill () at <stdin>:2
> #1  0x000009006ef62089 in abort () at /usr/src/lib/libc/stdlib/abort.c:53
> #2  0x000009006ef372b8 in memcpy (dst0=0xfbf40, src0=0x6, length=0)
>     at /usr/src/lib/libc/string/memcpy.c:65
> #3  0x000009006ef58f09 in __sfvwrite (fp=0x7f7ffffd1bf0, uio=0x7f7ffffd15b0)
>     at /usr/src/lib/libc/stdio/fvwrite.c:128
> #4  0x000009006ef39815 in __sprint (fp=Variable "fp" is not available.
> )
>     at /usr/src/lib/libc/stdio/vfprintf.c:107
> #5  0x000009006ef3b3e0 in __vfprintf (fp=0x7f7ffffd1bf0, 
>     fmt0=0x8fdaf2d1d9c "/%s", ap=Variable "ap" is not available.
> ) at /usr/src/lib/libc/stdio/vfprintf.c:1063
> #6  0x000009006ef37134 in snprintf (
>     str=0x7f7ffffd2430 "/hpaio:/net/Officejet_4500_G510g-m?ip=10.15.5.21", 
> n=Variable "n" is not available.
> )
>     at /usr/src/lib/libc/stdio/snprintf.c:64
> #7  0x000008fdaf1b2149 in xsane_device_dialog () at xsane.c:4997
> #8  0x000008fdaf1b57df in xsane_interface (argc=1, argv=0x7f7ffffd2738)
>     at xsane.c:6005
> #9  0x000008fdaf1b61f2 in main (argc=1, argv=0x7f7ffffd2738) at xsane.c:6236
> (gdb) frame 7
> #7  0x000008fdaf1b2149 in xsane_device_dialog () at xsane.c:4997
> 4997    snprintf(buf, sizeof(buf), "/%s", (strrchr(buf, ':')+1));
> Current language:  auto; currently c
> (gdb) list
> 4992      sprintf(textptr, "net:");
> 4993      textptr = devicetext + strlen(devicetext);
> 4994    }
> 4995  
> 4996    snprintf(buf, sizeof(buf), ":%s", devname);
> 4997    snprintf(buf, sizeof(buf), "/%s", (strrchr(buf, ':')+1));
> 4998    sprintf(textptr, "%s", (strrchr(buf, '/')+1));
> 4999  
> 5000    xsane.device_text = strdup(devicetext);
> 5001

The snprintf on line 4997 copies into the same buf it is reading from.

        -Otto

Reply via email to