Opened 6 years ago
Closed 6 years ago
#776 closed bug (fixed)
Segfaults when no options are given and stdin is not a tty
| Reported by: | anonymous | Owned by: | somebody |
|---|---|---|---|
| Priority: | minor | Milestone: | 4-1-0 and higher |
| Component: | dontKnow | Version: | 4-0-3 |
| Keywords: | Cc: |
Description
This is a follow-up to #775 - I can't figure out how to modify tickets or how to create an account.
Thanks for the tip about -t, I will use that instead of -b as a workaround.
We are building with the following flags:
CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security LDFLAGS=-Wl,-z,relro
Backtrace is below. Unfortunately I'm missing the debugging symbols for libsingular4. I've asked for them, but in the meantime perhaps it's possible to debug this without that information.
$ gdb -d ~/tmp/glibc-2.24 -d ~/tmp/readline-7.0 Singular
GNU gdb (Debian 7.11.1-2) 7.11.1
[..]
(gdb) run </dev/null
Starting program: /usr/bin/Singular </dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
SINGULAR / Development
[..]
FB Mathematik der Universitaet, D-67653 Kaiserslautern \ Debian 4.0.3-p3+ds-1
> *** buffer overflow detected ***: /usr/bin/Singular terminated
[..]
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
58 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt full
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
set = {__val = {0, 7378697426072252448, 3472328520458712934, 7365468305578407725, 3274715270390756454, 3472328296226648877, 3475200452259229744, 3690189945398894644, 2314885530818453536, 2314885530818453536, 8319607701661294624, 4069054363051241330,
7956009158131998518, 7435290626849863797, 8026372414452428643, 7815263158107207278}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007ffff482c40a in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x2020202020202020, sa_sigaction = 0x2020202020202020}, sa_mask = {__val = {2314885530818453536, 3414407380868276256, 7794943938178463864, 8461814194867891817, 3761119431852583983, 7378697426077446958,
3472328520475490150, 7365468305578407725, 8606977229197436262, 3689064028293853229, 3475200452259229744, 2314905412508459057, 2314885530818453536, 2314885530818453536, 7596498486491619360, 140737488329680}}, sa_flags = 63, sa_restorer = 0x7fffffff9bd0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007ffff4868bd0 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff495c17f "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175
ap = {{gp_offset = 32, fp_offset = 0, overflow_arg_area = 0x7fffffff9be0, reg_save_area = 0x7fffffff9b70}}
fd = 0
on_2 = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007ffff48f1087 in __GI___fortify_fail (msg=msg@entry=0x7ffff495c116 "buffer overflow detected") at fortify_fail.c:30
No locals.
#4 0x00007ffff48ef1c0 in __GI___chk_fail () at chk_fail.c:28
No locals.
#5 0x00007ffff48f0ffa in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:25
No locals.
#6 0x00007ffff5aaed1b in rl_getc (stream=0x7ffff4b908c0 <_IO_2_1_stdin_>) at ./input.c:517
__d = <optimized out>
result = 0
c = 0 '\000'
empty_set = {__val = {0 <repeats 16 times>}}
readfds = {fds_bits = {0 <repeats 16 times>}}
#7 0x00007ffff5aaf668 in rl_read_key () at ./input.c:483
c = <optimized out>
r = <optimized out>
c = <optimized out>
#8 0x00007ffff5a97513 in readline_internal_char () at ./readline.c:570
lastc = -1
c = <optimized out>
code = <optimized out>
lk = 0
#9 0x00007ffff5a97d65 in readline_internal_charloop () at ./readline.c:656
eof = 1
#10 readline_internal () at ./readline.c:670
No locals.
#11 readline (prompt=<optimized out>) at ./readline.c:376
No locals.
#12 0x00007ffff7b716dc in fe_fgets_stdin_rl () from /usr/lib/x86_64-linux-gnu/libsingular-Singular-4.0.3.so
No symbol table info available.
#13 0x00007ffff78f7b92 in feReadLine(char*, int) () from /usr/lib/x86_64-linux-gnu/libsingular-Singular-4.0.3.so
No symbol table info available.
#14 0x00007ffff79734b2 in ?? () from /usr/lib/x86_64-linux-gnu/libsingular-Singular-4.0.3.so
No symbol table info available.
#15 0x00007ffff797508d in yylex(MYYSTYPE*) () from /usr/lib/x86_64-linux-gnu/libsingular-Singular-4.0.3.so
No symbol table info available.
#16 0x00007ffff78fd8f2 in yyparse() () from /usr/lib/x86_64-linux-gnu/libsingular-Singular-4.0.3.so
No symbol table info available.
#17 0x0000555555555a05 in main ()
No symbol table info available.
(gdb) l ./input.c:517
512 #endif
513 result = 0;
514 #if defined (HAVE_PSELECT)
515 sigemptyset (&empty_set);
516 FD_ZERO (&readfds);
517 FD_SET (fileno (stream), &readfds);
518 result = pselect (fileno (stream) + 1, &readfds, NULL, NULL, NULL, &empty_set);
519 #endif
520 if (result >= 0)
521 result = read (fileno (stream), &c, sizeof (unsigned char));
(gdb) l ./input.c:483
478 }
479 }
480 else
481 {
482 if (rl_get_char (&c) == 0)
483 c = (*rl_getc_function) (rl_instream);
484 /* fprintf(stderr, "rl_read_key: calling RL_CHECK_SIGNALS: _rl_caught_signal = %d", _rl_caught_signal); */
485 RL_CHECK_SIGNALS ();
486 }
487 }
(gdb) l ./readline.c:570
565 _rl_reset_argument ();
566 rl_executing_keyseq[rl_key_sequence_length = 0] = '\0';
567 }
568
569 RL_SETSTATE(RL_STATE_READCMD);
570 c = rl_read_key ();
571 RL_UNSETSTATE(RL_STATE_READCMD);
572
573 /* look at input.c:rl_getc() for the circumstances under which this will
574 be returned; punt immediately on read error without converting it to
(gdb) l ./readline.c:656
651 readline_internal_charloop ()
652 {
653 int eof = 1;
654
655 while (rl_done == 0)
656 eof = readline_internal_char ();
657 return (eof);
658 }
659 #endif /* READLINE_CALLBACKS */
660
(gdb) l ./readline.c:670
665 readline_internal ()
666 {
667 int eof;
668
669 readline_internal_setup ();
670 eof = readline_internal_charloop ();
671 return (readline_internal_teardown (eof));
672 }
673
674 void
(gdb) l ./readline.c:376
371
372 #if defined (HANDLE_SIGNALS)
373 rl_set_signals ();
374 #endif
375
376 value = readline_internal ();
377 if (rl_deprep_term_function)
378 (*rl_deprep_term_function) ();
379
380 #if defined (HANDLE_SIGNALS)
(gdb)
Note: See
TracTickets for help on using
tickets.
okay: reproducible as soon as I switched to from readline 6.3 to readline 7 But readline is only useful if stdin is a tty (and we have alterntives): so switch in this case to fgets: see 5ad50e61bfbca96bd6796f4148d4aef3dfb6ea47