This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Cygwin64] dash segfault


On 2013-03-11 10:46, Corinna Vinschen wrote:
> On Mar 11 06:51, Peter Rosin wrote:
>> Thread 1 (Thread 9636.0xb268):
>> #0  strlen (str=0x1 <Address 0x1 out of bounds>)
>>     at /usr/src/debug/cygwin-1.7.18-2/newlib/libc/string/strlen.c:68
>> #1  0x00000001800bf65e in strdup (s=0x1 <Address 0x1 out of bounds>)
>>     at /usr/src/debug/cygwin-1.7.18-2/winsup/cygwin/malloc_wrapper.cc:213
> 
> This doesn't look like the same problem as the one which crashes in
> free().  But it might have the same reason.  A pointer value of 1
> indicates that some function returned a NULL pointer but the calling
> function didn't check the return value.  If you still have that in
> GDB, can you check where the value is coming from?

It's still kicking in GDB, but I'm not sure how I'm going to find out
where the bogus 1 is coming from? Assuming that frame #5 is correct and
that it really is at var.c:298, that line is

	s = savestr(s);

with s pointing to "old_library=" (0x6ff:fff841c8). savestr is a simple
wrapper around strdup, so anything replacing that pointer with 1 must
be coming from some non-obvious place. But it really is weird, because
the value that is transformed into 1 is passed in ecx and not on the
stack, so a trashed stack does not explain it (unless the stack is
trashed in a way that totally fools me).

I need more help to help out with this.

Cheers,
Peter

Ps, here "bt full" output in case it helps.

(gdb) bt full
#0  strlen (str=0x1 <Address 0x1 out of bounds>)
    at /usr/src/debug/cygwin-1.7.18-2/newlib/libc/string/strlen.c:68
        start = 0x1 <Address 0x1 out of bounds>
        aligned_addr = <optimized out>
#1  0x00000001800bf65e in strdup (s=0x1 <Address 0x1 out of bounds>)
    at /usr/src/debug/cygwin-1.7.18-2/winsup/cygwin/malloc_wrapper.cc:213
        p = <optimized out>
        len = <optimized out>
#2  0x00000001801114eb in _sigfe () from /usr/bin/cygwin1.dll
No symbol table info available.
#3  0x0000000000229d70 in ?? ()
No symbol table info available.
#4  0x0000000100416a31 in findvar (vpp=0x6fffff841c8,
    name=0x6fffff841c8 "old_library=") at ../../src/var.c:700
No locals.
#5  0x0000000100415dd7 in setvareq (s=0x6fffff841c8 "old_library=", flags=4)
    at ../../src/var.c:298
        vp = 0x6fffff8e940
        vpp = 0x6fffffbaa10
#6  0x0000000100416474 in mklocal (name=0x6fffff841c8 "old_library=")
    at ../../src/var.c:513
        eq = 0x6fffff841d3 "="
        lvp = 0x6fffff8fd90
        vpp = 0x100423550 <vartab+176>
---Type <return> to continue, or q <return> to quit---
        vp = 0x6fffff8e940
#7  0x00000001004040ed in evalcommand (cmd=0x6ffffea1900, flags=0)
    at ../../src/eval.c:745
        spp = 0x229e80
        p = 0x229f70 ""
        localvar_stop = 0x6fffffeafa0
        redir_stop = 0x0
        smark = {stackp = 0x6fffffbfc90, stacknxt = 0x6fffffbfe80 "test",
          stacknleft = 16}
        argp = 0x6ffffea1920
        arglist = {list = 0x0, lastp = 0x229e90}
        varlist = {list = 0x6fffff841d8, lastp = 0x6fffff841d8}
        argv = 0x6fffffbfe88
        argc = 0
        sp = 0x0
        cmdentry = {cmdtype = 2, u = {index = 4301952,
            cmd = 0x10041a480 <bltin>, func = 0x10041a480 <bltin>}}
        jp = 0x0
        lastarg = 0x0
        path = 0x1802e3af8 "PATH=/usr/bin"
        spclbltin = 0
        execcmd = 2269024
        status = 0
        nargv = 0x6fffffbfe88
---Type <return> to continue, or q <return> to quit---
#8  0x000000010040321a in evaltree (n=0x6ffffea1900, flags=0)
    at ../../src/eval.c:280
        checkexit = 0
        evalfn = 0x100403e2e <evalcommand>
        isor = 2
        status = 1
#9  0x000000010040321a in evaltree (n=0x6ffffea1900, flags=0)
    at ../../src/eval.c:280
        checkexit = 0
        evalfn = 0x100402f73 <evaltree>
        isor = 2
        status = 1791
#10 0x00000001004031ce in evaltree (n=0x6ffffea1890, flags=0)
    at ../../src/eval.c:269
        checkexit = 0
        evalfn = 0x6fffffbfe6b
        isor = 2
        status = 0
#11 0x00000001004031ce in evaltree (n=0x6ffffe96448, flags=0)
    at ../../src/eval.c:269
        checkexit = 0
        evalfn = 0x6fffffbfc90
        isor = 2
        status = 1791
---Type <return> to continue, or q <return> to quit---
#12 0x0000000100403711 in evalcase (n=0x6ffffe95ab0, flags=0)
    at ../../src/eval.c:434
        cp = 0x6ffffe96428
        patp = 0x6ffffeb0180
        arglist = {list = 0x6fffffbfe70, lastp = 0x6fffffbfe70}
        smark = {stackp = 0x6fffffbfc90, stacknxt = 0x6fffffbfe68 "lib",
          stacknleft = 40}
#13 0x000000010040321a in evaltree (n=0x6ffffe95ab0, flags=0)
    at ../../src/eval.c:280
        checkexit = 0
        evalfn = 0x100403626 <evalcase>
        isor = 2
        status = 0
#14 0x000000010040321a in evaltree (n=0x6ffffe95ab0, flags=0)
    at ../../src/eval.c:280
        checkexit = 0
        evalfn = 0x100402f73 <evaltree>
        isor = 2
        status = 0
#15 0x00000001004031ce in evaltree (n=0x6ffffe92d70, flags=0)
    at ../../src/eval.c:269
        checkexit = 0
        evalfn = 0x10
        isor = 2
---Type <return> to continue, or q <return> to quit---
        status = 0
#16 0x00000001004031ce in evaltree (n=0x6ffffe92c60, flags=0)
    at ../../src/eval.c:269
        checkexit = 0
        evalfn = 0x100000000
        isor = 2
        status = 0
#17 0x00000001004031ce in evaltree (n=0x6ffffe900a8, flags=0)
    at ../../src/eval.c:269
        checkexit = 0
        evalfn = 0x0
        isor = 2
        status = 0
#18 0x00000001004031ce in evaltree (n=0x6ffffe90030, flags=0)
    at ../../src/eval.c:269
        checkexit = 0
        evalfn = 0x100423fd9 <stackbase+505>
        isor = 2
        status = 1
#19 0x000000010040486a in evalfun (func=0x6ffffe90010, argc=42,
    argv=0x6fffffbfd10, flags=0) at ../../src/eval.c:948
        saveparam = {nparam = 41, malloc = 1 '\001', p = 0x6fffffb6230,
          optind = 1, optoff = -1}
        savehandler = 0x22a840
---Type <return> to continue, or q <return> to quit---
        jmploc = {loc = {0, 0, 2270248, 2270384, 6445443304, 2280688, 0, 0,
            0, 0, 4299179880, 2285608, 0 <repeats 20 times>}}
        e = 0
        savefuncline = 0
#20 0x0000000100404514 in evalcommand (cmd=0x6fffffbbf18, flags=0)
    at ../../src/eval.c:871
        localvar_stop = 0x0
        redir_stop = 0x0
        smark = {stackp = 0x6fffffbbef0,
          stacknxt = 0x6fffffbbf50 "func_mode_link", stacknleft = 416}
        argp = 0x0
        arglist = {list = 0x6fffffbbf60, lastp = 0x6fffffbfcf8}
        varlist = {list = 0x0, lastp = 0x22a5d0}
        argv = 0x6fffffbfd10
        argc = 42
        sp = 0x0
        cmdentry = {cmdtype = 1, u = {index = -1507312, cmd = 0x6ffffe90010,
            func = 0x6ffffe90010}}
        jp = 0x0
        lastarg = 0x0
        path = 0x1802e3afd "/usr/bin"
        spclbltin = -1
        execcmd = 0
        status = 0
---Type <return> to continue, or q <return> to quit---
        nargv = 0x6fffffbfe60
#21 0x000000010040321a in evaltree (n=0x6fffffbbf18, flags=0)
    at ../../src/eval.c:280
        checkexit = 0
        evalfn = 0x100403e2e <evalcommand>
        isor = 1
        status = 0
#22 0x000000010040321a in evaltree (n=0x6fffffbbf18, flags=0)
    at ../../src/eval.c:280
        checkexit = 0
        evalfn = 0x100402f73 <evaltree>
        isor = 0
        status = 1
#23 0x000000010040c359 in cmdloop (top=1) at ../../src/main.c:238
        skip = 0
        n = 0x6fffffbbf38
        smark = {stackp = 0x100423de0 <stackbase>,
          stacknxt = 0x100423de8 <stackbase+8> "{", stacknleft = 504}
        inter = 0
        status = 0
        numeof = 0
#24 0x000000010040c229 in main (argc=46, argv=0x22a9c0)
    at ../../src/main.c:178
        shinit = 0x22ccf0 ""
---Type <return> to continue, or q <return> to quit---
        state = 4
        jmploc = {loc = {0, 2271680, 2271224, 2271360, 6445443304, 2280688,
            0, 0, 0, 0, 4299210697, 2285608, 0 <repeats 20 times>}}
        smark = {stackp = 0x100423de0 <stackbase>,
          stacknxt = 0x100423de8 <stackbase+8> "{", stacknleft = 504}
        login = 0
(gdb)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]