Bug #1080

Segfault in the 2.0.0 installer

Added by pierre.riteau over 6 years ago. Updated over 6 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hi,
I was installing DragonFlyBSD 2.0.0 to try out HAMMER and the installer
segfaulted.
Can anyone reproduce it?
Launch the installer, go to "Configure an Installer System", select the
system then choose "Select timezone", answer YES to the question about
UTC and then select Europe: the installer freezes and I get on the other
tty "pid 1724 (dfuife_curses), uid 0: exited on signal 11 (core dumped)".

I could debug it but I would need to finish the install and get the
source tree first, so if anyone wants to take a look at it, that would
be great.

Pierre Riteau

History

#1 Updated by mneumann over 6 years ago

Try this: Login as "root" and then type "installer". IIRC, I had a
similar problem (at least once). Nevertheless, the bug should be fixed.

Regards,

Michael

#2 Updated by dillon over 6 years ago

:Pierre Riteau wrote:
:> Hi,
:> I was installing DragonFlyBSD 2.0.0 to try out HAMMER and the installer
:> segfaulted.
:> Can anyone reproduce it?
:> Launch the installer, go to "Configure an Installer System", select the
:> system then choose "Select timezone", answer YES to the question about
:> UTC and then select Europe: the installer freezes and I get on the other
:> tty "pid 1724 (dfuife_curses), uid 0: exited on signal 11 (core dumped)".
:>
:> I could debug it but I would need to finish the install and get the
:> source tree first, so if anyone wants to take a look at it, that would
:> be great.
:
:Try this: Login as "root" and then type "installer". IIRC, I had a
:similar problem (at least once). Nevertheless, the bug should be fixed.
:
:Regards,
:
: Michael

Very odd. It seems to work fine when I try it (by logging in as
'installer').

Maybe there's a memory corruption issue in the installer and the
problem is due to some prior action. When you select 'Europe'
it does have to allocate fairly large list to generate the next
menu.

-Matt
Matthew Dillon
<>

#3 Updated by ahuete.devel over 6 years ago

I experimented same segfault when installing 2.0 under KVM, but I have
been unable to reproduce it. I followed just the same path as Pierre.

Regards,
Antonio Huete

#4 Updated by pierre.riteau over 6 years ago

It is in VMware with a VM having 256MB of RAM. I tried again and I could
reproduce it, by logging in as installer or as root.
I can make available the core file of dfuife_curses if you want.

Pierre Riteau

#5 Updated by pierre.riteau over 6 years ago

OK, I tracked it down to an off-by-one that was probably corrupting
malloc internals.

A quick grep through the code found the same issue in other files
(looks like copy and paste).

Diff inline below.

Pierre Riteau

Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_caps.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c 12 Mar 2008 22:15:54 -0000 1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c 26 Jul 2008 18:50:59 -0000
@@ -285,7 +285,7 @@ dfui_caps_fe_ll_request(struct dfui_conn
* Construct a message.
*/

- fmsg = aura_malloc(strlen(msg) + 1, "exchange message");
+ fmsg = aura_malloc(strlen(msg) + 2, "exchange message");
fmsg[0] = msgtype;
strcpy(fmsg + 1, msg);
dfui_debug("SEND<<%s>>\n", fmsg);
Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_npipe.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c 12 Mar 2008 22:15:54 -0000 1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c 26 Jul 2008 18:49:00 -0000
@@ -340,7 +340,7 @@ dfui_npipe_fe_ll_request(struct dfui_con
* Construct a message.
*/

- fmsg = malloc(strlen(msg) + 1);
+ fmsg = malloc(strlen(msg) + 2);
fmsg[0] = msgtype;
strcpy(fmsg + 1, msg);

Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_tcp.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c 12 Mar 2008 22:15:54 -0000 1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c 26 Jul 2008 17:11:57 -0000
@@ -394,7 +394,7 @@ dfui_tcp_fe_ll_request(struct dfui_conne
* Construct a message.
*/

- fmsg = malloc(strlen(msg) + 1);
+ fmsg = malloc(strlen(msg) + 2);
fmsg[0] = msgtype;
strcpy(fmsg + 1, msg);
dfui_debug("SEND<<%s>>\n", fmsg);

#6 Updated by dillon over 6 years ago

:OK, I tracked it down to an off-by-one that was probably corrupting
:malloc internals.
:
:A quick grep through the code found the same issue in other files
:(looks like copy and paste).
:
:Diff inline below.
:
:Pierre Riteau

Excellent sleuthing! We'll get these patches committed ASAP.

This is also a dividend of the easier access to the installer sources
we got when Dave Hayes ported it into the base system bulid.

-Matt
Matthew Dillon
<>

#7 Updated by pierre.riteau over 6 years ago

Yes, it was very handy to have the installer in the source tree and
moreover being able to quickly recompile it and run it directly on the
system.

Pierre Riteau

#8 Updated by matthias over 6 years ago

Fix committed by dillon@

Also available in: Atom PDF