Project

General

Profile

Actions

Bug #2811

closed

va_arg twice in dntpd

Added by bycn82 over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/23/2015
Due date:
% Done:

0%

Estimated time:

Description

the function vlogline of below file
/usr.sbin/dntpd/log.c
it is possible to print the va into stderr and log into syslog ,below is the overview of the function.

function vlogline(){
if (log_stderr) {
print va into stderr
}

if(debug_opt == 0){
syslog
}
}

va_arg() will move the ap to next arg. somehow in my development environment, it dumpped when i trigger it manually,

core file and patch in the attachment.

dev01#dntpd
dntpd: NOTE: killing old daemon and starting a new one
Segmentation fault (core dumped)
dev01#


Files

dntpd.core (996 KB) dntpd.core bycn82, 04/23/2015 01:00 PM
dntpd.patch (1.07 KB) dntpd.patch bycn82, 04/23/2015 01:00 PM
dntpd.core (996 KB) dntpd.core the dump bycn82, 04/24/2015 12:25 AM
dntpd (85.3 KB) dntpd with debug info inside bycn82, 04/24/2015 12:25 AM

Updated by bycn82 over 9 years ago

Reading symbols from /usr/src/usr.sbin/dntpd/dntpd...done.
(gdb) b vlogline
Breakpoint 1 at 0x402c77: file log.c, line 113.
(gdb) run
Starting program: /usr/src/usr.sbin/dntpd/dntpd

Breakpoint 1, vlogline (level=level@entry=0, newline=newline@entry=1,
ctl=ctl@entry=0x404d38 "%s: NOTE: killing old daemon and starting a new one",
va=va@entry=0x7ffffffff678) at log.c:113
113 {
(gdb) list
108 }
109 }
110
111 static void
112 vlogline(int level, int newline, const char *ctl, va_list va)
113 {
114 static char line_build1024;
115 static int line_index;
116 int priority;
117
(gdb) print va
$1 = (struct __va_list_tag *) 0x7ffffffff678
(gdb) print *va
$2 = {gp_offset = 8, fp_offset = 48, overflow_arg_area = 0x7ffffffff750,
reg_save_area = 0x7ffffffff690}
(gdb) n
121 if (level <= debug_level) {
(gdb) n
122 if (log_stderr) {
(gdb) n
123 vfprintf(stderr, ctl, va);
(gdb) n
/usr/src/usr.sbin/dntpd/dntpd: NOTE: killing old daemon and starting a new one124 if (newline)
(gdb) n
125 fprintf(stderr, "\n");
(gdb) print va
$3 = (struct __va_list_tag *) 0x7ffffffff678
(gdb) print *va
$4 = {gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7ffffffff750,
reg_save_area = 0x7ffffffff690}
(gdb) n

126 fflush(stderr);
(gdb) n
128 if (debug_opt == 0) {
(gdb) n
129 vsnprintf(line_build + line_index, sizeof(line_build) - line_index,
(gdb) print *va
$5 = {gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7ffffffff750,
reg_save_area = 0x7ffffffff690}
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0x0000000800b5214d in __vfprintf () from /lib/libc.so.8
(gdb)

the gp_offset changed after first va_arg, and

Actions #2

Updated by bycn82 over 9 years ago

  1. date
    Fri Apr 24 07:13:39 UTC 2015
  2. uname -a
    DragonFly 4.1-DEVELOPMENT DragonFly e99935b-DEVELOPMENT #0: Wed Apr 15 04:26:41 UTC 2015 root@:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64

info of my env

Actions

Also available in: Atom PDF