seg fault at src/string/strlen.c:15

seg fault at src/string/strlen.c:15

[Po-yi Wang]

hi

I try to compile make-4.1 for i486,ppc,arm targets.
i486 seem ok. "make --version" runs and no problem.
for ppc and arm targets, both seg fault at exactly the same place.
I had to recompile musl-1.1.18 for both with "-g3" to narrow down the 
problem. it should be easy to reproduce. here is some outputs:

[ppc][1] cd /build/make-4.1; file make
make: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), 
statically linked, not stripped
[ppc][1] cd /build/make-4.1; cp make make-4.1 
[ppc][1] cd /build/make-4.1; gdb make-4.1
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "powerpc-unknown-linux-gnu"...Using host 
libthread_db library "/lib/libthread_db.so.1".

(gdb) run --version
Starting program: /tmp/build/make-4.1/make-4.1 --version

Program received signal SIGSEGV, Segmentation fault.
strlen (s=0x0) at src/string/strlen.c:15
15              for (w = (const void *)s; !HASZERO(*w); w++);
(gdb)


output for arm target:

GNU gdb (GDB) 8.0
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv7l-unknown-linux-gnueabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from make-4.1...done.
(gdb) run --version
Starting program: /tmp/build/make-4.1/make-4.1 --version

Program received signal SIGSEGV, Segmentation fault.
0x0002c3a0 in strlen (s=<optimized out>, s@entry=0x0) at 
src/string/strlen.c:15
15              for (w = (const void *)s; !HASZERO(*w); w++);
(gdb)

Re: seg fault at src/string/strlen.c:15

[Rich Felker]

On Tue, Jan 23, 2018 at 05:07:32PM -0800, Po-yi Wang wrote:
> hi
> 
> I try to compile make-4.1 for i486,ppc,arm targets.
> i486 seem ok. "make --version" runs and no problem.
> for ppc and arm targets, both seg fault at exactly the same place.
> I had to recompile musl-1.1.18 for both with "-g3" to narrow down
> the problem. it should be easy to reproduce. here is some outputs:
> 
> [ppc][1] cd /build/make-4.1; file make
> make: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1
> (SYSV), statically linked, not stripped
> [ppc][1] cd /build/make-4.1; cp make make-4.1 [ppc][1] cd
> /build/make-4.1; gdb make-4.1
> GNU gdb 6.5
> Copyright (C) 2006 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and
> you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
> This GDB was configured as "powerpc-unknown-linux-gnu"...Using host
> libthread_db library "/lib/libthread_db.so.1".
> 
> (gdb) run --version
> Starting program: /tmp/build/make-4.1/make-4.1 --version
> 
> Program received signal SIGSEGV, Segmentation fault.
> strlen (s=0x0) at src/string/strlen.c:15
> 15              for (w = (const void *)s; !HASZERO(*w); w++);
> (gdb)

This means make is calling strlen(0), so the bug is somewhere else --
in whatever causing the string pointer passed to strlen to be a null
pointer. Can you show a full backtrace (bt) rather than just the point
of the crash?

> output for arm target:
> 
> GNU gdb (GDB) 8.0
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "armv7l-unknown-linux-gnueabi".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from make-4.1...done.
> (gdb) run --version
> Starting program: /tmp/build/make-4.1/make-4.1 --version
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x0002c3a0 in strlen (s=<optimized out>, s@entry=0x0) at
> src/string/strlen.c:15
> 15              for (w = (const void *)s; !HASZERO(*w); w++);
> (gdb)

Same here.

Does the problem also happen with make 4.2? Alpine Linux is using make
4.2.1 I think and I haven't heard of such a problem from them.

Rich

Re: seg fault at src/string/strlen.c:15

[Andre Renaud]

[-- Attachment #1: Type: text/plain, Size: 792 bytes --]

On Wed, 24 Jan 2018 at 15:28 Rich Felker <dalias@libc.org> wrote:

> On Tue, Jan 23, 2018 at 05:07:32PM -0800, Po-yi Wang wrote:
> > (gdb) run --version
> > Starting program: /tmp/build/make-4.1/make-4.1 --version
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > strlen (s=0x0) at src/string/strlen.c:15
> > 15              for (w = (const void *)s; !HASZERO(*w); w++);
> > (gdb)
>
> This means make is calling strlen(0), so the bug is somewhere else --
> in whatever causing the string pointer passed to strlen to be a null
> pointer. Can you show a full backtrace (bt) rather than just the point
> of the crash?


It's quite possible that this is a known bug in Make 4.1
https://savannah.gnu.org/bugs/?43434

Does it go away if /dev/pts is properly mounted?

Regards,
Andre

[-- Attachment #2: Type: text/html, Size: 1233 bytes --]

Re: seg fault at src/string/strlen.c:15

[Po-yi Wang]

On Tue, 23 Jan 2018, Rich Felker wrote:

> On Tue, Jan 23, 2018 at 05:07:32PM -0800, Po-yi Wang wrote:
>> hi
>>
>> I try to compile make-4.1 for i486,ppc,arm targets.
>> i486 seem ok. "make --version" runs and no problem.
>> for ppc and arm targets, both seg fault at exactly the same place.
>> I had to recompile musl-1.1.18 for both with "-g3" to narrow down
>> the problem. it should be easy to reproduce. here is some outputs:
>>
>> [ppc][1] cd /build/make-4.1; file make
>> make: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1
>> (SYSV), statically linked, not stripped
>> [ppc][1] cd /build/make-4.1; cp make make-4.1 [ppc][1] cd
>> /build/make-4.1; gdb make-4.1
>> GNU gdb 6.5
>> Copyright (C) 2006 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and
>> you are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB.  Type "show warranty" for
>> details.
>> This GDB was configured as "powerpc-unknown-linux-gnu"...Using host
>> libthread_db library "/lib/libthread_db.so.1".
>>
>> (gdb) run --version
>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> strlen (s=0x0) at src/string/strlen.c:15
>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>> (gdb)
>
> This means make is calling strlen(0), so the bug is somewhere else --
> in whatever causing the string pointer passed to strlen to be a null
> pointer. Can you show a full backtrace (bt) rather than just the point
> of the crash?

for ppc:
Program received signal SIGSEGV, Segmentation fault.
strlen (s=0x0) at src/string/strlen.c:15
15              for (w = (const void *)s; !HASZERO(*w); w++);
(gdb) bt
#0  strlen (s=0x0) at src/string/strlen.c:15
#1  0x10027ff8 in __strdup (s=0x0) at src/string/strdup.c:7
#2  0x1001167c in xstrdup (ptr=0x0) at misc.c:259
#3  0x1001ae94 in define_variable_in_set (name=0x10036474 "MAKE_TERMOUT", 
length=12, value=0x0, origin=o_default,
     recursive=0, set=0x1004d804, flocp=0x0) at variable.c:243
#4  0x1000fb14 in main (argc=2, argv=0xbfc26ea4, envp=0xbfc26eb0) at 
main.c:1404

for arm:
#0  0x0002c3a0 in strlen (s=<optimized out>, s@entry=0x0)
     at src/string/strlen.c:15
#1  0x0002c350 in __strdup (s=0x0) at src/string/strdup.c:7
#2  0x000180d4 in xstrdup (ptr=ptr@entry=0x0) at misc.c:259
#3  0x00020ec0 in define_variable_in_set (
     name=name@entry=0x37e7f "MAKE_TERMOUT", length=length@entry=12, 
value=0x0,
     origin=origin@entry=o_default, recursive=recursive@entry=0,
     set=0x46ae8 <global_variable_set>, flocp=flocp@entry=0x0) at 
variable.c:243
#4  0x00008768 in main (argc=<optimized out>, argv=<optimized out>,
     envp=<optimized out>) at main.c:1404

After "mount -n -t devpts devpts /dev/pts", both works fine.
Strangely, on i486, even if I "umount /dev/pts", seg fault do not occur.
Thanks.

>
>> output for arm target:
>>
>> GNU gdb (GDB) 8.0
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> <http://gnu.org/licenses/gpl.html>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "armv7l-unknown-linux-gnueabi".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> <http://www.gnu.org/software/gdb/bugs/>.
>> Find the GDB manual and other documentation resources online at:
>> <http://www.gnu.org/software/gdb/documentation/>.
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from make-4.1...done.
>> (gdb) run --version
>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x0002c3a0 in strlen (s=<optimized out>, s@entry=0x0) at
>> src/string/strlen.c:15
>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>> (gdb)
>
> Same here.
>
> Does the problem also happen with make 4.2? Alpine Linux is using make
> 4.2.1 I think and I haven't heard of such a problem from them.
>
> Rich
>

Re: seg fault at src/string/strlen.c:15

[Po-yi Wang]

On Wed, 24 Jan 2018, Andre Renaud wrote:

> On Wed, 24 Jan 2018 at 15:28 Rich Felker <dalias@libc.org> wrote:
>
>> On Tue, Jan 23, 2018 at 05:07:32PM -0800, Po-yi Wang wrote:
>>> (gdb) run --version
>>> Starting program: /tmp/build/make-4.1/make-4.1 --version
>>>
>>> Program received signal SIGSEGV, Segmentation fault.
>>> strlen (s=0x0) at src/string/strlen.c:15
>>> 15              for (w = (const void *)s; !HASZERO(*w); w++);
>>> (gdb)
>>
>> This means make is calling strlen(0), so the bug is somewhere else --
>> in whatever causing the string pointer passed to strlen to be a null
>> pointer. Can you show a full backtrace (bt) rather than just the point
>> of the crash?
>
>
> It's quite possible that this is a known bug in Make 4.1
> https://savannah.gnu.org/bugs/?43434
>
> Does it go away if /dev/pts is properly mounted?

After "mount -n -t devpts devpts /dev/pts", both works fine.
Strangely, on i486, even if I "umount /dev/pts", seg fault do not occur.
Thanks.


>
> Regards,
> Andre
>