Re: fsck seg fault failure on vmware -i386?

[Robert Elz <kre%munnari.OZ.AU@localhost>]

    Date:        Sat, 30 Jan 2010 12:55:41 +0000 (UTC)
    From:        mlelstv%serpens.de@localhost (Michael van Elst)
    Message-ID:  <hk1a8c$5hm$1%serpens.de@localhost>

  | asctime() (and others) may return NULL nowadays. The sequence
  | in fsck_ffs/inode.c:pinode()
  | 
  |         p = ctime(&t);
  |         printf("MTIME=%12.12s %4.4s ", &p[4], &p[20]);
  | 
  | might crash if the inode timestamp is 'invalid'.

Yes, it might (even would) but perhaps not the way you are thinking.
While it is certainly true that p might be NULL there, and that fsck_ffs
really needs to do
        if (p == NULL)
                printf("MTIME="%-17s ", "invalid");
        else

the actual reported crash was from within asctime_r(), not directly
inside pinode() which this would have been.

That indicates a related, but different bug, in libc (and in the latest
olson tz code), that is, ctime() is just

        ctime(time_t *t)
        {
                return asctime(localtime(t)));
        }

so if localtime() returns NULL (which it can), asctime() (and asctime_r()
which it calls) is handleda NULL pointer, which it certainly doesn't expect,
and will cause asctime_r() to core dump.

That's most likely what is being seen.

The fix I'll be suggesting to the tz people is to harden asctime_r()
rather than adding a test into ctime(), so that asctime_r() simply starts

        if (timeptr == NULL)
                return NULL;

Once this is installed, then you would get the core dump from pinode()
unless that gets fixed as well.

kre