Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: emacs-24.3: test request
On Sun, Sep 08, 2013 at 14:23:47 +0400, Valery Ushakov wrote:
> On Sun, Sep 08, 2013 at 13:25:52 +0400, Valery Ushakov wrote:
>
> > On Sun, Sep 08, 2013 at 10:13:13 +0100, Robert Swindells wrote:
> >
> > > Thomas Klausner wrote:
> > > >On Sun, Sep 08, 2013 at 11:59:51AM +0400, Valeriy E. Ushakov wrote:
> > > >> Haven't you or someone else complained about problems with emacs24
> > > >> vs. environ a few months ago?
> > >
> > > >This is still the same issue I've been seeing and reporting for
> > > >months. There is a random element in the backtrace (sometimes it even
> > > >works! perhaps my stack limit test was a random success), but it
> > > >usually ends in getenv and below, trying some to find some language
> > > >environment stuff.
> > >
> > > If you run:
> > >
> > > % nm emacs | sort > lst
> > >
> > > What variables are just below environ in memory ?
> >
> > emacs plays games with environ itself, saving and restoring it. A
> > problem in that code is more likely than random buffer overflow that
> > clobbers environ.
>
>
> With the following breakpoints on assignemnts to/from environ:
>
> break callproc.c:496
> break callproc.c:643
> break callproc.c:1314
> break editfns.c:1912
> break editfns.c:1940
> break editfns.c:1941
> break editfns.c:2119
> break editfns.c:2177
> break process.c:1734
> break process.c:1879
>
>
>
> Starting program:
> /usr/pkgsrc/editors/emacs24/work/emacs-24.3/src/emacs-24.3.1
> /usr/pkgsrc/doc/guide/files/options.xml
> Gtk-Message: Failed to load module "canberra-gtk-module"
> [Switching to LWP 1]
>
> Breakpoint 4, Fencode_time (nargs=9, args=0x7f7fffff74e8) at editfns.c:1912
> 1912 char **oldenv = environ, **newenv;
> (gdb) p environ
> $1 = (char **) 0x11f3400
> (gdb) watch *(char **)0x11f3400
> Watchpoint 11: *(char **)0x11f3400
> (gdb) n
>
> Breakpoint 8, set_time_zone_rule (tzstring=0x7f7fffff7330 "XXX-0:00:00")
> at editfns.c:2177
> 2177 environ = newenv;
> (gdb)
> 2220 }
> (gdb) p environ
> $3 = (char **) 0x15c9800
> (gdb) n
> Fencode_time (nargs=9, args=0x7f7fffff74e8) at editfns.c:1937
> 1937 value = mktime (&tm);
> (gdb)
> Watchpoint 11: *(char **)0x11f3400
>
> Old value = 0x7f7ffffffd2d "PILOTRATE=115200"
> New value = 0x1476400 ""
> _free_internal_nolock (ptr=0x11f3400) at gmalloc.c:1224
> 1224 prev->prev = &_fraghead[type];
> (gdb) p environ
> $4 = (char **) 0x15c9800
> (gdb) bt
> #0 _free_internal_nolock (ptr=0x11f3400) at gmalloc.c:1224
> #1 0x0000000000664ecf in _free_internal (ptr=0x11f3400) at gmalloc.c:1241
> #2 0x0000000000664f1e in free (ptr=0x11f3400) at gmalloc.c:1255
> #3 0x00007f7fec4b2beb in ?? () from /usr/lib/libc.so.12
> #4 0x00007f7fec4b2dc7 in __getenvslot () from /usr/lib/libc.so.12
> #5 0x00007f7fec4b2f42 in __findenvvar () from /usr/lib/libc.so.12
> #6 0x00007f7fec4b29e0 in getenv () from /usr/lib/libc.so.12
> #7 0x00007f7fec4ab594 in ?? () from /usr/lib/libc.so.12
> #8 0x00007f7fec4ab85f in __localtime_r50 () from /usr/lib/libc.so.12
> #9 0x0000000000679a16 in ranged_convert (
> convert=0x4114a0 <__localtime_r50@plt>, t=0x7f7fffff7240,
> tp=0x7f7fffff7200) at mktime.c:310
> #10 0x0000000000679e2f in mktime_internal (tp=0x7f7fffff73a0,
> convert=0x4114a0 <__localtime_r50@plt>, offset=0xc06250) at mktime.c:478
> #11 0x000000000067a15b in rpl_mktime (tp=0x7f7fffff73a0) at mktime.c:591
> #12 0x00000000005b89c7 in Fencode_time (nargs=9, args=0x7f7fffff74e8)
> at editfns.c:1937
> [...]
>
>
> So it looks like libc is confused by changed environ (see
> stdlib/_env.c in libc).
Ah, it's __scrubenv() that clobbers it:
ssize_t
__getenvslot(const char *name, size_t l_name, bool allocate)
{
size_t new_size, num_entries, required_size;
char **new_environ;
/* Does the environ need scrubbing? */
if (environ != allocated_environ && allocated_environ != NULL)
__scrubenv();
> Unfortunately, I have to run now and can only look further into it
> late tonight at the earliest. If someone feels like picking this up
> from here, feel free to. TIA.
-uwe
Home |
Main Index |
Thread Index |
Old Index