Subject: bin/7887: savecore dumps core if bounds unwriteable
To: None <gnats-bugs@gnats.netbsd.org>
From: None <ronald@chersonese.com>
List: netbsd-bugs
Date: 07/01/1999 01:36:54
>Number: 7887
>Category: bin
>Synopsis: bogus fclose() in src/sbin/savecore/savecore.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 1 01:35:01 1999
>Last-Modified:
>Originator: Ronald Khoo
>Organization:
Tea & biscuits
>Release: as per uname below
>Environment:
System: NetBSD leek.chersonese.com 1.4D NetBSD 1.4D (LEEK) #0: Thu Jul 1 15:33:41 MYT 1999 root@leek.chersonese.com:/usr/src/sys/arch/i386/compile/LEEK i386
>Description:
At line 425 of src/sbin/savecore/savecore.c, there is an fclose()
that should not be there. Look at the previous lines and see
that fclose will either be passed an already-closed fp (bogus)
or null (which gets you a sigsegv).
if ((fp = fopen(path, "w")) == NULL)
syslog(LOG_ERR, "%s: %m", path);
else {
(void)fprintf(fp, "%d\n", bounds + 1);
(void)fclose(fp);
}
(void)fclose(fp);
>How-To-Repeat:
put a coredump on your dump device with halt -d
boot -s and run savecore into a readonly /var/crash
note that savecore gets a SIGSEGV
>Fix:
remove the fclose() at line 425.
>Audit-Trail:
>Unformatted: