Bug#256725: Bug confirmed!
Hi, I read the description of #256725 with interest, as I have just
experienced exactly the same segfault on my machine! Running 'sed m'
as the bug submitter suggests causes a segfault. Using gdb, I found
out that the bug looks like a buffer overflow bug:
#0 0x40092d23 in mallopt () from /lib/libc.so.6
#1 0x40091e63 in malloc () from /lib/libc.so.6
#2 0x40047a9a in textdomain () from /lib/libc.so.6
#3 0x40045cb0 in ngettext () from /lib/libc.so.6
#4 0x401398e9 in _libc_intl_domainname () from /lib/libc.so.6
#5 0x00000012 in ?? ()
#6 0x00000000 in ?? ()
#7 0xbffffa10 in ?? ()
#8 0x00000000 in ?? ()
#9 0x00000000 in ?? ()
#10 0x00000000 in ?? ()
#11 0x00000000 in ?? ()
#12 0xbffffa20 in ?? ()
#13 0x00000000 in ?? ()
#14 0x40150ae0 in errno () from /lib/libc.so.6
#15 0x00fffa30 in ?? ()
#16 0x4002a980 in ?? () from /lib/libc.so.6
#17 0xbffffa20 in ?? ()
#18 0xbffffa10 in ?? ()
#19 0x400323da in ?? () from /lib/libc.so.6
#20 0x08048b3e in ?? ()
#21 0x00000000 in ?? ()
#22 0x40150ae0 in errno () from /lib/libc.so.6
#23 0x3d048861 in ?? ()
#24 0x401505b0 in ?? () from /lib/libc.so.6
#25 0x080583e0 in ?? ()
#26 0x4014113f in in6addr_loopback () from /lib/libc.so.6
#27 0xbffffae4 in ?? ()
#28 0x400451ce in gettext () from /lib/libc.so.6
#29 0x00000006 in ?? ()
#30 0x00000003 in ?? ()
#31 0x40140e36 in in6addr_loopback () from /lib/libc.so.6
#32 0xbffffae4 in ?? ()
#33 0x555f6e65 in ?? ()
#34 0x08050053 in _IO_stdin_used ()
#35 0x080583f8 in ?? ()
#36 0x00000003 in ?? ()
#37 0x4d5f434c in ?? ()
#38 0x41535345 in ?? ()
#39 0x2f534547 in ?? ()
#40 0x2e646573 in ?? ()
#41 0xbf006f6d in ?? ()
#42 0x4004510f in gettext () from /lib/libc.so.6
#43 0x080583f0 in ?? ()
#44 0x40044db0 in gettext () from /lib/libc.so.6
#45 0xbffffb2c in ?? ()
#46 0x08059870 in ?? ()
#47 0x080583f8 in ?? ()
#48 0x00000005 in ?? ()
#49 0x08059870 in ?? ()
#50 0x08059884 in ?? ()
#51 0x08059870 in ?? ()
#52 0x08059870 in ?? ()
#53 0x203a7325 in ?? ()
#54 0x6520652d in ?? ()
#55 0x65727078 in ?? ()
#56 0x6f697373 in ?? ()
#57 0x2523206e in ?? ()
#58 0x202c756c in ?? ()
#59 0x72616863 in ?? ()
#60 0x756c2520 in ?? ()
#61 0x7325203a in ?? ()
#62 0x4009000a in __libc_malloc_pthread_startup () from /lib/libc.so.6
Previous frame inner to this frame (corrupt stack?)
Notice entries #6, and #8 through #11, where the supposed stack frame
was actually pointing at an invalid address.
Also, #53--#61 look more like ASCII snippets than stack addresses. I'm
running on i386 (little endian) so #53--#61 are, respectively, "%s: "
"-e e", "xpre", "ssio", "n #%", "lu, ", "char", " %lu", and ": %s".
Putting them together, it reads:
"%s: -e expression #%lu, char %lu: %s"
That's a fragment of a C format string, overflowed into the stack.
Probably the very error message sed is trying to print when it hit the
bug. Buffer overflow somewhere, I'll bet.
So I don't know if this has anything to do with locales; the gettext
calls may or may not be by chance when the CPU tries to "return" to an
invalid address. At any rate, here is my system configuration:
ii libc6 2.3.2.ds1-14 GNU C Library: Shared libraries and Timezone
ii libc6-dev 2.3.2.ds1-14 GNU C Library: Development Libraries and Hea
ii locales 2.3.2.ds1-14 GNU C Library: National Language (locale) da
ii gettext 0.14.1-5 GNU Internationalization utilities
ii gettext-base 0.14.1-5 GNU Internationalization utilities for the b
ii sed 4.1.1-1 The GNU sed stream editor
I am running off unstable, as usual. Please let me know if you need
any other info. I'll try to resist the urge to upgrade every other day
in case something changes. :-)
T
--
Give a man a fish, and he eats once. Teach a man to fish, and he will sit
forever.
Reply to: