Bug#343365: libc6: strfry() SEGVs

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#343365: libc6: strfry() SEGVs
From: Branden Robinson <branden@debian.org>
Date: Wed, 14 Dec 2005 13:36:03 -0500
Message-id: <[🔎] 20051214183603.21678.22959.reportbug@localhost>
Reply-to: Branden Robinson <branden@debian.org>, 343365@bugs.debian.org

Package: libc6
Version: 2.3.5-8
Severity: important

When I attempt to use strfry() as documented, it segfaults.

Please see the following attachments:

* my C source code
* my compiled ELF executable
* a transcript of my GDB session

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

-- no debconf information

/* cc -Wall -Werror -std=c99 */

#define _GNU_SOURCE /* strfry() */

#include <stdio.h> /* printf() */
#include <stdlib.h> /* malloc() */
#include <string.h> /* strfry(), strncpy() */

int main(int argc, char **argv) {
    char *string;

    string = malloc(sizeof(char) * 8);
    (void) strncpy(string, "bletch", sizeof(char) * 8);

    (void) printf("%s\n", string);
    (void) strncpy(string, "greunk", sizeof(char) * 8);
    (void) strfry(string);
    (void) printf("%s\n", string);

    free(string);
    return 0;
}

/* vim:set cindent et sts=4 sw=4 tw=80: */

Attachment: strfry
Description: application/executable

$ gdb ./strfry ./core
GNU gdb 6.3.90_20051119-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `./strfry'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/debug/libc.so.6...done.
Loaded symbols for /usr/lib/debug/libc.so.6
Reading symbols from /lib/ld.so.1...Reading symbols from /usr/lib/debug/lib/ld-2.3.5.so...done.
done.
Loaded symbols for /lib/ld.so.1
#0  __initstate_r (seed=1133653892, arg_state=0xffee50c "", n=32, buf=0xffee4f0) at random_r.c:252
252     random_r.c: No such file or directory.
        in random_r.c
(gdb) bt full
#0  __initstate_r (seed=1133653892, arg_state=0xffee50c "", n=32, buf=0xffee4f0) at random_r.c:252
        type = 1133648766
        degree = 33618226
        separation = 4146
        state = (int32_t *) 0xffee4f0
        old_type = 0
        old_state = (int32_t *) 0x0
#1  0x0ff3a8e8 in strfry (string=0x100008a4 "bletch") at strfry.c:35
        state = '\0' <repeats 31 times>
        init = 0
        rdata = {fptr = 0x0, rptr = 0x0, state = 0x0, rand_type = 0, rand_deg = 0, rand_sep = 0, end_ptr = 0x0}
        i = 268362992
#2  0x100004c8 in main (argc=1, argv=0x7ffff3d4) at strfry.c:14
        string = 0x100008a4 "bletch"
(gdb) quit

Reply to:

Prev by Date: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
Next by Date: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
Previous by thread: compil libgtkmm against libgtk-dfb
Next by thread: Bug#340871: Test Case
Index(es):
- Date
- Thread