Bug#514979: (aklog built under etch segfaults in lenny)

To: 514979-maintonly@bugs.debian.org
Subject: Bug#514979: (aklog built under etch segfaults in lenny)
From: Sergio Gelato <Sergio.Gelato@astro.su.se>
Date: Thu, 12 Feb 2009 20:11:52 +0100
Message-id: <20090212191152.GD11064@astro.su.se>
Reply-to: Sergio Gelato <Sergio.Gelato@astro.su.se>, 514979-maintonly@bugs.debian.org
In-reply-to: <handler.514979.B.12344416766515.ack@bugs.debian.org>
References: <20090212122751.GA32346@astro.su.se> <handler.514979.B.12344416766515.ack@bugs.debian.org>

retitle 514979 aklog executable built under etch segfaults under lenny
severity 514979 minor
thanks

[Note to self: never file a bug report while under time pressure.]

Please forgive the flawed analysis in the original report (of course a
read error in valgrind can't explain stack smashing, and of course the
message in the aklog valgrind merely indicates that the program does
indeed switch stacks).

The faulty aklog had been built under etch (where it doesn't misbehave). 
It turns out that if I simply rebuild the package under lenny (no
source-code changes at all, just a recompile), the resulting aklog binary 
works as intended, no segfault.

So we have a case of a binary compiled under etch (libc 2.3.6) not being
compatible with lenny (libc 2.7) even though the ABI version numbers of
all the shared libraries it is linked against indicate that everything
should be OK.

I've now built an unstripped version of that aklog under etch, and the
good news is that it still suffers from the problem when run under
lenny. The crash isn't in getservbyname() but shortly afterwards,
in OpenAFS code (src/lwp/process.c:savecontext()), or so gdb tells me.

At this point I'm not at all confident that the bug is in libc6; it
could lie in OpenAFS. Particularly since I see /* Gross hack: beware! */
around the call to savecontext().

Severity minor since a recompile fixes the problem. Don't work too hard
on this one.

Here is the backtrace I got:
(gdb) bt
#0  savecontext (ep=0x8075650 <Create_Process_Part2>, savearea=0x9a7b0cc,
    sp=0xb7cf300c "����") at ./process.c:213
#1  0x08075997 in LWP_CreateProcess (ep=0x80768a0 <IOMGR>,
    stacksize=<value optimized out>, priority=0, parm=0x0,
    name=0x807f23d "IO MANAGER", pid=0x8091a48) at ./lwp.c:409
#2  0x08076896 in IOMGR_Initialize () at ./iomgr.c:820
#3  0x08074c94 in rxi_InitializeThreadSupport () at rx_lwp.c:117
#4  0x0806d911 in rx_InitHost (host=0, port=0) at rx.c:423
#5  0x0806db59 in rx_Init (port=0) at rx.c:557
#6  0x0804de1d in pr_Initialize (secLevel=0, confDir=0x80828c0 "/etc/openafs",
    cell=0xbf99b466 "astro.su.se") at ptuser.c:167
#7  0x0804b1bd in auth_to_cell (context=0x9a58058, cell=<value optimized out>,
    realm=0x0) at aklog_main.c:742
#8  0x0804c482 in aklog (argc=1, argv=0xbf9a59b4) at aklog_main.c:1403
#9  0x0804a0c2 in main (argc=Cannot access memory at address 0xf951e798) at aklog.c:18

Reply to:

References:
- Bug#514979: getservbyname() corrupts the stack
  - From: Sergio Gelato <Sergio.Gelato@astro.su.se>

Prev by Date: Processed: your mail
Next by Date: Bug#515099: locales: missing file /etc/default/locale
Previous by thread: Bug#514979: getservbyname() corrupts the stack
Next by thread: Processed: your mail
Index(es):
- Date
- Thread