Segmentation fault?

Kay Sievers kay.sievers at vrfy.org
Thu Jul 15 16:30:02 PDT 2004 

On Fri, 2004-07-16 at 00:22 +0200, David Zeuthen wrote:
> On Fri, 2004-07-16 at 00:08 +0200, Kay Sievers wrote:
> > Any idea what happens here? Does the lastest version work for you guys?
> 
> I hope so; it works for me anyhow.
> 
> > ...
> > [I] hald.c:73 gdl_store_changed() : Added device to GDL; udi=/org/freedesktop/Hal/devices/pci_104c_ac46
> > [I] linux/class_device.c:325 class_device_got_sysdevice() : Entering d=0x8c51948, sysdevice=0x8be85d8!
> > 
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x003b6a43 in _int_free () from /lib/tls/libc.so.6
> > (gdb) 
> > 
> 
> Uh, care to send a backtrace? Does this happen with an empty callout
> directory?

Oh, bad. This is crazy:
  #0  0x003b6a43 in _int_free () from /lib/tls/libc.so.6
  #1  0x003bb22a in free () from /lib/tls/libc.so.6 
  #2  0x0805ee80 in sysfs_read_attribute (sysattr=0x9b8c9d0) at linux/libsysfs/sysfs_dir.c:292
  #3  0x0805f31d in sysfs_read_directory (sysdir=0x9b89cb8) at linux/libsysfs/sysfs_dir.c:539
  #4  0x0805da2c in sysfs_open_class_device (path=0x9b89cb8 "") at linux/libsysfs/sysfs_class.c:213
  #5  0x0805543f in class_device_final (self=0x8067a20, d=0x9ad4a58, merge_or_add=1) at linux/class_device.c:432
  #6  0x0805574f in class_device_got_sysdevice (store=0x9a021e8, sysdevice=0x9a7db60, user_data=0x9ad8ca0) at linux/class_device.c:366
  #7  0x0804ebba in store_changed (store=0x9a021e8, device=0x9a7db60, added=1, user_data=0x9ad8cb0) at device_store.c:397
  #8  0x0064f34d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0

sysfs does this:        
  length = read(fd, fbuf, pgsize);
  if (length < 0) {
        dprintf("Error reading from attribute %s\n", sysattr->path);
        close(fd);
        free(fbuf);
        return -1;
  }
  sysattr->len = length;

but length is size_t and unsigned an never < 0 !!!

And now the crazy part:
  [root at pim hal]# cat /sys/class/pcmcia_socket/pcmcia_socket0/card_vcc
  cat: /sys/class/pcmcia_socket/pcmcia_socket0/card_vcc: No such device

the same traced:
  open("/sys/class/pcmcia_socket/pcmcia_socket0/card_vcc", O_RDONLY|O_LARGEFILE) = 3
  fstat64(3, {st_mode=S_IFREG|0400, st_size=4096, ...}) = 0
  read(3, 0x8de5858, 4096)                = -1 ENODEV (No such device)

We got a sysfs-file we can open, but fail with read on it. Then a bad compare
and a bad free.

I will ping Greg for the sysfs-file and the libsysfs mainatainer to change
the size_t to ssize_t.

Kay

_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal

More information about the Hal mailing list