hald crashes on intel pro wireless scan and 2.6.9-rc due to unreadable files.

Mitch Mitch at 0Bits.COM
Thu Oct 14 09:28:57 PDT 2004 

Hi

I'm getting a crash when starting hald on my intel pro 2200 wireless
machine on Linux using hal cvs (from today).

#0  0xb7d1e7c3 in strlen () from /lib/libc.so.6
#1  0x0805f20e in pci_device_pre_process (self=0x807e1a0, d=0x81661a8,
     sysfs_path=0x8173f68 
"/sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0",
     device=0x8173fb0) at linux/pci_bus_device.c:420
#2  0x0805db6e in bus_device_got_parent (store=0x80ca910, parent=0x8152e90,
     user_data=0x8172b20) at linux/bus_device.c:206
#3  0x0805d962 in bus_device_visit (self=0x807e1a0,
     path=0xbfffea10 "/sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0",
     device=0x81727c8) at linux/bus_device.c:137
#4  0x0805bf57 in add_device (
     given_sysfs_path=0x80c9010 
"/sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0", subsystem=0x80c9000 
"pci", msg=0x0) at linux/osspec.c:988
#5  0x0805b547 in process_coldplug_list () at linux/osspec.c:763
#6  0x0805b41f in process_coldplug_list_on_gdl_store_add (store=0x80ca910,
     device=0x8154ce0, is_added=1, user_data=0x8154ce0) at 
linux/osspec.c:734
#7  0x0804c153 in hald_marshal_VOID__OBJECT_BOOLEAN (closure=0x8166218,
     return_value=0x0, n_param_values=3, param_values=0xbffff0e0,
     invocation_hint=0xbfffefa8, marshal_data=0x0) at hald_marshal.c:122
#8  0xb7fa8d2b in g_closure_invoke () from 
/usr/local/lib/libgobject-2.0.so.0
#9  0xb7fb9df8 in signal_emit_unlocked_R ()
    from /usr/local/lib/libgobject-2.0.so.0
#10 0x00000000 in ?? ()
....

Adding in some printf i see it's looking at
	/sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0/dump_errors

This file is not readable


	laptop /sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0# ls -l
	total 0
	-r--r--r--    1 root     root         4096 Oct 14 16:34 cfg
	-r--r--r--    1 root     root         4096 Oct 14 16:34 class
	-rw-r--r--    1 root     root         4096 Oct 14 16:34 command_event_reg
	-rw-r--r--    1 root     root          256 Oct 14 16:34 config
	-rw-r--r--    1 r	oot     root         4096 Oct 14 16:34 detach_state
	-r--r--r--    1 root     root         4096 Oct 14 16:34 device
	-rw-r--r--    1 root     root         4096 Oct 14 16:34 direct_dword
	--w-------    1 root     root         4096 Oct 14 16:34 dump_errors
	etc...

Even as root:
	laptop /sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0# id 	
	uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy)
	laptop /sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0# cat dump_errors
	cat: dump_errors: Permission denied


Clearly strlen() is being passed a NULL or unmappable NULL or unmappable 
address. cur needs to be initialised properly and the value checked 
before using it.


udevinfo -p `pwd` -a
   looking at class device 
'/sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0':
     SYSFS{cfg}="0x00000140"
     SYSFS{class}="0x028000"
     SYSFS{command_event_reg}="0x08003600"
     SYSFS{detach_state}="0"
     SYSFS{device}="0x4220"
     SYSFS{direct_dword}="0x00000000"
     SYSFS{eeprom_delay}="1"
     SYSFS{indirect_byte}="0x00"
     SYSFS{indirect_dword}="0x00000000"
     SYSFS{irq}="5"
     SYSFS{mem_gpio_reg}="0x0e0a02f5"
     SYSFS{nic_type}="HP"
     SYSFS{rf_kill}="0"
     SYSFS{rtc}="0x00cb1778"
     SYSFS{status}="0x02800800"
     SYSFS{subsystem_device}="0x12f6"
     SYSFS{subsystem_vendor}="0x103c"
     SYSFS{ucode_version}="0x0000d03e"
     SYSFS{vendor}="0x8086"

# lspci -d ':0x4220'
02:02.0 Network controller: Intel Corp. PRO/Wireless 2200BG (rev 05)

Fix is obvious.
Mitch
=====
_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal

More information about the Hal mailing list