Kudzu fix in tomorrow's rawhide too?
Adam Batkin
devel at batkin.net
Thu Mar 9 11:05:20 UTC 2006
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x00bc8d63 in strdup () from /lib/libc.so.6
>> (gdb) bt
>> #0 0x00bc8d63 in strdup () from /lib/libc.so.6
>> #1 0x0805d6be in vbe_get_vbe_info () at vbe.c:193
>> #2 0x0805a8c5 in ddcProbe (probeClass=Variable "probeClass" is not
>> available.
>> ) at ddc.c:395
>> #3 0x080505bf in probeDevices (probeClass=CLASS_UNSPEC, probeBus=-9,
>> probeFlags=1) at kudzu.c:806
>> #4 0x0804d186 in main (argc=Cannot access memory at address 0xffffffff
>> ) at hwconf.c:938
>> #5 0x00b747e4 in __libc_start_main () from /lib/libc.so.6
>> #6 0x0804a4c1 in _start ()
>
> OK, this implies we got back VBE2 data from the video card that
> was valid (had a valid header), but the pointers to the actual
> data inside the VBE2 data are bogus. That's hard to work around.
>
> If you can break on it in gdb, what is it trying to strdup?
I'm not sure exactly what you are looking for but here is that line:
tmp = strdup(ret->oem_name.string); /* leak */
I poked around a bit, but my gdb skills are rather limited (for example I was trying to inspect the
biosdata structure but it claimed it didn't exist in that context and I'm not sure what to do...I
tried recompiling kudzu with -ggdb -O0 -g3 but that didn't help either).
A few lines up, there is the setting of ret->oem_name.string (the value it's trying to strdup):
ret->oem_name.string = (char*) (f->base_addr() + (biosdata->oem_name.seg << 4) +
(biosdata->oem_name.ofs));
which I would guess is the problem (and asking gdb to print ret or ret->oem_name agrees that the
memory address for ret->oem_name.string was out of range):
(gdb) print ret->oem_name
$1 = {addr = {ofs = 12544, seg = 0}, string = 0x3100 <Address 0x3100 out of bounds>}
Here's another stack trace with glibc-debuginfo installed too:
Program received signal SIGSEGV, Segmentation fault.
0x0017ad63 in *__GI___strdup (s=0x3100 <Address 0x3100 out of bounds>) at strdup.c:42
42 size_t len = strlen (s) + 1;
(gdb) bt
#0 0x0017ad63 in *__GI___strdup (s=0x3100 <Address 0x3100 out of bounds>) at strdup.c:42
#1 0x0805db6b in vbe_get_vbe_info () at vbe.c:198
#2 0x0805ace5 in ddcProbe (probeClass=Variable "probeClass" is not available.) at ddc.c:395
#3 0x080509df in probeDevices (probeClass=CLASS_UNSPEC, probeBus=-9, probeFlags=1) at kudzu.c:806
#4 0x0804d5a6 in main (argc=Cannot access memory at address 0xffffffff) at hwconf.c:938
#5 0x001267e4 in __libc_start_main (main=0x804cd30 <main>, argc=1, ubp_av=0xbfc715e4,
init=0x807c070 <__libc_csu_init>,
fini=0x807c068 <__libc_csu_fini>, rtld_fini=0x2e4e40 <_dl_fini>, stack_end=0xbfc715dc) at
libc-start.c:231
#6 0x0804a8e1 in _start ()
Want a core dump? Should I attach this to a bug somewhere or create a new one? The closest bug I
could find was 177456 but I'm not sure if they are related.
Hope this helps! Thanks,
-Adam Batkin
More information about the fedora-test-list
mailing list