lbgdbm3 segfaults

Progetto:Trisquel
Versione:7.0
Componente:Programs
Categoria:segnalazione di bug
Priorità:normal
Assigned:Non assegnata
Stato:active
Descrizione

the test program i've included in the tarball segfaults.

it uses the libgdbm3 library.

Sab, 12/12/2015 - 00:16

here's the tarball.

AllegatoDimensione
gdbm-test.tar.gz 3.17 KB
Lun, 12/14/2015 - 17:41

To be clear, my test program works on 32 bit x86 debian jessie. however it does not work with 64 bit trisquel belenos. i have not tested 32 bit trisquel or 64 bit jessie.

here is a backtrace on the trisquel box:

(gdb) run
Starting program: /srv/data/home/s/sudoman/etc/gdbm-test/gdbm-test

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bd6a99 in _gdbm_get_bucket () from /usr/lib/x86_64-linux-gnu/libgdbm.so.3
(gdb) backtrace
#0 0x00007ffff7bd6a99 in _gdbm_get_bucket () from /usr/lib/x86_64-linux-gnu/libgdbm.so.3
#1 0x00007ffff7bd6824 in gdbm_firstkey () from /usr/lib/x86_64-linux-gnu/libgdbm.so.3
#2 0x0000000000400854 in main ()

Lun, 12/14/2015 - 18:21

i tested the 32 bit trisquel 7.0 live cd and the program did not segfault.

Lun, 12/14/2015 - 20:51

i got a segfault on 64 bit debian jessie. i even tried building the .deb from source, but still got the segfault.

this appears to be an issue with 64 bit binaries of this library.

Mar, 12/15/2015 - 05:58

the bug occurs in the gdbm_open() function on the 64 bit system i have tested.

it appears that gdbm is performing a read of the database file at the end of the function in gdbmopen.c. it receives 0 bytes.

according to the read() manpage, zero bytes are returned when the end of the file has been reached.

--- 32.txt 2015-12-14 23:43:53.019407733 -0500
+++ 64.txt 2015-12-14 23:44:00.363542380 -0500
@@ -46,14 +46,8 @@
369 if (file_pos != dbf->header->dir)
376 num_bytes = read (dbf->desc, dbf->dir, dbf->header->dir_size);
377 if (num_bytes != dbf->header->dir_size)
-387 dbf->last_read = -1;
-388 dbf->bucket = NULL;
-389 dbf->bucket_dir = 0;
-390 dbf->cache_entry = NULL;
-391 dbf->header_changed = FALSE;
-392 dbf->directory_changed = FALSE;
-393 dbf->bucket_changed = FALSE;
-394 dbf->second_changed = FALSE;
-398 return dbf;
+379 gdbm_close (dbf);
+380 gdbm_errno = GDBM_FILE_READ_ERROR;
+381 return NULL;
400 }