uucico segmentation fault bug
utzoo!decvax!ittvax!swatt
utzoo!decvax!ittvax!swatt
Mon Nov 30 08:37:25 AEST 1981
Art Feather (pur-ee!aef) and I have together tracked down a bug in
uucico that causes segmentation faults during sessions which try
to transfer more than 20 files. The fix is:
________________________________________________________________
cp /usr/src/cmd/uucp/anlwrk.c /tmp/upd.$$.tmp ; chmod +w /tmp/upd.$$.tmp
ed - /tmp/upd.$$.tmp <<\!xxFUNNYxx
67c
/* 11/30/81: swatt: Fixed to limit listp to proper range */
if (listp == NULL || *listp == NULL || listp >= &list[LLEN])
.
w
q
!xxFUNNYxx
diff anlwrk.c /tmp/upd.$$.tmp >/tmp/upd.$$.dif
if cmp - /tmp/upd.$$.dif <<\!xxFUNNYxx
67c67,68
< if (listp == NULL || *listp == NULL || listp > (list + LLEN)
---
> /* 11/30/81: swatt: Fixed to limit listp to proper range */
> if (listp == NULL || *listp == NULL || listp >= &list[LLEN])
!xxFUNNYxx
then
: 'compare equal, ok'
rm -f anlwrk.c
cp /tmp/upd.$$.tmp anlwrk.c ; chmod a-w anlwrk.c
else
echo "Old source file not same version;" \
"use diff listings by hand"
fi
rm -f /tmp/upd.$$.tmp /tmp/upd.$$.dif
________________________________________________________________
The original code will cause the fault a little later down when
it references "*listp", where (listp == &list[LLEN]).
This bug is compounded by another uucico bug, in the "intrEXIT()"
routine. The symptoms were core files in the UUCP spool area which
showed an infinite recursion. intrEXIT() calls abort (to produce
a core dump), and before doing so resets SIGEMT to the default
(as earlier in uucico, all signals are caught). Unfortunately,
the abort() routine on VAX uses an illegal instruction trap instead
of an EMT instruction. The illegal instruction gets vectored to
intrEXIT, which calls abort(), which causes an illegal instruction ...
The fix for that one is:
________________________________________________________________
/* intrEXIT, in "cico.c" */
intrEXIT(signo)
int signo;
{
signal(signo, SIG_DFL);
setuid(getuid());
abort();
}
________________________________________________________________
- Alan S. Watt (decvax!ittvax!swatt)
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list