uucico segmentation fault bug

utzoo!decvax!ittvax!swatt utzoo!decvax!ittvax!swatt
Mon Nov 30 08:37:25 AEST 1981 

Art Feather (pur-ee!aef) and I have together tracked down a bug in
uucico that causes segmentation faults during sessions which try
to transfer more than 20 files.  The fix is:
________________________________________________________________
	cp /usr/src/cmd/uucp/anlwrk.c /tmp/upd.$$.tmp ; chmod +w /tmp/upd.$$.tmp
	ed - /tmp/upd.$$.tmp <<\!xxFUNNYxx
	67c
		/* 11/30/81: swatt: Fixed to limit listp to proper range */
		if (listp == NULL || *listp == NULL || listp >= &list[LLEN])
	.
	w
	q
	!xxFUNNYxx
	diff anlwrk.c /tmp/upd.$$.tmp >/tmp/upd.$$.dif
	if cmp - /tmp/upd.$$.dif <<\!xxFUNNYxx
	67c67,68
	< 	if (listp == NULL || *listp == NULL || listp > (list + LLEN)
	---
	> 	/* 11/30/81: swatt: Fixed to limit listp to proper range */
	> 	if (listp == NULL || *listp == NULL || listp >= &list[LLEN])
	!xxFUNNYxx
	then
		: 'compare equal, ok'
		rm -f anlwrk.c
		cp /tmp/upd.$$.tmp anlwrk.c ; chmod a-w anlwrk.c
	else
		echo "Old source file not same version;" \
			"use diff listings by hand"
	fi
	rm -f /tmp/upd.$$.tmp /tmp/upd.$$.dif
________________________________________________________________

The original code will cause the fault a little later down when
it references "*listp", where (listp == &list[LLEN]).

This bug is compounded by another uucico bug, in the "intrEXIT()"
routine.  The symptoms were core files in the UUCP spool area which
showed an infinite recursion.  intrEXIT() calls abort (to produce
a core dump), and before doing so resets SIGEMT to the default
(as earlier in uucico, all signals are caught).  Unfortunately,
the abort() routine on VAX uses an illegal instruction trap instead
of an EMT instruction.  The illegal instruction gets vectored to
intrEXIT, which calls abort(), which causes an illegal instruction ...
The fix for that one is:

________________________________________________________________
	/* intrEXIT, in "cico.c" */
	intrEXIT(signo)
	int signo;
	{
		signal(signo, SIG_DFL);
		setuid(getuid());
		abort();
	}
________________________________________________________________

	- Alan S. Watt (decvax!ittvax!swatt)

More information about the Comp.bugs.4bsd.ucb-fixes mailing list