From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21877 invoked by alias); 18 Feb 2014 09:05:30 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 21861 invoked by uid 89); 18 Feb 2014 09:05:29 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 18 Feb 2014 09:05:27 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 56C9E5208C2; Tue, 18 Feb 2014 10:05:24 +0100 (CET) Date: Tue, 18 Feb 2014 09:16:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Patch for run-1.3.0-1 core dump Message-ID: <20140218090524.GC2246@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <5208EF91.7070504@cwilson.fastmail.fm> <53024604.3080904@dronecode.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="koL31lyvAMI81oAr" Content-Disposition: inline In-Reply-To: <53024604.3080904@dronecode.org.uk> User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2014-02/txt/msg00458.txt.bz2 --koL31lyvAMI81oAr Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2416 Hi Jon, Hi Chuck, On Feb 17 17:25, Jon TURNEY wrote: > On 12/08/2013 15:22, Charles Wilson wrote: > > On 8/10/2013 1:34 PM, foo wrote: > >> Whenever I execute run.exe, it generates run.exe.stackdump. > >> > >> At line 370 in run.c, run2_freeargv() tries to free newargv, and > >> run2_freeqrgv() expects that newargv is terminated by NULL. However, > >> in shifting newargv at line 253-256, it fails to shift NULL > >> terminator. Therefore, run2_freeargv() frees memory illegally. > >> The following patch is a workaround. > >> > >> --- run.c.old > >> +++ run.c.new > >> @@ -252,7 +252,7 @@ > >> newargv =3D run2_dupargv (argv); > >> /* discard newargv[0] and shift up */ > >> free (newargv[0]); > >> - for (newargc =3D 1; newargc < argc; newargc++) > >> + for (newargc =3D 1; newargv[newargc-1] !=3D NULL; newargc++) > >> newargv[newargc-1] =3D newargv[newargc]; > >> newargc =3D argc - 1; > >=20 > > Thanks for the bug report and the patch. I'll investigate and update the > > package soon. >=20 > Since I've been running with CYGWIN error_start always set at the moment,= I've > noticed that run is always crashing after launching the process. >=20 > I went to all the trouble of investigating this, discovering that > run2_freeargv() is double-freeing the last element in newargv because the= NULL > terminator isn't moved when the arguments are shifted down over newargv[0= ], > and writing a patch, before I noticed that we already had one :-( >=20 > --- origsrc/run-1.3.0/src/run.c 2013-07-24 16:26:39.000000000 +0100 > +++ src/run-1.3.0/src/run.c 2014-02-17 17:08:49.125000000 +0000 > @@ -254,6 +254,7 @@ realMain(int argc, char* argv[]) > free (newargv[0]); > for (newargc =3D 1; newargc < argc; newargc++) > newargv[newargc-1] =3D newargv[newargc]; > + newargv[argc-1] =3D 0; > newargc =3D argc - 1; >=20 > /* update execname */ There's still something wrong. I build run with this patch locally, and it seems to fix the issue at first sight. However, after the child process of run exits, run throws an exception in free(), and the stack looks broken (on 64 bit). It seems there is a double free or a free of an entirely unrelated address. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --koL31lyvAMI81oAr Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTAyJUAAoJEPU2Bp2uRE+ggSgP/3pAoTpM/2yrChTnOwAL/Fna TQDs6klwErfPmZaP7FECpUYdUBLxvcAe+XbCw5qr+WuH8hkxs1hUBKnQwT3Cr6Nk bkicb26oX+jqhU7+VTU3MYO5LUxA3ceEHFE/R7Fe15x/lV7+/mR6aXv3WjH1WHCf PGKDJsLiEtsrv9G6+Q61mzLj7jlp/+U5uXPyfOcQpJDuErFUqlilUQyPKdjnAjap BggXI7Wt9M1giwt9tGOSbRwfupt91e4P7tmbFXJNOf7GYNbPlM5M4H0ULzJXL7/7 9DYO0uurRbosMH1sEl0joe0dyMbh4Oz+LLU6AP6fhP1N34i8yP4V6HyZdC02oqp+ pBxWnlEiBzA6CSM57kYH8wkBjkcOu+5V68SYwFpTfOcQfH+XEhReAkCnDLvVw/cX fzV5BpaIBfaHBjKxOlOJPIaIih5QzyL9JesVdoHBCTTdEYo6cCnkqrpMY8oKhD1D JU6T77Ew/WBbdOm8pcHu+lEAY1/LwM2LHyH3RPYJVqAsOzIFvPI81HoIhhVsHtC+ sVye/r62WZp/Ss6EeQ7xIHiImjVeGE0EpXdIIKHL/KLvLFHE1BeUJUkP/BEHFki6 jbDiWsdYu2pStCX3axzqlxJwEJ9toPnN5ToDJX7MneVCOxvWgK5INTPMOSYBVBpG MQXYP7w98hEa/Q12nx9e =ke/Z -----END PGP SIGNATURE----- --koL31lyvAMI81oAr--