From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4591 invoked by alias); 12 Oct 2011 21:52:06 -0000 Received: (qmail 4576 invoked by uid 22791); 12 Oct 2011 21:52:04 -0000 X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,SARE_SUB_PCT_LETTER X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 12 Oct 2011 21:51:51 +0000 From: "dsmith at redhat dot com" To: systemtap@sourceware.org Subject: [Bug runtime/13289] New: %m/%M printf formatting operators access memory incorrectly Date: Wed, 12 Oct 2011 21:52:00 -0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: systemtap X-Bugzilla-Component: runtime X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dsmith at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: systemtap at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2011-q4/txt/msg00046.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13289 Bug #: 13289 Summary: %m/%M printf formatting operators access memory incorrectly Product: systemtap Version: unspecified Status: NEW Severity: normal Priority: P2 Component: runtime AssignedTo: systemtap@sourceware.org ReportedBy: dsmith@redhat.com Classification: Unclassified While working on bug #12341 on s390x, I found that running the memory1.exp test would crash the system. After lots of debugging, I found that the %m/%M printf formatting operators were accessing memory incorrectly. When the %m/%M formatting operators are used, translate.cxx emits code that uses deref_buffer() to validate whether the memory used at the address can be accessed safely. If the works, the code in _stp_vsnprintf() actually reads the memory to put in the output buffer. However, the _stp_vsnprintf() code accesses the memory directly, instead of using deref(). -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.