Ubuntu
ircii package

ircII crashed with SIGSEGV in free()

Bug #288497 reported by Dan Maranville
10
Affects Status Importance Assigned to Milestone
Debian
Fix Released
Unknown
ircii (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: ircii

Linux Celine 2.6.27-7-generic #1 SMP Wed Oct 22 00:29:18 UTC 2008 i686 GNU/Linux

ircii_20051015-2.3_i386.deb

ircii:
  Installed: 20051015-2.3
  Candidate: 20051015-2.3
  Version table:
 *** 20051015-2.3 0
        500 http://us.archive.ubuntu.com intrepid/universe Packages
        100 /var/lib/dpkg/status

ProblemType: Crash
Architecture: i386
Dependencies:
 libgcc1 1:4.3.2-1ubuntu10
 gcc-4.3-base 4.3.2-1ubuntu10
 findutils 4.4.0-2ubuntu3
 libncurses5 5.6+20071124-1ubuntu2
 libc6 2.8~20080505-0ubuntu7
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/ircII
Package: ircii 20051015-2.3
ProcAttrCurrent: unconfined
ProcCmdline: irc
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
Signal: 11
SourcePackage: ircii
StacktraceTop:
 free () from /lib/tls/i686/cmov/libc.so.6
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: ircII crashed with SIGSEGV in free()
Uname: Linux 2.6.27-7-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

See original description
Tags: apport-crash
Revision history for this message
In , Daniël van Eeden (dveeden) wrote : ircii segv on first run on sparc

tags 175099 +unreproducible
thanks

I couldn't reproduce the bug.
Did anyone else experience a segv on the first run of ircii on sparc?

Daniel van Eeden <email address hidden>

Revision history for this message
In , Bernd Eckenfels (ecki) wrote : Re: Bug#175099: ircii segv on first run on sparc

On Tue, Oct 28, 2003 at 11:14:44AM +0100, Daniel van Eeden wrote:
> I couldn't reproduce the bug.
> Did anyone else experience a segv on the first run of ircii on sparc?

can you try to delete the .ircmotd file or generally clean your home from .irc*?

Greetings
Bernd

Revision history for this message
In , Ben Collins (ben-collins) wrote : Re: ircii segv on first run on sparc

On Tue, Oct 28, 2003 at 11:14:44AM +0100, Daniel van Eeden wrote:
> tags 175099 +unreproducible
> thanks
>
>
> I couldn't reproduce the bug.
> Did anyone else experience a segv on the first run of ircii on sparc?
>
> Daniel van Eeden <email address hidden>

Never heard of the problem.

--
Debian - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
WatchGuard - http://www.watchguard.com/

Revision history for this message
In , Daniël van Eeden (dveeden) wrote : more info.

I checked if the bug still exists........it's still there.

It doesn't popup if there's a .ircmotd file.

A bt (but without debug symbols :( )
Program received signal SIGSEGV, Segmentation fault.
0x7014b640 in free () from /lib/libc.so.6
(gdb) bt
#0 0x7014b640 in free () from /lib/libc.so.6
#1 0x00031a78 in ?? ()
#2 0x00044ce0 in ?? ()

trace attached.

Daniel van Eeden <email address hidden>

Revision history for this message
In , Daniël van Eeden (dveeden) wrote : better bt

I've build a deb with DEB_BUILD_OPTIONS="nostrip"
I didn't install it but i did a "ar x <file.deb>" and then extracted the
data.tar.gz and tried to run it.

This GDB was configured as "sparc-linux"...
(gdb) r
Starting program: /tmp/ircII/tmp/usr/bin/ircII
Warning:
Cannot insert breakpoint -1.
Error accessing memory address 0xcaa0: Input/output error.

Revision history for this message
In , Daniël van Eeden (dveeden) wrote : ircii: Also segaulted on my amd64

Package: ircii
Version: 20030315-1
Followup-For: Bug #175099

Same thing happend on my amd64 box. (debian sid pure64)

Daniel van Eeden <email address hidden>

-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.8-9-amd64-k8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages ircii depends on:
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand

-- no debconf information

Revision history for this message
In , Daniël van Eeden (dveeden) wrote : bt on amd64

It doesn't segfault on my sun4u machine. It probaly only segaults on
sun4m and amd64. I'm using irc.tweakers.net as the default server.

Backtrace from my amd64 system:
Program received signal SIGSEGV, Segmentation fault.
0x0000002a9596ef11 in free () from /lib/libc.so.6
(gdb) bt
#0 0x0000002a9596ef11 in free () from /lib/libc.so.6
#1 0x0000000000420b65 in new_free ()
#2 0x0000000000432b9d in connect_to_server_direct ()
#3 0x0000000000432deb in connect_to_server ()
#4 0x0000000000433436 in get_connected ()
#5 0x000000000042017b in main ()
--
Daniel van Eeden <email address hidden>

Revision history for this message
In , Daniel van Eeden (d-veeden) wrote : oops...it does segfault on sun4u

After purging the package and removing /etc/irc and ~/ircmotd and
installing with irc.tweakers.net it does segfault on my sun4u (sparc)
system.

Backtrace from my sparc system:
Program received signal SIGSEGV, Segmentation fault.
0x70153e0c in free () from /lib/v9/libc.so.6
(gdb) bt
#0 0x70153e0c in free () from /lib/v9/libc.so.6
#1 0x00030c90 in new_free ()
#2 0x00043718 in connect_to_server_direct ()
#3 0x00043edc in connect_to_server ()
#4 0x000441fc in get_connected ()
#5 0x000308d8 in main ()
--
Daniel van Eeden <email address hidden>
Snow B.V.

Revision history for this message
In , Daniël van Eeden (dveeden) wrote : patch

--
Daniel van Eeden <email address hidden>

Revision history for this message
In , Daniël van Eeden (dveeden) wrote :

tags 175099 patch

Revision history for this message
In , Daniël van Eeden (dveeden) wrote : more info

also happening on my debian sarge 80486 machine.
--
Daniel van Eeden <email address hidden>

Revision history for this message
In , Kapil Hari Paranjape (kapil) wrote : ircii: Problem exists on i686

Package: ircii
Version: 20030315-1
Followup-For: Bug #175099

Hi,

Found the same problem on i686. To re-iterate
if ~/.ircmotd does not exist then I get a SEGV.
Otherwise there is no problem.

Please note that #175029 and #258929 seem to be related
to this bug.

Perhaps #175169 is too.

Regards,

Kapil.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages ircii depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand

-- no debconf information

Revision history for this message
In , Bernd Eckenfels (be-mail2005) wrote : another problem

Hallo Mattthew,

another problem I had for some time is here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=175099

the actual problem is, that if i touch /etc/server/motd so ircii will
display the local motd on next start, it will branch into

connect_to_server -> connect_to_server_direct with from_server = -1.

The if server_list[from_server].localaddr and some code after that will
greatly fail, until add_server_to_list is called.

I have now basically 2 options, to add a "if (from_server > -1)" or to move
the "add_to_server_list" upward. However i am not sure if that works.

Anyhow, note that the malloc for localaddress may also leak in case of
server_name is a unix domain socket or the getsockname fails, so i suggest:
(or something like that)

        add_to_server_list(server_name, port, (u_char *) 0, nick, -1, get_server_version(from_server), SL_ADD_OVERWRITE);

        if (server_list[from_server].localaddr)
                new_free(&server_list[from_server].localaddr);
        server_list[from_server].localaddr = 0;

#ifdef HAVE_SYS_UN_H
        if (*server_name == '/')
        {
                server_list[from_server].localaddr = 0;
                server_list[from_server].localaddrlen = 0;
        }
        else
        {
#endif /* HAVE_SYS_UN_H */
                address_len = sizeof *localaddr;
                localaddr = (SOCKADDR_STORAGE *) new_malloc(sizeof
*localaddr);
                if (getsockname(new_des, (struct sockaddr *) localaddr,
&address_len)>= 0)
                {
                        server_list[from_server].localaddr = localaddr;
                        server_list[from_server].localaddrlen = address_len;
                }
                else
                {
                        new_free(&localaddr);
                        close(new_des);
                        say("Could not getsockname(): %s", strerror(errno));
                        return -1;
                }
#ifdef HAVE_SYS_UN_H
        }
#endif

--
  (OO) -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. ) ecki@{inka.de,linux.de,debian.org} http://www.eckes.org/
  o--o 1024D/E383CD7E eckes@IRCNet v:+497211603874 f:+49721151516129
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Revision history for this message
In , Bernd Eckenfels (be-mail2005) wrote : duplicates

duplicate 175099 258929 175029 175169
thanks

those segfaults are all related to uninitialized servers list when .ircmotd
is too old or does not exist.

Revision history for this message
In , matthew green (mrg-eterna) wrote : re: another problem

   Hallo Mattthew,

hiya bernd. sorry this reply is so very late...

   another problem I had for some time is here:

   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=175099

your patch is pretty much OK. i've gone with something very much like it.

thanks!

.mrg.

Revision history for this message
Dan Maranville (likuidkewl) wrote :

Binary package hint: ircii

Linux Celine 2.6.27-7-generic #1 SMP Wed Oct 22 00:29:18 UTC 2008 i686 GNU/Linux

ircii_20051015-2.3_i386.deb

ircii:
  Installed: 20051015-2.3
  Candidate: 20051015-2.3
  Version table:
 *** 20051015-2.3 0
        500 http://us.archive.ubuntu.com intrepid/universe Packages
        100 /var/lib/dpkg/status

ProblemType: Crash
Architecture: i386
Dependencies:
 libgcc1 1:4.3.2-1ubuntu10
 gcc-4.3-base 4.3.2-1ubuntu10
 findutils 4.4.0-2ubuntu3
 libncurses5 5.6+20071124-1ubuntu2
 libc6 2.8~20080505-0ubuntu7
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/ircII
Package: ircii 20051015-2.3
ProcAttrCurrent: unconfined
ProcCmdline: irc
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
Signal: 11
SourcePackage: ircii
StacktraceTop:
 free () from /lib/tls/i686/cmov/libc.so.6
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: ircII crashed with SIGSEGV in free()
Uname: Linux 2.6.27-7-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
Dan Maranville (likuidkewl) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:free () from /lib/tls/i686/cmov/libc.so.6
?? ()
?? ()
?? ()
?? ()

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Revision history for this message
arno_b (arno.b) wrote :

Please, can you provide more information on how the crash occured?
Can you reproduce it?

Changed in ircii:
status: New → Incomplete
Revision history for this message
Dan Maranville (likuidkewl) wrote :

the crash occured by simply typing: irc in the shell.
I installed and tried to run it again this am, it crashed the first time with this message in the syslog:

Nov 1 12:09:08 Celine kernel: [12974.912406] irc[18557]: segfault at 14 ip b7ee6412 sp bf961c90 error 4 in libc-2.8.90.so[b7e75000+158000]

But, upon running it again it seems to be ok now. I will keep an eye on it. I don't use it that much though.

Revision history for this message
arno_b (arno.b) wrote :

When I type 'irc', I have no crash but:
*** Connecting to port 6667 of server change_this_in_etc_irc_servers
*** Unable to connect to port 6667 of server change_this_in_etc_irc_servers:
+Unknown host
*** Use /SERVER to connect to a server

Did you set a server?

Can you look at this page https://wiki.ubuntu.com/Valgrind
in order to get a valgrind file that may allow to identify your problem.

Revision history for this message
Dan Maranville (likuidkewl) wrote :

I have, for a myriad of problems, had to revert to 8.04.1 as such I will no longer be able to test against the 2.6.27-7 Kernel.
But to answer your question:
I didn't set a server in the /etc/ircservers file, I only tried to use it twice. But I couldn't get that for when I launched it, it would the terminal output would look something like this:
*** Connecting to port 6667 of server change_this_in_etc_irc_serverssegfault - This may not be entirely correct but it is as close as I can remember.
Like I said it did this _only_ the first time and then I was able to connect to card.freenode.net the second time.

I know it works on 8.04.1 as I use it at work, so unless someone else can confirm it I guess this can be closed, possibly to be re-opened later if someone has the same behavior.

The machine was a Lenovo Thinkpad R61 773219U.

Revision history for this message
arno_b (arno.b) wrote :

Ok. Since you can't reproduce the crash, I close the report.
But feel free to reopen it if necessary ;)

Changed in ircii:
status: Incomplete → Invalid
Revision history for this message
Dan Maranville (likuidkewl) wrote :

Looks like it was necessary to re-open. Happened at work this time on 8.04.1 /etc/ircservers is set in this setup.

Here is the exact error:
*** Connecting to port 6667 of server card.freenode.netSegmentation fault (core dumped)

Here is the little bit that is logged from the Syslog:
Nov 4 08:35:19 www kernel: [316727.598902] irc[28231]: segfault at 18 rip 7fda54154bcb rsp 7fff5cacdc80 error 4

Machine:
LTSP Server, Dell PE2900

uname -a:
Linux www 2.6.24-21-generic #1 SMP Tue Oct 21 23:09:30 UTC 2008 x86_64 GNU/Linux

root@www:~# apt-cache showpkg ircii
Package: ircii
Versions:
20051015-2.1 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_hardy_universe_binary-amd64_Packages) (/var/lib/dpkg/status)
 Description Language:
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_hardy_universe_binary-amd64_Packages
                  MD5: 3a15243ee0084faa77ccd3844c653b4c

Reverse Depends:
Dependencies:
20051015-2.1 - libc6 (2 2.6.1-1) libncurses5 (2 5.6)
Provides:
20051015-2.1 - irc
Reverse Provides:

I don't have the option of installing valgrind on this server as it is our only server and is mission critical. But, I thought I would add some more information to the report at this time.
I have a feeling it is either libc6 or libncurses5.

Revision history for this message
arno_b (arno.b) wrote :

Ok. So re-open ;)

Changed in ircii:
status: Invalid → New
Revision history for this message
arno_b (arno.b) wrote :

Ok, I found and I can reproduce the issue: when you have the ~.ircmotd directory there is no problem, when you do not have it there is a segfault; see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=175099

Can you confirm that before linking to the debian bug?

Revision history for this message
arno_b (arno.b) wrote :

There is no debug package for ircii so i created one in order to get a filled backtrace.

Changed in ircii:
status: New → Confirmed
Revision history for this message
Dan Maranville (likuidkewl) wrote :

Problem is solved with the presence to .ircmotd

Dan

Revision history for this message
arno_b (arno.b) wrote :

This patch (from the debian bug report) seems to fix the problem. I will try upload a new deb file in order to test that.

Revision history for this message
arno_b (arno.b) wrote :

Can you test the given deb to see if the fix really works?

Revision history for this message
Dan Maranville (likuidkewl) wrote :

Confirmed Patch works.

Thanks!

Bug Watch Updater (bug-watch-updater)
Changed in debian:
status: Confirmed → Fix Released
Revision history for this message
dino99 (9d9) wrote :

This version has expired long time ago, and is no more supported

Changed in ircii (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.