Segmentation fault of socat on 9.10 i386, installed from ubuntu repository
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
socat (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: socat
socat 1.7.1.0-1 installed from packages (apt-get install socat) crashed issued "socat ./serial stdin,echo=0,raw" where "serial" is socket (serial port) created by guest vmware machine (I use it to connect to serial port of guest).
However, same socat version compiled from sources (apt-get sources socat) is working correct. Looks like there is some problem in compilation environment.
I decided to open a bug because same crash was reproduced on few more servers running Ubuntu 9.10 i386, upgraded and installed from scratch.
This is not relevant to x86_64 - socat working correct in Ubuntu 9.10 x86_64.
Back trace from core file from "socat ./serial stdin,echo=0,raw" (not debug version)
Core was generated by `CxACxACxACxACx
Program terminated with signal 11, Segmentation fault.
#0 0xb767b4b1 in _IO_vfprintf_
format=
at vfprintf.c:1601
1601 vfprintf.c: No such file or directory.
in vfprintf.c
(gdb) bt
#0 0xb767b4b1 in _IO_vfprintf_
format=
at vfprintf.c:1601
#1 0xb771a60d in ___vsprintf_chk (s=0xbfc29d90 "", flags=1, slen=4294967295,
format=
at vsprintf_chk.c:89
#2 0xb771a54d in ___sprintf_chk (s=0xbfc29d90 "", flags=1, slen=4294967295,
format=
#3 0x0806ca4a in ?? ()
#4 0x0804c022 in ?? ()
#5 <signal handler called>
#6 0x0806e688 in ?? ()
#7 0x0806dcd4 in ?? ()
#8 0x40785c45 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
description: | updated |
Changed in socat (Ubuntu): | |
assignee: | nobody → Chris Taylor (ctaylor) |
I have a similar problem, that is socat is crashing. But I am not sure it is the same. I got a different stack trace: \0\\0\\ 02.6.31- 20-generic- pae\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0#57-Ubuntu SMP Mon Feb 8 10:23:59 UTC 2010\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\0\\0\ \0\\0\\ 0\\"... , bytes=3086233586, 0xc0000000 <Address 0xc0000000 out of bounds>, style=8192) \\0\\0\ \0\\xA8\ \xDE\\xEE\ \xAED\\ n\\a\\b\ \0\\0\\ 0\\0Cs\ \b\\b\\ 0\\0\\0\ \0h\\xE2\ \xEE\\xAE\ \x03\\0\ \0\\0\\ x03\\0\ \0\\0\\ xA8\\xE1\ \xEE\\xAE\ \x91\\xE7\ \x04\\be\ \xE4\\xEE\ \xAE\\x7E\ \xE4\\xEE\ \xAE\\x02\ \0\\0\\ 0\\x7E\ \xE4\\xEE\ \xAE\\x8D\ \xE0\\xEE\ \xAE\\x10\ \xE1\\x" ..., blen=1546664312)
#0 sanitize_string (
data=0xbfffee6e "\\0\\0\
coded=
at utils.c:143
#1 0x0806d8d4 in sockaddr_unix_info (sa=0x30785c35, salen=813194308,
buff=0xbfffec12 "\\xAE.
at sysutils.c:211
#2 0x39785c45 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
I traced this to an uninitialized variable and fixed it with the following patch:
--- xio-gopen.c.orig 2010-03-11 11:28:10.513848890 +0100
+++ xio-gopen.c 2010-03-11 11:27:53.171782205 +0100
@@ -46,7 +46,7 @@
if (exists && S_ISSOCK(st_mode)) {
#if WITH_UNIX
union sockaddr_union us;
- socklen_t uslen;
+ socklen_t uslen = sizeof(us);
char infobuff[256];
I have reported this issue to the upstream socat source as well.