[gentoo-user] BUG in glibc????

[gentoo-user] BUG in glibc????

[capsel]

[-- Attachment #1: Type: text/plain, Size: 640 bytes --]

Hi all,

I am writing some program... simple program and I've got some code:

		j=strcmp( "log", *(lines+i) );
		printf( "ble\n" );
		if( strcmp( "log", *(lines+i) ) == 0 )
		{
			printf( "ble2\n" );

it is in for loop. "ble" and "ble2" are some texts for debuging purposes :)
So... when I run my program I can see three times "ble" and only two
times "ble2"...
after last "ble" there is:

*** glibc detected *** free(): invalid next size (normal): 0x0804c208 ***
Przerwane

is it a bug in glibc or in my code?

I added file with that loop.
"Przerwane" means interrupted/broken/stopped, it is polish locale (LC=pl_PL)

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: config-parse.c --]
[-- Type: text/x-csrc; name="config-parse.c", Size: 2731 bytes --]

#include <stdio.h>
#include <string.h>

#include "config.h"

int config_parse() {
	int i,j;
	char** lines = NULL;
	char *eqch,*tmp;
	unsigned int linesc = 0;
	if( ( config_content == NULL ) || ( config_content==0 ) )
	{
		fprintf( logi, "=> Nie moge przetwarzaæ nie istniej±cej tre¶ci pliku konfiguracyjnego\n" );
		return 0;
	}
	lines = (char**) malloc( sizeof( char* ) );
	if( lines == NULL )
	{
		fprintf( logi, "=> B³±d alokacji pamiêci na vector linii\n" );
		return 0;
	}
	*(lines) = config_content;
	for( i = 0; i < config_contentl; i++ )
	{
		if( *(config_content+i) == '\n' )
		{
			lines = (char**) realloc( lines, sizeof( char** )*(linesc+1) );
			if( lines == NULL )
			{
				fprintf( logi, "=> B³±d alokacji\n" );
				return 0;
			}
			linesc++;
			*(lines+linesc) = (config_content+i+1);
			*(config_content+i) = '\0';
			printf( "-> linesc++\n" );
		}
	}
	fprintf( stdout, "-> linesc = %u\n", linesc );
	for( i = 0; i < linesc; i++ )
	{
		if( *(*(lines+i)) == '#' )
		{
			continue;
		}
		/*
		j = strlen( *(lines+i) );
		if( (i != linesc-1) && (*(lines+i+1) != *(lines+i) +j +1) )
		{
			fprintf( logi, "=> Znak 0 wykryty w pliku konfiguracyjnym\n" );
			fprintf( logi, "   w miejscu numer %i\n",i );
			free( lines );
			return 0;
		}
		*/
		eqch = strchr( *(lines+i), '=' );
		if( eqch == NULL )
		{
			fprintf( logi, "=> Brak znaku = w linni %i\n",i );
			free( lines );
			return 0;
		}
		*eqch = '\0';
		tmp = strtok( *(lines+i), " \t" );
		if( ( tmp == NULL ) && ( eqch == *(lines+i) ) )
		{
			fprintf( logi, "=> B³êdna opcja w pliku konfiguracyjnym w linni %i\n",i );
			free(lines);
			return 0;
		}
		j=strcmp( "log", *(lines+i) );
		printf( "ble\n" );
		if( strcmp( "log", *(lines+i) ) == 0 )
		{
			config_configpathl = strlen( eqch+1 );
			config_configpath = (char*) malloc( config_configpathl );
			if( config_configpath == NULL )
			{
				fprintf( logi, "=> B³±d alokacji pamiêci na nazwe pliku loga dla linii %i\n",i );
				free( lines );
				return 0;
			}
			strcpy( config_configpath, eqch+1 );
			fprintf( stdout, "-> log = `%s'\n", eqch+1 );
			continue;
		}
		if( strcmp( "sysctl", *(lines+i) ) == 0 )
		{
			if( ! config_addsysctl( eqch+1 ) )
			{
				fprintf( logi, "   B³±d dodawania opcji sysctl do listy w linni %i\n",i );
				free( lines );
				return 0;
			}
			fprintf( stdout, "-> sysctl = `%s'\n", eqch+1 );
			continue;
		}
		if( strcmp( "ip", *(lines+i) ) == 0 )
		{
			if( ! config_addip( eqch+1 ) )
			{
				fprintf( logi, "   B³±d dodawania opcji ip do listy w linni %i\n",i );
				free( lines );
				return 0;
			}
			fprintf( stdout, "-> ip = `%s'\n", eqch+1 );
			continue;
		}
		fprintf( logi, "=> Nieznana opcja w pliku konfiguracyjnym w linni %i\n",i );
		return 0;
	}
}

Re: [gentoo-user] BUG in glibc???? [WAY OT]

[Richard Fish]

capsel wrote:

>Hi all,
>
>is it a bug in glibc or in my code?
>  
>

This is so far off topic, it isn't even funny.  But, I see a couple bugs 
in your code.  I will cover them inline:

>	if( ( config_content == NULL ) || ( config_content==0 ) )
>  
>

Not really a bug here, but since NULL and 0 are the same value, you only 
need one side of the comparison.

>	*(lines) = config_content;
>	for( i = 0; i < config_contentl; i++ )
>	{
>		if( *(config_content+i) == '\n' )
>		{
>			lines = (char**) realloc( lines, sizeof( char** )*(linesc+1) );
>			if( lines == NULL )
>			{
>				fprintf( logi, "=> B³±d alokacji\n" );
>				return 0;
>			}
>			linesc++;
>			*(lines+linesc) = (config_content+i+1);
>			*(config_content+i) = '\0';
>			printf( "-> linesc++\n" );
>		}
>	}
>  
>

There is a possible off-by-one error for linesc if config_content does 
not end with a newline.  For example, consider a config file with a 
single line that does not end with a newline.  In that case, linesc will 
be 0 in your code, and you will not process anything.

I suggest setting linesc = 1 before the loop, and then adjust the 
internals appropriately.

>	fprintf( stdout, "-> linesc = %u\n", linesc );
>	for( i = 0; i < linesc; i++ )
>	{
>		if( *(*(lines+i)) == '#' )
>		{
>			continue;
>		}
>  
>

Again, not a bug, but a readability recommendation.  Use a temporary 
variable inside your loop for the current line:

char* line = lines[i];

Then replace all "*(lines+i)" with "line".

>		if( strcmp( "log", *(lines+i) ) == 0 )
>		{
>			config_configpathl = strlen( eqch+1 );
>			config_configpath = (char*) malloc( config_configpathl );
>			if( config_configpath == NULL )
>			{
>				fprintf( logi, "=> B³±d alokacji pamiêci na nazwe pliku loga dla linii %i\n",i );
>				free( lines );
>				return 0;
>			}
>			strcpy( config_configpath, eqch+1 );
>			fprintf( stdout, "-> log = `%s'\n", eqch+1 );
>			continue;
>		}
>  
>

This is your major bug, a memory overflow.  You are only allocated 
enough memory for the characters of the string, not including the 
terminating null character.  Strcpy copies the characters of the string, 
_plus_ the terminating null, which is where you get a memory overflow.

Get rid of config_configpathl and the strlen line, and replace the 
malloc and strcpy with strdup().

-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] BUG in glibc????

[Billy Holmes]

capsel wrote:
> 		j=strcmp( "log", *(lines+i) );
> 		printf( "ble\n" );
> 		if( strcmp( "log", *(lines+i) ) == 0 )
> 		{
> 			printf( "ble2\n" );

it looks to me like you're probably getting an invalid pointer 
reference. When that happens, your program is undefined. More then 
likely, you're going out of bounds on your array, try adding some debug 
code, or looking at it in gdb. You'll want to keep an eye on "i".
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] BUG in glibc????

[John Myers]

[-- Attachment #1: Type: text/plain, Size: 542 bytes --]

On Sunday 30 October 2005 13:54, capsel wrote:
> is it a bug in glibc or in my code?
Probably not a bug in glibc. I'm 99% sure that there are no bugs that obvious 
in printf or strcmp. glibc is absolutely the most tested code in a GNU/Linux 
system, aside from the kernel itself, seeing as it is used by the *vast* 
majority of users, for every app on their system. And printf is probably one 
of the most-used and abused functions in glibc.

so, the answer to 'did I find a bug in printf?' is almost invariably 'Most 
likely not.'

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]