[augeas-devel] [Augeas] #123: unref of static value causes segfault

Augeas trac at fedorahosted.org
Mon Jun 21 22:16:51 UTC 2010 

#123: unref of static value causes segfault
------------------------+---------------------------------------------------
 Reporter:  fgiraldeau  |       Owner:  lutter
     Type:  defect      |      Status:  new   
 Priority:  major       |   Milestone:  next  
Component:  Augeas      |     Version:  0.7.0 
 Keywords:              |  
------------------------+---------------------------------------------------
 The bug happens when BUG_ON macro is triggered.
 {{{
 Breakpoint 31, make_exn_lns_error (info=0x8059fa0, err=0x0, text=0x8059e10
 "affggaxx") at builtin.c:103
 (gdb) print *info->error
 $265 = {code = AUG_EINTERNAL, minor = 0, details = 0x8061f08
 "put.c:418:illegal lens tag 55", minor_details = 0x0, aug = 0x8051e10}
 }}}
 A static const value is returned from make_exn_lns_error, that hides the
 actual error.
 {{{
 0x00146acc in lens_put (info=0x8059fa0, l=0x80662d0, tree=0x8067820,
 str=0x8059e60) at builtin.c:210
 210             v = make_exn_lns_error(info, err, str->string->str);
 Value returned is $266 = (struct value *) 0x173d04
 (gdb) l
 205
 206         if (err == NULL && ! HAS_ERR(info)) {
 207             v = make_value(V_STRING, ref(info));
 208             v->string = make_string(ms.buf);
 209         } else {
 210             v = make_exn_lns_error(info, err, str->string->str);
 211             free_lns_error(err);
 212             FREE(ms.buf);
 213         }
 214         return v;
 (gdb) print *v
 $269 = {ref = 4294967295, info = 0x0, tag = V_EXN, {string = 0x173d18,
 regexp = 0x173d18, lens = 0x173d18, native = 0x173d18,
     origin = 0x173d18, filter = 0x173d18, transform = 0x173d18, exn =
 0x173d18, {func = 0x173d18, bindings = 0x0}}}
 }}}
 A segfault occur when unref macro is called on this static structure. Here
 is the macro expansion.
 {{{
 Run till exit from #0  0x00141024 in compile_exp (info=0x8059fa0,
 exp=0x8053538, ctx=0xbfffefc8) at syntax.c:1659
 0x001407a0 in apply (app=0x805a110, ctx=0xbffff0a4) at syntax.c:1572
 1572        result = compile_exp(app->info, f->func->body, &lctx);
 Value returned is $272 = (struct value *) 0x173d04
 (gdb) n
 1573        unref(result->info, info);
 (gdb) macro expand unref(result->info, info);
 expands to: do { if ((result->info) != ((void *)0) && (result->info)->ref
 != (2147483647 * 2U + 1U)) { (((result->info)->ref > 0) ? (void) (0) :
 __assert_fail ("(result->info)->ref > 0", __FILE__, __LINE__,
 __PRETTY_FUNCTION__)); if (--(result->info)->ref == 0) {
 free_info(result->info); } } (result->info) = ((void *)0); } while(0);
 (gdb) n

 Program received signal SIGSEGV, Segmentation fault.
 0x00140819 in apply (app=0x805a110, ctx=0xbffff0a4) at syntax.c:1573
 1573        unref(result->info, info);
 }}}
 Because this struct is const (return value of exn_error()), the
 instruction (result->info) = ((void *)0); in the macro causes a segfault.

 Removing const argument avoid the segfault, and provides the correct error
 message.

-- 
Ticket URL: <https://fedorahosted.org/augeas/ticket/123>
Augeas <http://augeas.net/>
a configuration API

More information about the augeas-devel mailing list