[Bug 639111] New: iwevent crash
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c0 Summary: iwevent crash Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: koenig@linux.de QAContact: qa@suse.de Found By: --- Blocker: --- iwevent crashed with the following message: 05:36:26.106283 wlan0 New Access Point/Cell address:Not-Associated 05:36:26.106334 wlan0 Set ESSID:off/any 05:36:28.296320 wlan0 Scan request completed 05:36:35.554483 wlan0 Scan request completed 05:36:35.556903 wlan0 Set ESSID:off/any 05:36:35.556928 wlan0 Set Mode:Managed 05:36:35.556941 wlan0 Set Frequency:2.437 GHz (Channel 6) 05:36:35.556967 wlan0 Set ESSID:"context" 05:36:35.593222 wlan0 Association Response IEs:010882848B962430486C32040C1218602D1A1C181AFFFFFF00000000000000D80007000000000000000000003D1606081500000000000000000000000000000 *** stack smashing detected ***: /usr/sbin/iwevent terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7fc2d8e13067] /lib64/libc.so.6(__fortify_fail+0x0)[0x7fc2d8e13030] /usr/sbin/iwevent[0x402131] /usr/sbin/iwevent[0x402265] /usr/sbin/iwevent[0x4026a2] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7fc2d8d4ab7d] /usr/sbin/iwevent[0x401499] ======= Memory map: ======== 00400000-00403000 r-xp 00000000 fd:06 1279932 /usr/sbin/iwevent 00603000-00604000 r--p 00003000 fd:06 1279932 /usr/sbin/iwevent 00604000-00605000 rw-p 00004000 fd:06 1279932 /usr/sbin/iwevent 00605000-00626000 rw-p 00000000 00:00 0 [heap] 7fc2d8b16000-7fc2d8b2b000 r-xp 00000000 fd:06 164073 /lib64/libgcc_s.so.1 7fc2d8b2b000-7fc2d8d2a000 ---p 00015000 fd:06 164073 /lib64/libgcc_s.so.1 7fc2d8d2a000-7fc2d8d2b000 r--p 00014000 fd:06 164073 /lib64/libgcc_s.so.1 7fc2d8d2b000-7fc2d8d2c000 rw-p 00015000 fd:06 164073 /lib64/libgcc_s.so.1 7fc2d8d2c000-7fc2d8e82000 r-xp 00000000 fd:06 542407 /lib64/libc-2.11.2.so 7fc2d8e82000-7fc2d9082000 ---p 00156000 fd:06 542407 /lib64/libc-2.11.2.so 7fc2d9082000-7fc2d9086000 r--p 00156000 fd:06 542407 /lib64/libc-2.11.2.so 7fc2d9086000-7fc2d9087000 rw-p 0015a000 fd:06 542407 /lib64/libc-2.11.2.so 7fc2d9087000-7fc2d908c000 rw-p 00000000 00:00 0 7fc2d908c000-7fc2d90e2000 r-xp 00000000 fd:06 542631 /lib64/libm-2.11.2.so 7fc2d90e2000-7fc2d92e1000 ---p 00056000 fd:06 542631 /lib64/libm-2.11.2.so 7fc2d92e1000-7fc2d92e2000 r--p 00055000 fd:06 542631 /lib64/libm-2.11.2.so 7fc2d92e2000-7fc2d92e3000 rw-p 00056000 fd:06 542631 /lib64/libm-2.11.2.so 7fc2d92e3000-7fc2d92eb000 r-xp 00000000 fd:06 350278 /usr/lib64/libiw.so.30 7fc2d92eb000-7fc2d94ea000 ---p 00008000 fd:06 350278 /usr/lib64/libiw.so.30 7fc2d94ea000-7fc2d94eb000 r--p 00007000 fd:06 350278 /usr/lib64/libiw.so.30 7fc2d94eb000-7fc2d94ec000 rw-p 00008000 fd:06 350278 /usr/lib64/libiw.so.30 7fc2d94ec000-7fc2d950b000 r-xp 00000000 fd:06 540714 /lib64/ld-2.11.2.so 7fc2d96aa000-7fc2d96ad000 rw-p 00000000 00:00 0 7fc2d9708000-7fc2d970a000 rw-p 00000000 00:00 0 7fc2d970a000-7fc2d970b000 r--p 0001e000 fd:06 540714 /lib64/ld-2.11.2.so 7fc2d970b000-7fc2d970c000 rw-p 0001f000 fd:06 540714 /lib64/ld-2.11.2.so 7fc2d970c000-7fc2d970d000 rw-p 00000000 00:00 0 7fff96dba000-7fff96ddc000 rw-p 00000000 00:00 0 [stack] 7fff96dff000-7fff96e00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) gdb output of the core Core was generated by `/usr/sbin/iwevent'. Program terminated with signal 6, Aborted. #0 0x00007fc2d8d5e9e5 in ?? () (gdb) where #0 0x00007fc2d8d5e9e5 in ?? () #1 0x00007fc2d8d5fee6 in ?? () #2 0x00007fff96dd6780 in ?? () #3 0x00007fff96dd6770 in ?? () #4 0x00007fff96ddae93 in ?? () #5 0x0000000000000011 in ?? () #6 0x00007fc2d8e4c74e in ?? () #7 0x0000000000000003 in ?? () #8 0x00007fff96dd677a in ?? () #9 0x0000000000000006 in ?? () #10 0x00007fc2d8e4c752 in ?? () #11 0x0000000000000002 in ?? () #12 0x00007fff96dd676e in ?? () #13 0x0000000000000002 in ?? () #14 0x00007fc2d8e4a4ee in ?? () #15 0x0000000000000001 in ?? () #16 0x00007fc2d8e4c74e in ?? () #17 0x0000000000000003 in ?? () #18 0x00007fff96dd6774 in ?? () #19 0x000000000000000c in ?? () #20 0x00007fc2d8e4c752 in ?? () #21 0x0000000000000002 in ?? () #22 0x0000000000000020 in ?? () #23 0x0000000000000000 in ?? () (gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c1 --- Comment #1 from Harald Koenig <koenig@linux.de> 2010-09-14 05:45:01 UTC --- running iwevent in gdb gives some more info: 05:40:51.841844 wlan0 Set Frequency:2.437 GHz (Channel 6) 05:40:51.841903 wlan0 Set ESSID:"context" 05:40:51.878882 wlan0 Association Response IEs:010882848B962430486C32040C1218602D1A1C181AFFFFFF00000000000000D80007000000000000000000003D1606081500000000000000000000000000000 *** stack smashing detected ***: /usr/sbin/iwevent terminated Missing separate debuginfo for /lib64/libgcc_s.so.1 Try: zypper install -C "debuginfo(build-id)=92c1bf9d71eaca088ccc44ec457d0642096b13b4" ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff7705067] /lib64/libc.so.6(__fortify_fail+0x0)[0x7ffff7705030] /usr/sbin/iwevent[0x402131] /usr/sbin/iwevent[0x402265] /usr/sbin/iwevent[0x4026a2] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7ffff763cb7d] /usr/sbin/iwevent[0x401499] ======= Memory map: ======== 00400000-00403000 r-xp 00000000 fd:06 1279932 /usr/sbin/iwevent 00603000-00604000 r--p 00003000 fd:06 1279932 /usr/sbin/iwevent 00604000-00605000 rw-p 00004000 fd:06 1279932 /usr/sbin/iwevent 00605000-00626000 rw-p 00000000 00:00 0 [heap] 7ffff7408000-7ffff741d000 r-xp 00000000 fd:06 164073 /lib64/libgcc_s.so.1 7ffff741d000-7ffff761c000 ---p 00015000 fd:06 164073 /lib64/libgcc_s.so.1 7ffff761c000-7ffff761d000 r--p 00014000 fd:06 164073 /lib64/libgcc_s.so.1 7ffff761d000-7ffff761e000 rw-p 00015000 fd:06 164073 /lib64/libgcc_s.so.1 7ffff761e000-7ffff7774000 r-xp 00000000 fd:06 542407 /lib64/libc-2.11.2.so 7ffff7774000-7ffff7974000 ---p 00156000 fd:06 542407 /lib64/libc-2.11.2.so 7ffff7974000-7ffff7978000 r--p 00156000 fd:06 542407 /lib64/libc-2.11.2.so 7ffff7978000-7ffff7979000 rw-p 0015a000 fd:06 542407 /lib64/libc-2.11.2.so 7ffff7979000-7ffff797e000 rw-p 00000000 00:00 0 7ffff797e000-7ffff79d4000 r-xp 00000000 fd:06 542631 /lib64/libm-2.11.2.so 7ffff79d4000-7ffff7bd3000 ---p 00056000 fd:06 542631 /lib64/libm-2.11.2.so 7ffff7bd3000-7ffff7bd4000 r--p 00055000 fd:06 542631 /lib64/libm-2.11.2.so 7ffff7bd4000-7ffff7bd5000 rw-p 00056000 fd:06 542631 /lib64/libm-2.11.2.so 7ffff7bd5000-7ffff7bdd000 r-xp 00000000 fd:06 350278 /usr/lib64/libiw.so.30 7ffff7bdd000-7ffff7ddc000 ---p 00008000 fd:06 350278 /usr/lib64/libiw.so.30 7ffff7ddc000-7ffff7ddd000 r--p 00007000 fd:06 350278 /usr/lib64/libiw.so.30 7ffff7ddd000-7ffff7dde000 rw-p 00008000 fd:06 350278 /usr/lib64/libiw.so.30 7ffff7dde000-7ffff7dfd000 r-xp 00000000 fd:06 540714 /lib64/ld-2.11.2.so 7ffff7f9b000-7ffff7f9e000 rw-p 00000000 00:00 0 7ffff7ff9000-7ffff7ffb000 rw-p 00000000 00:00 0 7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 0001e000 fd:06 540714 /lib64/ld-2.11.2.so 7ffff7ffd000-7ffff7ffe000 rw-p 0001f000 fd:06 540714 /lib64/ld-2.11.2.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffdd000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff76509e5 in raise () from /lib64/libc.so.6 (gdb) where #0 0x00007ffff76509e5 in raise () from /lib64/libc.so.6 #1 0x00007ffff7651ee6 in abort () from /lib64/libc.so.6 #2 0x00007ffff768bc53 in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff7705067 in __fortify_fail () from /lib64/libc.so.6 #4 0x00007ffff7705030 in __stack_chk_fail () from /lib64/libc.so.6 #5 0x0000000000402131 in ?? () #6 0x0000000000402265 in ?? () #7 0x00000000004026a2 in ?? () #8 0x00007ffff763cb7d in __libc_start_main () from /lib64/libc.so.6 #9 0x0000000000401499 in ?? () #10 0x00007fffffffd968 in ?? () #11 0x000000000000001c in ?? () #12 0x0000000000000001 in ?? () #13 0x00007fffffffdecd in ?? () #14 0x0000000000000000 in ?? () (gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c wei wang <wewang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wewang@novell.com AssignedTo|bnc-team-screening@forge.pr |bili@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c2 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |koenig@linux.de --- Comment #2 from Li Bin <bili@novell.com> 2010-09-14 07:02:06 UTC --- Harald, The gdb info is not enough, please install the libiw30-debuginfo, wireless-tools-debuginfo and wireless-tools-debugsource from openSUSE-11.3-Debug repository(http://download.opensuse.org/debug/distribution/11.3/repo/oss/). Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c3 Harald Koenig <koenig@linux.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|koenig@linux.de | --- Comment #3 from Harald Koenig <koenig@linux.de> 2010-09-14 08:43:37 UTC --- voila: Program received signal SIGABRT, Aborted. 0x00007ffff76509e5 in raise () from /lib64/libc.so.6 (gdb) where #0 0x00007ffff76509e5 in raise () from /lib64/libc.so.6 #1 0x00007ffff7651ee6 in abort () from /lib64/libc.so.6 #2 0x00007ffff768bc53 in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff7705067 in __fortify_fail () from /lib64/libc.so.6 #4 0x00007ffff7705030 in __stack_chk_fail () from /lib64/libc.so.6 #5 0x0000000000402131 in print_event_stream (ifindex=<value optimized out>, data=<value optimized out>, len=<value optimized out>) at iwevent.c:548 #6 0x0000000000402265 in LinkCatcher (rth=0x7fffffffd820) at iwevent.c:598 #7 handle_netlink_events (rth=0x7fffffffd820) at iwevent.c:660 #8 0x00000000004026a2 in wait_for_event (argc=<value optimized out>, argv=<value optimized out>) at iwevent.c:724 #9 main (argc=<value optimized out>, argv=<value optimized out>) at iwevent.c:799 (gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c4 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |koenig@linux.de --- Comment #4 from Li Bin <bili@novell.com> 2010-09-14 09:16:24 UTC --- Harald, The interface __stack_chk_fail() shall abort the function that called it with a message that a stack overflow has been detected. So I think it's caused by print_event_stream. Do you have another AP? Is it crash for other APs? I tried in my laptop, it's not crash. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c5 Harald Koenig <koenig@linux.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|koenig@linux.de | --- Comment #5 from Harald Koenig <koenig@linux.de> 2010-09-14 10:05:04 UTC --- (In reply to comment #4)
Harald,
The interface __stack_chk_fail() shall abort the function that called it with a message that a stack overflow has been detected.
So I think it's caused by print_event_stream. Do you have another AP? Is it crash for other APs?
I tried in my laptop, it's not crash.
correct. I'm on a TeX conference right now and there are multiple APs around, and only connecting to one of them (essid "context") will crash iwevent, all others seem to be fine. how can I get/provide more information for that AP ? I set a break point to print_event_stream() and stepped through that funtion using "n"ext in gdb. the crash happens after leaving print_event_stream() : (gdb) Continuing. 10:00:43.328730 wlan0 Set ESSID:"context" Breakpoint 1, print_event_stream (ifindex=3, data=0x7fffffffb790 "\265", len=181) at iwevent.c:505 505 { (gdb) Continuing. 09:54:08.527395 wlan0 Set ESSID:"context" Breakpoint 1, print_event_stream (ifindex=3, data=0x7fffffffb790 "\265", len=181) at iwevent.c:505 505 { (gdb) n 516 wireless_data = iw_get_interface_data(ifindex); (gdb) 505 { (gdb) 516 wireless_data = iw_get_interface_data(ifindex); (gdb) 521 gettimeofday(&recv_time, &tz); (gdb) 522 iw_print_timeval(buffer, sizeof(buffer), &recv_time, &tz); (gdb) 524 iw_init_event_stream(&stream, data, len); (gdb) 522 iw_print_timeval(buffer, sizeof(buffer), &recv_time, &tz); (gdb) 508 int i = 0; (gdb) 522 iw_print_timeval(buffer, sizeof(buffer), &recv_time, &tz); (gdb) 524 iw_init_event_stream(&stream, data, len); (gdb) 533 printf("%s %-8.16s ", buffer, wireless_data->ifname); (gdb) 537 print_event_token(&iwe, (gdb) 533 printf("%s %-8.16s ", buffer, wireless_data->ifname); (gdb) 537 print_event_token(&iwe, (gdb) 528 ret = iw_extract_event_stream(&stream, &iwe, (gdb) 530 if(ret != 0) (gdb) 528 ret = iw_extract_event_stream(&stream, &iwe, (gdb) 530 if(ret != 0) (gdb) 532 if(i++ == 0) (gdb) 533 printf("%s %-8.16s ", buffer, wireless_data->ifname); (gdb) 536 if(ret > 0) (gdb) 537 print_event_token(&iwe, (gdb) 09:54:14.080828 wlan0 Association Response IEs:010882848B962430486C32040C1218602D1A1C181AFFFFFF00000000000000D80007000000000000000000003D160B001700000000000000000000000000000 542 fflush(stdout); (gdb) n 532 if(i++ == 0) (gdb) n 542 fflush(stdout); (gdb) n 528 ret = iw_extract_event_stream(&stream, &iwe, (gdb) n 530 if(ret != 0) (gdb) 528 ret = iw_extract_event_stream(&stream, &iwe, (gdb) 530 if(ret != 0) (gdb) 547 return(0); (gdb) 548 } (gdb) *** stack smashing detected ***: /usr/sbin/iwevent terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff7705067] /lib64/libc.so.6(__fortify_fail+0x0)[0x7ffff7705030] /usr/sbin/iwevent[0x402131] /usr/sbin/iwevent[0x402265] /usr/sbin/iwevent[0x4026a2] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7ffff763cb7d] /usr/sbin/iwevent[0x401499] stepping through iw_extract_event_stream() does not give me a clue either: 528 ret = iw_extract_event_stream(&stream, &iwe, (gdb) s iw_extract_event_stream (stream=0x7fffffffb450, iwe=0x7fffffffb6e0, we_version=22) at iwlib.c:2850 2850 { (gdb) 2859 if((stream->current + IW_EV_LCP_PK_LEN) > stream->end) (gdb) 2860 return(0); (gdb) 3055 } (gdb) print_event_stream (ifindex=<value optimized out>, data=<value optimized out>, len=<value optimized out>) at iwevent.c:530 530 if(ret != 0) (gdb) 528 ret = iw_extract_event_stream(&stream, &iwe, (gdb) 530 if(ret != 0) (gdb) 547 return(0); (gdb) 548 } (gdb) *** stack smashing detected ***: /usr/sbin/iwevent terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff7705067] /lib64/libc.so.6(__fortify_fail+0x0)[0x7ffff7705030] -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c6 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |koenig@linux.de --- Comment #6 from Li Bin <bili@novell.com> 2010-09-14 10:48:34 UTC --- https://api.opensuse.org/build/home:BinLi:branches:openSUSE:11.3:Update:Test... https://api.opensuse.org/build/home:BinLi:branches:openSUSE:11.3:Update:Test... I add a debug patch to output the length of data. --- wireless_tools.30.orig/iwevent.c +++ wireless_tools.30/iwevent.c @@ -512,6 +512,7 @@ print_event_stream(int ifindex, struct timezone tz; struct wireless_iface * wireless_data; + printf("strlen data is %d, len is %d.\n", strlen(data), len); /* Get data from cache */ wireless_data = iw_get_interface_data(ifindex); if(wireless_data == NULL) Could you try it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c7 Harald Koenig <koenig@linux.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|koenig@linux.de | --- Comment #7 from Harald Koenig <koenig@linux.de> 2010-09-14 12:21:10 UTC --- (In reply to comment #6)
https://api.opensuse.org/build/home:BinLi:branches:openSUSE:11.3:Update:Test...
https://api.opensuse.org/build/home:BinLi:branches:openSUSE:11.3:Update:Test...
I add a debug patch to output the length of data.
--- wireless_tools.30.orig/iwevent.c +++ wireless_tools.30/iwevent.c @@ -512,6 +512,7 @@ print_event_stream(int ifindex, struct timezone tz; struct wireless_iface * wireless_data;
+ printf("strlen data is %d, len is %d.\n", strlen(data), len); /* Get data from cache */ wireless_data = iw_get_interface_data(ifindex); if(wireless_data == NULL)
Could you try it?
the 32bit rpm doesn't "perfectly" fit into my 64bit system, but there is --nodeps et voila ;-) with your 32 bit iwevent image I get two more lines of output before it crashes: while the 64bit prog crashes after 'Set ESSID:"context"' your 32bit bianry prints 'Association Response IEs:...' and 'New Access Point/Cell address' : 12:11:36.053683 wlan0 Set Frequency:2.462 GHz (Channel 11) strlen data is 1, len is 15. 12:11:36.053737 wlan0 Set ESSID:"context" Associated with 00:21:29:d3:8c:86 CTRL-EVENT-CONNECTED - Connection to 00:21:29:d3:8c:86 completed (reauth) [id=1 id_str=] strlen data is 1, len is 173. 12:11:36.065292 wlan0 Association Response IEs:010882848B962430486C32040C1218602D1A1C181AFFFFFF00000000000000D80007000000000000000000003D160B001700000000000000000000000000000 strlen data is 1, len is 20. 12:11:36.065348 wlan0 New Access Point/Cell address:00:21:29:D3:8C:86 Breakpoint 1, 0xf7ecb690 in __stack_chk_fail () from /lib/libc.so.6 (gdb) c Continuing. *** stack smashing detected ***: /usr/sbin/iwevent terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x40)[0xf7ecb6f0] /lib/libc.so.6(+0xea6a7)[0xf7ecb6a7] /usr/sbin/iwevent[0x804a082] /usr/sbin/iwevent[0x804a38c] /lib/libc.so.6(__libc_start_main+0xfe)[0xf7df7c0e] /usr/sbin/iwevent[0x8048f71] ======= Memory map: ======== for the 64bit binary len is 181 after output of 'Set ESSID:"context"' and strlen(data) is 1 too (checked in gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c8 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |NEEDINFO InfoProvider| |koenig@linux.de --- Comment #8 from Li Bin <bili@novell.com> 2010-09-15 03:25:09 UTC --- Harald, Could you download the sourcecode to debug it? I wanna make sure which function cause the stack overflow, iw_extract_event_stream or print_event_token? You can comment the print_event_token first, then try again. Then try another one. Is it convenient? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c9 Harald Koenig <koenig@linux.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|koenig@linux.de | --- Comment #9 from Harald Koenig <koenig@linux.de> 2010-09-15 08:53:51 UTC --- (In reply to comment #8)
Harald,
Could you download the sourcecode to debug it? I wanna make sure which function cause the stack overflow, iw_extract_event_stream or print_event_token?
You can comment the print_event_token first, then try again. Then try another one.
Is it convenient?
ACK! 1st: a plain "make" in the build dir made the problem vanish because then the gcc option "-fstack-protector" from the "rpm -bp ..." was missing :-( with -fstack-protector I was able to reproduce/debug and find the real problem: iw_hexdump() does not honor it's parameter "buflen" and thus trashes the stack when it gets called here case IWEVASSOCRESPIE: printf("Association Response IEs:%s\n", with buflen==128 and datalen==165 (so needing 330+1 bytes buffer space for the hex dump...) RTFM taught me that the snprintf() will return 2 even for size==0 or size<0 showing that the output was clipped if return >= size)! here is my patch to avoid a) any buffer overflow and b) show the whole hex dump for that AP packet (see below). -------------------------------------------------------------- wireless_tools.30 > diff -u iwevent.c{~,} --- iwevent.c~ 2008-05-16 01:18:52.000000000 +0200 +++ iwevent.c 2010-09-15 10:38:08.000000000 +0200 @@ -285,8 +285,10 @@ size_t i; char * pos = buf; - for(i = 0; i < datalen; i++) + for(i = 0; i < datalen; i++) { + if (buf + buflen - pos < 2+1) break; pos += snprintf(pos, buf + buflen - pos, "%02X", data[i]); + } return buf; } @@ -299,7 +301,7 @@ struct iw_range * iw_range, /* Range info */ int has_range) { - char buffer[128]; /* Temporary buffer */ + char buffer[512]; /* Temporary buffer */ char buffer2[30]; /* Temporary buffer */ char * prefix = (IW_IS_GET(event->cmd) ? "New" : "Set"); ------------------------------------------------------------- the correct output should look like this: 08:38:21.512101 wlan0 Set ESSID:"context" 08:38:21.746297 wlan0 Association Response IEs:010882848B962430486C32040C1218602D1A1C181AFFFFFF00000000000000D80007000000000000000000003D160B001700000000000000000000000000000000000000DD090010180212F4010000DD180050F2020101000003A4000027A4000042435E0062322F00DD1E00904C331C181AFFFF000000000000000000000000000000000000000000DD1A00904C340B001700000000000000000000000000000000000000 08:38:21.746470 wlan0 New Access Point/Cell address:00:21:29:D3:8C:86 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c10 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #10 from Li Bin <bili@novell.com> 2010-09-20 05:34:53 UTC --- Thanks! I'll make a patch for it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c11 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #11 from Li Bin <bili@novell.com> 2010-09-20 05:35:44 UTC --- Maintenance, Could we let it in updates? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c12 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cdengler@novell.com --- Comment #12 from Christian Dengler <cdengler@novell.com> 2010-09-21 14:15:23 UTC --- For an update +1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c13 --- Comment #13 from Marcus Meissner <meissner@novell.com> 2010-09-21 14:19:25 UTC --- its ok. +1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c14 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:36141:low --- Comment #14 from Swamp Workflow Management <swamp@suse.com> 2010-09-28 18:19:59 UTC --- The SWAMPID for this issue is 36141. This issue was rated as low. Please submit fixed packages until 2010-10-26. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/36141 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c15 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #15 from Christian Dengler <cdengler@novell.com> 2010-09-28 18:20:16 UTC --- update started -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c16 --- Comment #16 from Christian Dengler <cdengler@novell.com> 2010-09-29 13:26:45 UTC --- Can you also submit the fixed sources? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c17 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #17 from Li Bin <bili@novell.com> 2010-09-30 08:38:48 UTC --- Done. 49538 State:new By:BinLi When:2010-09-30T10:37:36 submit: home:BinLi:branches:openSUSE:11.3:Update:Test/wireless-tools -> openSUSE:11.3:Update:Test Descr: 'Avoid overflow and increase the buffer to dump hex(bnc#63911, swampid#36141).' -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c18 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:36141:low |maint:running:36141:low | |maint:released:11.3:36146 --- Comment #18 from Swamp Workflow Management <swamp@suse.com> 2010-10-11 09:31:24 UTC --- Update released for: libiw-devel, libiw30, libiw30-debuginfo, wireless-tools, wireless-tools-debuginfo, wireless-tools-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:36141:low |maint:released:11.3:36146 |maint:released:11.3:36146 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c19 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:11.3:36146 |maint:running:36141:low | |maint:released:11.3:36146 --- Comment #19 from Swamp Workflow Management <swamp@suse.com> 2010-10-11 13:22:17 UTC --- Update released for: libiw-devel, libiw30, libiw30-debuginfo, wireless-tools, wireless-tools-debuginfo, wireless-tools-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=639111 https://bugzilla.novell.com/show_bug.cgi?id=639111#c19 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:11.3:36146 |maint:running:36141:low | |maint:released:11.3:36146 --- Comment #19 from Swamp Workflow Management <swamp@suse.com> 2010-10-11 13:22:17 UTC --- Update released for: libiw-devel, libiw30, libiw30-debuginfo, wireless-tools, wireless-tools-debuginfo, wireless-tools-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com