[solved?] Re: vi segfaults (bb 1.8.2)

Cristian Ionescu-Idbohrn cristian.ionescu-idbohrn at axis.com
Wed Dec 5 07:24:02 PST 2007 

I think I found the problem.

It seems to be caused by the poor correlation control between BUFSIZ,
COMMON_BUFSIZE and MAX_LINELEN and somewhat poor choice of macro
names. In this case:

,---- [ include/libbb.h ]
| 1101: #ifndef BUFSIZ
| 1102: #define BUFSIZ 4096
| 1103: #endif
`----

BUFSIZ is present in bb 1.8.2 but seems to have gone away on svn-head.

What happens is that uclibc (in my case 0.9.27) also has a BUFSIZ
macro.  And it's value is set to 256 (in my code tree).  Building bb
with uclibc (configured that way) could have unpleasent side effects,
like segfaults.

In my 'vi' segfault case, the following macros are involved:

BUFSIZ=256, COMMON_BUFSIZE=1024,
CONFIG_FEATURE_VI_MAX_LEN=2048, MAX_LINELEN=2048

COMMON_BUFSIZE is set to 1024 by:

,---- [ include/libbb.h ]
| 1105: enum { COMMON_BUFSIZE = (BUFSIZ >= 256*sizeof(void*) ? BUFSIZ+1 : 256*sizeof(void*)) };
`----

At run time, these buffers (pointer values below) are involved:

  readbuffer=0x000dfad8
  ptr_to_globals=0x000e0008

and n=1.

On this line:

,---- [ editors/vi.c ]
| 2257         memmove(readbuffer, readbuffer + n, MAX_LINELEN - n);
`----

in function 'readit', when 'readbuffer' is shifted 1 byte down, 2047
bytes get shifted instead of 1023, and (part of) 'globals' gets also
shifted, as in my case 'globals' starts some 1460 away from
'readbuffer'.

I guess there may be risks, in various places, for potentional
breakage, as I can see lots of other macros like:

  include/libbb.h:#ifndef PATH_MAX
  include/libbb.h-#define PATH_MAX 256
  include/libbb.h-#endif

or

  findutils/xargs.c:#ifndef ARG_MAX
  findutils/xargs.c-#define ARG_MAX 470
  findutils/xargs.c-#endif

that could possibly be overriden with values beyond control (from
wrapper Makefiles for example, CFLAGS += -D"PATH_MAX=12345").

A possible solution might be better macro naming chioce and more
macros correlation control.

In order to avoid this brakage without changing the code (still
talking about bb 1.8.2), the workaround, in my case, is to both set
BUFSIZ to a reasonable value in my wrapper Makefile and also correlate
that with a good value for CONFIG_FEATURE_VI_MAX_LEN in bb .config.

BUFSIZ=4096 and CONFIG_FEATURE_VI_MAX_LEN=1024 (actually the default)
work well, and BUFSIZ will not be overriden.


Cheers,

-- 
Cristian

More information about the busybox mailing list