[issue1891] sftp utility crashes

vasily postnicov (via DragonFly issue tracker) sinknull at leaf.dragonflybsd.org
Wed Nov 10 09:20:34 PST 2010


vasily postnicov <shamaz.mazum at gmail.com> added the comment:

> How did you specify -O0 and what error are you getting? Because world 
and kernel build just fine here with -O0.

Uh, I am sorry. This is my fault, actually.

> Can you give the following values?

I have something interesting for you. Size of glob_t (type for glob() ) is 88
(at least on my machine):

#include <sys/types.h>
#include <glob.h>
#include <stdio.h>

int main ()
{
    printf ("%i\n", sizeof(glob_t));
    return 0;
}

$ cc -o test test.c
$ ./test
88

In glob () function it is 88 too, but in process_get() and remote_glob() it is
72. How could it be?

Some output from gdb:

sftp> get htdocs

Breakpoint 1, remote_glob (conn=0x8005800c0, 
    pattern=0x800580820 "/home/groups/t/tp/tprpg/htdocs", flags=8, errfunc=0, 
    pglob=0x7fffffffe7a0)
    at /usr/src/secure/usr.bin/sftp/../../../crypto/openssh/sftp-glob.c:148
148             return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob));
(gdb) list
143             pglob->gl_stat = fudge_stat;
144     
145             memset(&cur, 0, sizeof(cur));
146             cur.conn = conn;
147     
148             return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob));
149     }
(gdb) bt
#0  remote_glob (conn=0x8005800c0, 
    pattern=0x800580820 "/home/groups/t/tp/tprpg/htdocs", flags=8, errfunc=0, 
    pglob=0x7fffffffe7a0)
    at /usr/src/secure/usr.bin/sftp/../../../crypto/openssh/sftp-glob.c:148
#1  0x00000000004038db in process_get (conn=0x8005800c0, src=0x8005600f0 "htdocs", 
    dst=0x0, pwd=0x8005700b8 "/home/groups/t/tp/tprpg", pflag=0, rflag=0)
    at /usr/src/secure/usr.bin/sftp/../../../crypto/openssh/sftp.c:508
#2  0x0000000000405bd6 in parse_dispatch_command (conn=0x8005800c0, 
    cmd=0x7fffffffedb0 "get htdocs", pwd=0x7ffffffff5b8, err_abort=0)
    at /usr/src/secure/usr.bin/sftp/../../../crypto/openssh/sftp.c:1307
#3  0x0000000000407959 in interactive_loop (conn=0x8005800c0, file1=0x0, file2=0x0)
    at /usr/src/secure/usr.bin/sftp/../../../crypto/openssh/sftp.c:1975
#4  0x000000000040832f in main (argc=2, argv=0x7ffffffff728)
    at /usr/src/secure/usr.bin/sftp/../../../crypto/openssh/sftp.c:2249
(gdb) print *pglob
$1 = {gl_pathc = 0, gl_matchc = 0, gl_offs = 0, gl_flags = 0, gl_pathv = 0x0, 
  gl_errfunc = 0, gl_closedir = 0x40c5ec <fudge_closedir>, 
  gl_readdir = 0x40c552 <fudge_readdir>, gl_opendir = 0x40c4f4 <fudge_opendir>, 
  gl_lstat = 0x40c60f <fudge_lstat>, gl_stat = 0x40c661 <fudge_stat>}
(gdb) print sizeof(*pglob)                                                     
        
$3 = 72
(gdb) x/72xb pglob
0x7fffffffe7a0: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7a8: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7b0: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7b8: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7c0: 0xec    0xc5    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7c8: 0x52    0xc5    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7d0: 0xf4    0xc4    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7d8: 0x0f    0xc6    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7e0: 0x61    0xc6    0x40    0x00    0x00    0x00    0x00    0x00
(gdb) step

Breakpoint 2, glob (pattern=0x800580820 "/home/groups/t/tp/tprpg/htdocs", flags=72, 
    errfunc=0, pglob=0x7fffffffe7a0) at /usr/src/lib/libc/../libc/gen/glob.c:187
187             patnext = pattern;
(gdb) print sizeof(*pglob)
$4 = 88
(gdb) x/88xb pglob                                                             
        
0x7fffffffe7a0: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7a8: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7b0: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7b8: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7c0: 0xec    0xc5    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7c8: 0x52    0xc5    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7d0: 0xf4    0xc4    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7d8: 0x0f    0xc6    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7e0: 0x61    0xc6    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffe7e8: 0x20    0x08    0x58    0x00    0x08    0x00    0x00    0x00
0x7fffffffe7f0: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
(gdb) print *pglob
$5 = {gl_pathc = 0, gl_matchc = 0, gl_offs = 0, gl_flags = 0, gl_pathv = 0x40c5ec, 
  gl_errfunc = 0x40c552 <fudge_readdir>, gl_closedir = 0x40c4f4 <fudge_opendir>, 
  gl_readdir = 0x40c60f <fudge_lstat>, gl_opendir = 0x40c661 <fudge_stat>, 
  gl_lstat = 0x800580820, gl_stat = 0}

_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1891>
_____________________________________________________






More information about the Bugs mailing list