From robert@fledge.watson.org  Mon Nov 26 11:02:36 2001
Return-Path: <robert@fledge.watson.org>
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 9D1D337B417
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Nov 2001 11:02:35 -0800 (PST)
Received: (from robert@localhost)
	by fledge.watson.org (8.11.6/8.11.5) id fAQJ2Nd96033;
	Mon, 26 Nov 2001 14:02:23 -0500 (EST)
	(envelope-from robert)
Message-Id: <200111261902.fAQJ2Nd96033@fledge.watson.org>
Date: Mon, 26 Nov 2001 14:02:23 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: nm coredumps on sendmail in -current
X-Send-Pr-Version: 3.113
X-GNATS-Notify: ru

>Number:         32299
>Category:       bin
>Synopsis:       nm coredumps on sendmail in -current
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    peter
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 26 11:10:01 PST 2001
>Closed-Date:    Mon Oct 28 08:26:33 PST 2002
>Last-Modified:  Mon Oct 28 08:26:33 PST 2002
>Originator:     Robert Watson
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
NAI Labs
>Environment:
System: FreeBSD sproing.gw.tislabs.com 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Fri Nov  9 12:16:03 EST 2001     rwatson@sproing.gw.tislabs.com:/usr/obj/usr/src/sys/SPROING  i386

>Description:

sproing:/tmp/tmp> nm `which sendmail`
Segmentation fault (core dumped)
sproing:/tmp/tmp> gdb `which nm` nm.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
Core was generated by `nm'.
Program terminated with signal 11, Segmentation fault.
#0  0x8057c9c in ?? ()
(gdb) where
#0  0x8057c9c in ?? ()
#1  0x8066e87 in ?? ()
#2  0x804d9b8 in ?? ()
#3  0x8049fb0 in ?? ()
#4  0x8049936 in ?? ()
#5  0x804973d in ?? ()
#6  0x80492cd in ?? ()

Unfortunately, no symbols in my nm, but I can reproduce it on several machines.

>How-To-Repeat:

nm `which sendmail`

>Fix:

>Release-Note:
>Audit-Trail:

From: Mark Peek <mark@whistle.com>
To: Robert Watson <rwatson@FreeBSD.ORG>,
	FreeBSD-gnats-submit@FreeBSD.ORG
Cc: "David O'Brien" <obrien@FreeBSD.ORG>
Subject: Re: bin/32299: nm coredumps on sendmail in -current
Date: Mon, 26 Nov 2001 14:39:57 -0800

 This probably started occurring around the time of this commit to 
 lib/libc/stdlib/malloc.c:
 
 ----------------------------
 revision 1.60
 date: 2001/11/02 11:32:28;  author: phk;  state: Exp;  lines: +14 -4
 phkmalloc->evilchecks++;
 
 If zero bytes are allocated, return pointer to the middle of page-zero
 (which is protected) so that the program will crash if it dereferences
 this illgotten pointer.
 
 Inspired & Urged by:    Theo de Raadt <deraadt@cvs.openbsd.org>
 ----------------------------
 
 Try this patch to fix nm:
 
 Index: contrib/binutils/bfd/syms.c
 ===================================================================
 RCS file: /cvs/freebsd/src/contrib/binutils/bfd/syms.c,v
 retrieving revision 1.1.1.5
 diff -u -u -r1.1.1.5 syms.c
 --- contrib/binutils/bfd/syms.c	2001/06/26 16:56:40	1.1.1.5
 +++ contrib/binutils/bfd/syms.c	2001/11/26 22:34:50
 @@ -715,6 +715,8 @@
       storage = bfd_get_symtab_upper_bound (abfd);
     if (storage < 0)
       goto error_return;
 +  if (storage == 0)
 +    return 0;
 
     syms = (asymbol **) bfd_malloc ((size_t) storage);
     if (syms == NULL)
 
 
Responsible-Changed-From-To: freebsd-bugs->peter 
Responsible-Changed-By: ru 
Responsible-Changed-When: Thu Dec 20 01:17:36 PST 2001 
Responsible-Changed-Why:  
So Peter knows "of the origins of this patch". 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32299 
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Mon Oct 28 08:24:45 PST 2002 
State-Changed-Why:  
Fixed in rev. 1.1.1.6 and rev. 1.1.1.2.6.3 src/contrib/binutils/bfd/syms.c 
in -CURRENT and -STABLE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=32299 
>Unformatted:
