From quinot@inf.enst.fr  Mon Apr 15 10:50:18 2002
Return-Path: <quinot@inf.enst.fr>
Received: from infres.enst.fr (infres-192.enst.fr [137.194.192.1])
	by hub.freebsd.org (Postfix) with ESMTP id E3D9A37B41B
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Apr 2002 10:50:17 -0700 (PDT)
Received: from shalmaneser.enst.fr (shalmaneser.enst.fr [137.194.162.11])
	by infres.enst.fr (Postfix) with ESMTP id 9267F18F4
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Apr 2002 19:50:16 +0200 (MEST)
Received: by shalmaneser.enst.fr (Postfix, from userid 11117)
	id 0958C1158A; Mon, 15 Apr 2002 19:50:15 +0200 (CEST)
Message-Id: <20020415175015.0958C1158A@shalmaneser.enst.fr>
Date: Mon, 15 Apr 2002 19:50:15 +0200 (CEST)
From: Thomas Quinot <thomas@cuivre.fr.eu.org>
Reply-To: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: truss(1) does not print strings from stack correctly
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         37104
>Category:       bin
>Synopsis:       truss(1) does not print strings from stack correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dwmalone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 15 11:00:04 PDT 2002
>Closed-Date:    Tue May 14 13:35:03 PDT 2002
>Last-Modified:  Tue May 14 13:35:03 PDT 2002
>Originator:     Thomas Quinot
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD shalmaneser.enst.fr 5.0-CURRENT FreeBSD 5.0-CURRENT #14: Mon Apr 15 16:33:07 CEST 2002 quinot@shalmaneser.enst.fr:/usr/obj/usr/src/sys/SHALMANESER i386


	
>Description:
	When the first argument of open(2) is a pointer to a string
	on the stack, its value is not correctly printed. This might
	also impact other system calls that take string arguments.
>How-To-Repeat:
	cat > titi.c <<__EOF__
#include <fcntl.h>
main() {
  char buf[256] = "/dev/null";
  close (open ("/dev/null", O_RDONLY));
  close (open (buf, O_RDONLY));
  close (open ("/dev/null", O_RDONLY));
}
__EOF__
$ gcc -o titi titi.c
$ truss -o log ./titi
$ grep open log
open("/var/run/ld-elf.so.hints",0x0,03)          = 4 (0x4)
open("/usr/lib/libc.so.5",0x0,027757770344)      = 4 (0x4)
open("/dev/null",0x0,01001103120)                = 4 (0x4)
open("",0x0,01001103160)                         = 4 (0x4)
open("/dev/null",0x0,01001103222)                = 4 (0x4)

Note that the argument reported for the second from last call to open
is wrong.

Another demonstration of the problem can be produced by setting LANG
to a non-null value and trussing a binary that makes a call to setlocale,
eg: "LANG=foo truss /bin/ls 2>&1 | grep open". This will output garbage.

>Fix:

None known so far.


>Release-Note:
>Audit-Trail:

From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: bin/37104 [PATCH]
Date: Mon, 15 Apr 2002 23:04:29 +0200

 The following patch seems to fix the problem. Addresses on the stack are
 beyond 2**31, i.e. a negative long. Changing the offset parameter
 to an off_t and using fseeko allows the correct seek to be made.
 
 addresses on the stack are beyond 2**31, i.e. some negative long value.
 
 --- usr.bin/truss/dist/syscalls.c	Mon Apr 15 22:44:49 2002
 +++ usr.bin/truss/syscalls.c	Mon Apr 15 22:48:18 2002
 @@ -137,7 +137,7 @@
  		err(1, "dup");
  	if ((p = fdopen(fd, "r")) == NULL)
  		err(1, "fdopen");
 -	fseek(p, (long)offset, SEEK_SET);
 +	fseeko(p, (unsigned long)offset, SEEK_SET);
  	for (pos = (char *)buf; len--; pos++) {
  		if ((c = fgetc(p)) == EOF)
  			return -1;
 @@ -167,7 +167,7 @@
  	buf = malloc( size = (max ? max : 64 ) );
  	len = 0;
  	buf[0] = 0;
 -	fseek(p, (long)offset, SEEK_SET);
 +	fseeko(p, (unsigned long)offset, SEEK_SET);
  	while ((c = fgetc(p)) != EOF) {
  		buf[len++] = c;
  		if (c == 0 || len == max) {
 
 Thomas.
 
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Sun Apr 21 12:04:37 PDT 2002 
Responsible-Changed-Why:  
Patch committed to -current, I'll close the PR once I've MFCed it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37104 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Tue May 14 13:34:31 PDT 2002 
State-Changed-Why:  
Now fixed in -current and RELENG_4. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37104 
>Unformatted:
