From stephen@cauchy.math.missouri.edu  Sat Feb 25 22:32:18 2006
Return-Path: <stephen@cauchy.math.missouri.edu>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7FADB16A420
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Feb 2006 22:32:18 +0000 (GMT)
	(envelope-from stephen@cauchy.math.missouri.edu)
Received: from cauchy.math.missouri.edu (cauchy.math.missouri.edu [128.206.49.166])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CBE8A43D83
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Feb 2006 22:32:17 +0000 (GMT)
	(envelope-from stephen@cauchy.math.missouri.edu)
Received: from cauchy.math.missouri.edu (localhost [127.0.0.1])
	by cauchy.math.missouri.edu (8.13.4/8.13.4) with ESMTP id k1PMWHfn092912
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Feb 2006 16:32:17 -0600 (CST)
	(envelope-from stephen@cauchy.math.missouri.edu)
Received: (from stephen@localhost)
	by cauchy.math.missouri.edu (8.13.4/8.13.4/Submit) id k1PMWHmX092909;
	Sat, 25 Feb 2006 16:32:17 -0600 (CST)
	(envelope-from stephen)
Message-Id: <200602252232.k1PMWHmX092909@cauchy.math.missouri.edu>
Date: Sat, 25 Feb 2006 16:32:17 -0600 (CST)
From: Stephen Montgomery-Smith <stephen@cauchy.math.missouri.edu>
Reply-To: Stephen Montgomery-Smith <stephen@math.missouri.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: seg fault with dmesg
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         93841
>Category:       bin
>Synopsis:       [patch] fix seg fault with dmesg(8)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dwmalone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 25 22:40:06 GMT 2006
>Closed-Date:    Mon Aug 21 12:45:26 GMT 2006
>Last-Modified:  Mon Aug 21 12:45:26 GMT 2006
>Originator:     Stephen Montgomery-Smith
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD cauchy 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Sun Feb 5 02:37:31 CST 2006 stephen@cauchy:/usr/obj/usr/src/sys/cauchy i386


	
>Description:

My video card issues some really weird messages to the message buffer, e.g.

<
2>>

When the message buffer has such problems, dmesg will seg fault.

>How-To-Repeat:

I'm not sure how anyone else could mimic this problem.

>Fix:

--- dmesg.c-orig	Sat Feb 25 16:26:18 2006
+++ dmesg.c	Sat Feb 25 16:27:01 2006
@@ -177,7 +177,7 @@
 		nextp++;
 
 		/* Skip ^<[0-9]+> syslog sequences. */
-		if (*p == '<') {
+		if (*p == '<' && *(p+1) != '\n') {
 			errno = 0;
 			pri = strtol(p + 1, &q, 10);
 			if (*q == '>' && pri >= 0 && pri < INT_MAX &&


>Release-Note:
>Audit-Trail:

From: Stephen Montgomery-Smith <stephen@math.missouri.edu>
To: bug-followup@FreeBSD.org,  stephen@math.missouri.edu
Cc:  
Subject: Re: bin/93841: seg fault with dmesg
Date: Sat, 25 Feb 2006 16:57:56 -0600

 Actually my suggested fix isn't going to work in every situation.  How 
 about:
 
 --- dmesg.c-orig	Sat Feb 25 16:26:18 2006
 +++ dmesg.c	Sat Feb 25 16:52:11 2006
 @@ -184,7 +184,8 @@
   			    errno == 0) {
   				if (LOG_FAC(pri) != LOG_KERN && !all)
   					continue;
 -				p = q + 1;
 +				if (q < nextp)
 +					p = q + 1;
   			}
   		}
 
 
 
 (This patch is unlikely to apply cleanly because my mail client has 
 probably messed it up.)
 

From: Stephen Montgomery-Smith <stephen@math.missouri.edu>
To: bug-followup@FreeBSD.org,  stephen@math.missouri.edu
Cc:  
Subject: Re: bin/93841: seg fault with dmesg
Date: Sun, 26 Feb 2006 11:59:32 -0600

 And this is a slightly cleaner way to fix the problem.
 
 --- dmesg.c-orig	Sat Feb 25 16:26:18 2006
 +++ dmesg.c	Sat Feb 25 17:06:55 2006
 @@ -180,8 +180,8 @@
   		if (*p == '<') {
   			errno = 0;
   			pri = strtol(p + 1, &q, 10);
 -			if (*q == '>' && pri >= 0 && pri < INT_MAX &&
 -			    errno == 0) {
 +			if (q < nextp && *q == '>' && pri >= 0 &&
 +			    pri < INT_MAX && errno == 0) {
   				if (LOG_FAC(pri) != LOG_KERN && !all)
   					continue;
   				p = q + 1;
 
 Another possibility is to change the first if statement above to 
 something like
 
 if (p* == '<' && !isspace(*(p+1))) {
 
 but that might or might not have an undesired effect, because I don't 
 know if you mean to delete stuff like
 < 2>

From: David Malone <dwmalone@maths.tcd.ie>
To: bug-followup@FreeBSD.org, stephen@math.missouri.edu
Cc:  
Subject: Re: bin/93841: [patch] fix seg fault with dmesg(8)
Date: Mon, 27 Feb 2006 14:38:01 +0000

 Hi Stephen,
 
 I would favour a fix of:
 
 	if (p* == '<' && isdigit(*(p+1))) {
 
 Does this look OK to you?
 
 	David.

From: Stephen Montgomery-Smith <stephen@math.missouri.edu>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/93841: [patch] fix seg fault with dmesg(8)
Date: Mon, 27 Feb 2006 09:36:35 -0600

 David Malone wrote:
 > Hi Stephen,
 > 
 > I would favour a fix of:
 > 
 > 	if (p* == '<' && isdigit(*(p+1))) {
 > 
 > Does this look OK to you?
 > 
 > 	David.
 
 It looks great to me.
 
 -- 
 
 Stephen Montgomery-Smith
 stephen@math.missouri.edu
 http://www.math.missouri.edu/~stephen
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Mon Feb 27 19:13:58 UTC 2006 
Responsible-Changed-Why:  
I've committed something to -current which should fix the problem. I'll 
MFC in a couple of weeks if there are no objections. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93841 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Mon Aug 21 12:44:50 UTC 2006 
State-Changed-Why:  
Now fixed in -current, RELENG_6 and RELENG_5. Thanks for the 
patch, 

David. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93841 
>Unformatted:
