Re: lsusb segfault

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 25.05.2011 00:18 schrieb Greg KH:
On Wed, May 25, 2011 at 12:02:48AM +0200, Carl-Daniel Hailfinger wrote:
Hi,

I was playing with the "authorized" attribute of USB devices in
sysfs. If I have at least one device with authorized=0, one or more
lsusb bugs are triggered.

"lsusb" will print nothing (really nothing, not even the host controllers)

"lsusb -t" will segfault.
gdb output follows.
Core was generated by `lsusb -t'.
Program terminated with signal 11, Segmentation fault.
#0  read_sysfs_file_string (d_name=<value optimized out>, file=<value optimized out>, buf=0x180fd10 "", len=-1) at lsusb-t.c:246
246                             if (buf[r] == '\n')
(gdb) bt
#0  read_sysfs_file_string (d_name=<value optimized out>, file=<value optimized out>, buf=0x180fd10 "", len=-1) at lsusb-t.c:246
#1  0x000000000040b134 in add_usb_device (d_name=0x180764b "2-3") at lsusb-t.c:380
#2  0x000000000040b6d8 in inspect_bus_entry () at lsusb-t.c:462
#3  walk_usb_devices () at lsusb-t.c:471
#4  lsusb_t () at lsusb-t.c:701
#5  0x0000000000401c7d in treedump () at lsusb.c:3925
#6  0x000000000040a26c in main (argc=2, argv=0x7fff461f5128) at lsusb.c:4052

This is usbutils-002 on openSUSE 11.3, vanilla kernel 2.6.39, x86_64.

Same problem exists with usbutils-0.84 on that machine.

Any hints would be appreciated. I'd send lsusb output, but it is empty for the case where the bug is triggered.
Well, if the device can't be accessed, as you disabled it through the
authorised=0 setting, lsusb shouldn't really be able to do much with it.

"lsusb" (without -v) should be able to list it with vendor:device ID and bus location. That info is available from sysfs even for devices with authorized=0. To test that, I just wrote a shell script which provides the same output as lsusb, and it works fine regardless of the authorized=[01] status of any device.



But it shouldn't crash.  I'll look at that next week when I get a
chance, thanks for the bug report.

Found the crasher bug. Patch follows (whitespace-damaged, I can resend once I have access to a proper mailer again).


If read_sysfs_file_string() encounters a zero-length file, it will write '\0' at index -1 of the provided buffer. Handle zero-length files gracefully by falling through to the error handler which does the right thing (tm).

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@xxxxxxx>

diff --git a/lsusb-t.c b/lsusb-t.c
index 8bcdbf1..5438704 100644
--- a/lsusb-t.c
+++ b/lsusb-t.c
@@ -235,7 +235,7 @@ static void read_sysfs_file_string(const char *d_name, const char *file, char *b
 		goto error;
 	r = read(fd, buf, len);
 	close(fd);
-	if (r>= 0&&  r<  len) {
+	if (r>  0&&  r<  len) {
 		buf[r] = '\0';
 		r--;
 		while (buf[r] == '\n') {


--
http://www.hailfinger.org/

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux