Here is an example that causes the crash, it is obviously longer that 512 ascii:
[child0:1607] [31] utimensat(dfd=^[[1;36m497
, filename=^[[1;36m".//proc/4/task/4/cpusetd%s%d%d%d%d%s%s%s%d%d%s%d%d%d%d%s%s%d
%s%s%d%s%d%s%s%d%d%s%d%d%d%d%s%d%d%s%s%s%d%s%d%d%s%d%d%s%d%s%d%s%d%d%d%s%s%s%s%s
%d%s%s%d%s%d%d%d%d%d%s%d%s%s%d%s%d%d%d%d%d%d%s%d%d%s%s%s%d%d%d%d%d%d%s%s%d%s%s%d
%s%s%s%s%d%s%d%d%d%d%d%d%s%s%d%s%d%d%s%d%d%s%s%d%s%d%d%d%s%s%d%s%d%s%d%s%s%d%s%s
%d%d%s%s%s%s%s%d%s%d%d%d%s%s%d%s%s%d%s%s%d%s%d%d%s%d%s%d%d%s%s%d%s%d%d%d%s%s%d%s
%s%s%s%d%d%s%s%d%d%d%s%d%d%s%d%s%s%d%s%s%s%d%s%d%d%s%d%s%d%s%d%s%d%s%d%d%s%s%d%s
%d%s%s%d%d%s%s%s%s%d%d%d%d%d%d%d%s%s%s%d%d%d%s%d%s%s%d%d%s%s%s%s%d%d%s%s%d%d%d%s
%d%s%d%d%s%d%d%d%s%s%d%s%s%d%s%s%s%d%s%d%s%s%s%s%s%d%d%s%d%s%s%d%d%s%d%s%s%d%s%s
%d%d%d%s%d%d%d%s%d%d%d%s%s%s%d%d%d%s%d%d%d%s%s%d%d%s%s%s%d%d%d%d%d%s%s%d%s%d%d%s
%d%d%d%s%s%d%s%s%s%s%d%s%d%s%s%d%d%d%d%d%s%d%d%s%s%d%d%d%d%d%s%d%d%s%s%s%d%d%s%s
%d%s%s%d%d%d%s%d%s%s%s%d%s%s%s%s%s%s%s%s%s%s%s%s%d%d%s%d%s%d%d%s%s%s%s%s%s%d%s%d
%s%d%d%s%d%d%d%s%s%s%s%s%d%d%d%s%s%s%s%d%s%s%s%d%d%d%s%d%s%s%d%d%s%s%s%s%s%s%s%d
%s%d%s%s%d%d%d%s%s%d%s%s%s%d%s%d%s%
[child1:1608] [0] setreuid(ruid=0x400000000000000,
euid=0xffffffffffffffff) [child1:1608] = -1 (Operation not permitted)
On Fri, Oct 4, 2013 at 8:29 AM, Dave Jones <davej@xxxxxxxxxx> wrote:
> On Thu, Oct 03, 2013 at 06:53:08PM -0700, Ildar Muslukhov wrote:
> > Hi,
> >
> > I've been looking through the strange behavior today, where I am
> > getting lots of "stack smashing detected" and found that the most
> > probable place is the mkcall function. Here is the call stack:
> > [0x440545] (stack check related calls)
> > [0x44050e] (stack check related calls)
> > [0x408db4]<-stack canary check
> > [0x412709]<-call mkcall
> > [0x402228]
> > [0x405586]
> > [0x40185a]
> > [0x412b44]
> > [0x401db1]<-main()
> >
> > After looking into the code in mkcall:
> > >long mkcall(int childno)
> > >{
> > > unsigned long olda1, olda2, olda3, olda4, olda5, olda6;
> > > unsigned int call = shm->syscallno[childno];
> > > unsigned long ret = 0;
> > > int errno_saved;
> > > char string[512], *sptr;
> > ...
> > I suspect that string[512] is the issue. The simple tests confirms
> > that assumption (I've just commented out the block of color_arg
> > function calls that fill the buffer with parameter values).
>
> If that's getting overrun, I'm really curious what the string is,
> because that should only be holding a single line of text.
> Even with all the ansi codes it should be plenty.
>
> Dave
>
--
To unsubscribe from this list: send the line "unsubscribe trinity" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
