X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=Ztl9XnznCt9DP7oS3IPHAPfU7qsBQfU78KSSw6w3iiPtvvp95o9aw
	nYz9fBjDOnZqCHo2MEZumP7rrEvjUdKTaDhdlqhSvu+L48ogkEYgvxVV+xP1X6Pt
	CC3rsXs32x0JHaVoMW3+OjaFEiq0lIClNON8SY3kho0uEfftc+IdUk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=iFbh51O1Qyu0iaPZEXOKAPAnDhA=; b=JGrFL/fnz9xwjp3DxktJWT/1W0Gc
	Z3hjxCF58GvOD6QdvI4LCCB04vBU/kchJHPMCXfmpG+GzyNwYIb9V4uHOGs+/I+Q
	DsWQGO8/FDtIDkpanfZMocf5GA242Sn+k7scv7WBc2ZfT/8viLKlqN42l0wwq+7s
	JVGNySypcAPR2Yc=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Tue, 18 Feb 2014 10:16:55 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Patch for run-1.3.0-1 core dump
Message-ID: <20140218091655.GD2246@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAOJ7xCsuuhNmtz_ybGJoEeUAdWhJ1Y3+9d5mBtATH-F=VpkYGg AT mail DOT gmail DOT com> <5208EF91 DOT 7070504 AT cwilson DOT fastmail DOT fm> <53024604 DOT 3080904 AT dronecode DOT org DOT uk> <20140218090524 DOT GC2246 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="A7Y7Q+zxDFVJwB6H"
Content-Disposition: inline
In-Reply-To: <20140218090524.GC2246@calimero.vinschen.de>
User-Agent: Mutt/1.5.21 (2010-09-15)

--A7Y7Q+zxDFVJwB6H
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 18 10:05, Corinna Vinschen wrote:
> Hi Jon,
> Hi Chuck,
>=20
> On Feb 17 17:25, Jon TURNEY wrote:
> > On 12/08/2013 15:22, Charles Wilson wrote:
> > > On 8/10/2013 1:34 PM, foo wrote:
> > >> Whenever I execute run.exe, it generates run.exe.stackdump.
> > >>
> > >> At line 370 in run.c, run2_freeargv() tries to free newargv, and
> > >> run2_freeqrgv() expects that newargv is terminated by NULL. However,
> > >> in shifting newargv at line 253-256, it fails to shift NULL
> > >> terminator. Therefore, run2_freeargv() frees memory illegally.
> > >> The following patch is a workaround.
> > >>
> > >> --- run.c.old
> > >> +++ run.c.new
> > >> @@ -252,7 +252,7 @@
> > >>         newargv =3D run2_dupargv (argv);
> > >>         /* discard newargv[0] and shift up */
> > >>         free (newargv[0]);
> > >> -      for (newargc =3D 1; newargc < argc; newargc++)
> > >> +      for (newargc =3D 1; newargv[newargc-1] !=3D NULL; newargc++)
> > >>            newargv[newargc-1] =3D newargv[newargc];
> > >>         newargc =3D argc - 1;
> > >=20
> > > Thanks for the bug report and the patch. I'll investigate and update =
the
> > > package soon.
> >=20
> > Since I've been running with CYGWIN error_start always set at the momen=
t, I've
> > noticed that run is always crashing after launching the process.
> >=20
> > I went to all the trouble of investigating this, discovering that
> > run2_freeargv() is double-freeing the last element in newargv because t=
he NULL
> > terminator isn't moved when the arguments are shifted down over newargv=
[0],
> > and writing a patch, before I noticed that we already had one :-(
> >=20
> > --- origsrc/run-1.3.0/src/run.c 2013-07-24 16:26:39.000000000 +0100
> > +++ src/run-1.3.0/src/run.c     2014-02-17 17:08:49.125000000 +0000
> > @@ -254,6 +254,7 @@ realMain(int argc, char* argv[])
> >        free (newargv[0]);
> >        for (newargc =3D 1; newargc < argc; newargc++)
> >           newargv[newargc-1] =3D newargv[newargc];
> > +      newargv[argc-1] =3D 0;
> >        newargc =3D argc - 1;
> >=20
> >        /* update execname */
>=20
> There's still something wrong.  I build run with this patch locally,
> and it seems to fix the issue at first sight.  However, after the
> child process of run exits, run throws an exception in free(), and
> the stack looks broken (on 64 bit).  It seems there is a double free
> or a free of an entirely unrelated address.

Scratch that.  I managed to fat-finger a one-line patch.  Sorry.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--A7Y7Q+zxDFVJwB6H
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTAyUGAAoJEPU2Bp2uRE+gVxoP/1EjN4MXe70yFwSOuwmbtDoQ
WlR+BCArFG3AMB+39hw2KcC+F3LMMeFizB8Ck90re7H1npKp4WAIYtOVfVLQBq+k
+bH+eQl6fNb8bLkCureyI1Z8axULMpHImJugXMwpvS+/tCWi7k/annLE9kBx+2y0
9IAGjjPokBs4YAJDJOOTz7c4sKgm3u/gf6iN2TWubbcKIXIUTzV2g4Ct7RHz5lEN
SgbIuiuwNtAX7wto8FvEpJlSuvT602EoeZRUMqvD3GqBVmXoNkFgm+1PlhZyo4tC
7NJB+jxDyK0sgJPPkq8ZcJR2qEGR7AuZjU4qQIScH+7ulwtJ2/qqLen3YeItFMeA
h2mTvuqM54OtYrkiPaOiCE/6ejUy0KjUOQylfnSiC7otUJ+A6ngG7RWNAIepX0nG
tocszJCmMbTsPHVuqfQwqQ3LIp9vVAZwXf+r3kCAEbjt3MM5NYq2nRTziEOY1SJS
Cu+lZENaeCA7K3YVuPwTfyrK+lDkNFwY+nQc0Sk0q5uy1E3t5GT8JodGqeBybtS5
98xhMxa9qCiYRTFQFqAuwt+MPsvTk5Cq2nkqrawg8Ex9ni2+tnk0JO+GGjSUfcau
um9ZxmJQCIBo3l1oVaAVmyVnAP70zT7ssFvbLY0KUdAFtRuDeWSxY7pUFN0LBPHe
ZnWXfwq9SmHcxEk0T+16
=3nYn
-----END PGP SIGNATURE-----

--A7Y7Q+zxDFVJwB6H--