X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=EJkWFWoj6YxCrB+4K50SA9QUQCnzey9bLDnGP2YL6ZF7lNLdZs+aa
	2r1rZ1yGOt+RuXEmu/Xn9IYQSyABPuExZ5v6DMXK7REeFVQi3GScvsGCLyle3jSP
	r3VKywQ3h6rjyAFZnd6mUy2B/LFwKppR6nHn2Pm+F5qm/TppM+X9BA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=Ez+TWWNnGulj+y1gaobJiR6F7ME=; b=nCL82eXGiXdU9V5Ng+hylUvPAQoS
	4VjuOZF//fz0HJsHBlZ2WrVZThOA2jpFeSOv976HC3KHDdOkLMrYmMvbAU4VhTSY
	EJc811ZyhtQP5k5A9upj9gfycQp3kt0YGX8pehAimavQRjct/rMYrt+ImSZhf0oT
	b9GX7BlI5h+Pdx8=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Tue, 3 Nov 2015 14:01:54 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: TP_NUM_C_BUFS too small
Message-ID: <20151103130154.GD18567@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <op DOT x7fnnjtmofd6j1 AT frascati DOT upc DOT de> <op DOT x7fspszwofd6j1 AT frascati DOT upc DOT de> <loom DOT 20151102T032737-854 AT post DOT gmane DOT org> <20151102111532 DOT GA5319 AT calimero DOT vinschen DOT de> <op DOT x7hw6yifofd6j1 AT frascati DOT upc DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="NtwzykIc2mflq5ck"
Content-Disposition: inline
In-Reply-To: <op.x7hw6yifofd6j1@frascati.upc.de>
User-Agent: Mutt/1.5.23 (2014-03-12)

--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov  3 00:07, Helmut Karlowski wrote:
> Am 02.11.2015, 12:15 Uhr, schrieb Corinna Vinschen:
>=20
> >>Glad it's fixed!  For the record, could you say what sort of bug would
> >>cause
> >>a fatal internal error like that?
> >>Just curious,
> >
> >Me too.  Sounds like some kind of recursion.
>=20
> It all happened after I had replaced all strcpy/strcat by strlcpy like th=
is:
>=20
> strcpy(t,s) -> pos =3D strlcpy(t,s,size)
> strcat(t,s) -> pos +=3D strlcpy(t+pos,s,size-pos)
>=20
> At some point the pos-parameter was wrong and the resulting string became
> something undesired. And that string probably was passed to fopen, maybe =
pos
> became very large way beyond the boundaries of the string which is from t=
he
> stack.
>=20
> It's hard to reproduce what happened in a simple case, and I was in some
> hurry then, but I saved the strace-output:
> [...]
> fhandler_base::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x108000)
>    41 4266380 [main] ue 460 fhandler_base::open_fs: 1 =3D
> fhandler_disk_file::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x8000)
>    34 4266414 [main] ue 460 open: 3 =3D open(u, 0x8000)
>   186 4266600 [main] ue 460 _cygwin_istext_for_stdio: fd 3: opened as bin=
ary
>   232 4266832 [main] ue 460 close: close(3)
>    32 4266864 [main] ue 460 fhandler_base::close: closing
> '/usr/src/ue314/bin/u' handle 0x170
>    49 4266913 [main] ue 460 close: 0 =3D close(3)
>   460 4267373 [main] 20 460 open: open(u, 0x0)
                       ^^
                       !!

> This loops some 100 times, then:
> [...]
>=20
> Note the process-name gets overwritten by a number of increasing length, =
the
> last being 254 bytes long before the process exits.

Yuk.

> Don't know if that's of any use. It crashed not only on cygwin.
>=20
> BTW: Is there a documentation about the columns of the strace-output
> somewhere?

Uhm, I don't think so.  From left to right:

- usecs since last trace output

- usecs since process start

- [name of thread] (this only makes sense for the named threads,
  mainly the "main" thread, the "sig" thread, and a few short-lived
  helper threads in the DLL.  Pthreads don't have a name, they are called
  "unknown ($thread_id)"

- process name

- pid

- function/method name:

- last but not least the actual output string.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--NtwzykIc2mflq5ck
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWOLBCAAoJEPU2Bp2uRE+gcckP/RM8mKFUTyb7t1VfBR/6Yn4X
6eVWvlk3Q9ufcSXPfGj8A9dvDHw25gZVq2wPmqGucCEAYuJBtxne48fcmQ+v9bAY
cp4R5ZnJ3RFJj17VOrnG9qJFTOtvV/2i/OO+rjRVFW/+z5eFDckviINsmbcWJXPX
GuUSC/SYivKsoO/uNUwbZi2aA8+AisXHiXI9N81oWoV6qckmduqVuHvm5NiV4sQ8
MSXRk9qjk3Z1B3UTt4904mq5WvVEELxNJtwfQci1b7Un3sCz9m0IYP/dHLh3z36N
2iE8CCeBneUuQZGDEF4nT7kf/mVaU2za8sH7CDK7uPZkOpRkYZ6ZlW6iVoRzxiAi
qa3TCNFwaMm+0Mej5bDcZDi6UmsG5mLtiVrcdCzuzw+bGmbwHjUxUjdyXfQaNEzk
8orWxwrOcYcnMn+h1cOG5aJk9rGrSOjFwy7hIxpagYtOtOYTiGxekeSGgu7bwT/9
JPGAOMy+2Pd4oAGo3yidQO1YxuTU9B0kefedjej1RylTYvTNZHaw6sIWttYUuZS5
ZTaelI5D1OQWFbRgxUObFiN9KAkr+fzOBlTAq5AaGAzAI5QQQPVG/WB0RRWs631t
FBjccEzQp6dn2VgwqLy8AscUOjb9jt/9NUvMnbqLg0ZCbteToe3VobXguFpMldM0
crEhZ7SAqfaps47LSnWE
=0+D/
-----END PGP SIGNATURE-----

--NtwzykIc2mflq5ck--