[distcc] distcc 2.14 bugs in lzo code(?)
Arkadiusz Miskiewicz
arekm at pld-linux.org
Fri Jun 11 01:14:08 GMT 2004
On Thursday 10 of June 2004 05:07, Martin Pool wrote:
> On 25 May 2004, Arkadiusz Miskiewicz <arekm at pld-linux.org> wrote:
> > (again, this time I've subscribed so no need to moderator to approve my
> > previous posting)
>
> Hi,
>
> I'm not sure I understand your bug report. At any rate I can't
> reproduce it.
>
> free(0) is a valid call. dmalloc should be at most giving a warning
> about it, not aborting.
It gives a warning.
Anyway I can reproduce it at other compilation:
#0 0x080546af in lzo1x_decompress_safe (in=0xb8006008 <Address 0xb8006008 out of bounds>, in_len=274493,
out=0xb7ef9000 "\177ELF\001\001\001", out_len=0xbff6bdf0, wrkmem=0x8059660) at lzo/minilzo.c:2594
2594 if (*ip > 17)
(gdb) bt
#0 0x080546af in lzo1x_decompress_safe (in=0xb8006008 <Address 0xb8006008 out of bounds>, in_len=274493,
out=0xb7ef9000 "\177ELF\001\001\001", out_len=0xbff6bdf0, wrkmem=0x8059660) at lzo/minilzo.c:2594
#1 0x0804e461 in dcc_r_bulk_lzo1x (out_fd=5, in_fd=4, in_len=274493) at src/compress.c:290
#2 0x08052914 in dcc_r_bulk (ofd=5, ifd=4, f_size=274493, compression=DCC_COMPRESS_LZO1X) at src/pump.c:158
#3 0x080515dd in dcc_r_file (ifd=4, filename=0xbffeec19 "motion_est.o", len=274493, compr=DCC_COMPRESS_LZO1X)
at src/bulk.c:272
#4 0x080516fa in dcc_r_file_timed (ifd=4, fname=0xbffeec19 "motion_est.o", size=274493, compr=DCC_COMPRESS_LZO1X)
at src/bulk.c:305
#5 0x0804a2f0 in dcc_retrieve_results (net_fd=4, status=0xbff6c054, output_fname=0xbffeec19 "motion_est.o",
host=0x8666248) at src/clirpc.c:245
#6 0x0804b9af in dcc_compile_remote (argv=0x86664f0, input_fname=0xbffeec26 "motion_est.c",
cpp_fname=0x86664c0 "/home/users/misiek/tmp/distcc_3e55047b.i", output_fname=0xbffeec19 "motion_est.o",
cpp_pid=13032, host=0x8666248, status=0xbff6c054) at src/remote.c:171
#7 0x0804a4fa in dcc_build_somewhere (argv=0x8666098, sg_level=0, status=0xbff6c054) at src/compile.c:157
#8 0x0804a65c in dcc_build_somewhere_timed (argv=0x8666020, sg_level=0, status=0xbff6c054) at src/compile.c:208
#9 0x0804aa90 in main (argc=27, argv=0xbff6c0e4) at src/distcc.c:217
(gdb) frame 0
#0 0x080546af in lzo1x_decompress_safe (in=0xb8006008 <Address 0xb8006008 out of bounds>, in_len=274493,
out=0xb7ef9000 "\177ELF\001\001\001", out_len=0xbff6bdf0, wrkmem=0x8059660) at lzo/minilzo.c:2594
2594 if (*ip > 17)
(gdb) l
2589 *out_len = 0;
2590
2591 op = out;
2592 ip = in;
2593
2594 if (*ip > 17)
2595 {
2596 t = *ip++ - 17;
2597 if (t < 4)
2598 goto match_next;
(gdb) print in
$1 = (const unsigned char *) 0xb8006008 <Address 0xb8006008 out of bounds>
(gdb) print ip
$2 = (const unsigned char *) 0xb8006008 <Address 0xb8006008 out of bounds>
(gdb) print out
$3 = (unsigned char *) 0xb7ef9000 "\177ELF\001\001\001"
(gdb) print out_len
$4 = (lzo_uint *) 0xbff6bdf0
(gdb) print *out_len
$5 = 0
(gdb) print t
$6 = 7
(gdb) frame 1
#1 0x0804e461 in dcc_r_bulk_lzo1x (out_fd=5, in_fd=4, in_len=274493) at src/compress.c:290
290 lzo_ret = lzo1x_decompress_safe((lzo_byte*)in_buf, in_len,
(gdb) l
285 goto out;
286 }
287 }
288
289 out_len = out_size;
290 lzo_ret = lzo1x_decompress_safe((lzo_byte*)in_buf, in_len,
291 (lzo_byte*)out_buf, &out_len, work_mem);
292
293 if (lzo_ret == LZO_E_OK) {
294 rs_trace("decompressed %ld bytes to %ld bytes: %d%%",
(gdb) print in_buf
$9 = 0xb8006008 <Address 0xb8006008 out of bounds>
(gdb) print in_len
$10 = 274493
(gdb) print out_size
$11 = 1097972
--
Arkadiusz Miśkiewicz CS at FoE, Wroclaw University of Technology
arekm.pld-linux.org, 1024/3DB19BBD, JID: arekm.jabber.org, PLD/Linux
More information about the distcc
mailing list