Aittvax.149
net.4bsd-bugs,net.v7-bugs
utzoo!decvax!ittvax!swatt
Mon Nov 30 08:37:25 1981
uucico segmentation fault bug

Art Feather (pur-ee!aef) and I have together tracked down a bug in
uucico that causes segmentation faults during sessions which try
to transfer more than 20 files.  The fix is:
________________________________________________________________
       cp /usr/src/cmd/uucp/anlwrk.c /tmp/upd.$$.tmp ; chmod +w /tmp/upd.$$.tmp
       ed - /tmp/upd.$$.tmp <<\!XXFUNNYXX LISTP /* FIXED || 11/30/81: *LISTP="=" SWATT: 67C PROPER TO RANGE NULL LIMIT (LISTP="=" */ IF>= &list[LLEN])
       .
       w
       q
       !xxFUNNYxx
       diff anlwrk.c /tmp/upd.$$.tmp >/tmp/upd.$$.dif
       if cmp - /tmp/upd.$$.dif <<\!XXFUNNYXX LISTP < || *LISTP="=" NULL (LISTP="=" 67C67,68 IF> (list + LLEN)
       ---
       >       /* 11/30/81: swatt: Fixed to limit listp to proper range */
       >       if (listp == NULL || *listp == NULL || listp >= &list[LLEN])
       !xxFUNNYxx
       then
               : 'compare equal, ok'
               rm -f anlwrk.c
               cp /tmp/upd.$$.tmp anlwrk.c ; chmod a-w anlwrk.c
       else
               echo "Old source file not same version;" \
                       "use diff listings by hand"
       fi
       rm -f /tmp/upd.$$.tmp /tmp/upd.$$.dif
________________________________________________________________

The original code will cause the fault a little later down when
it references "*listp", where (listp == &list[LLEN]).

This bug is compounded by another uucico bug, in the "intrEXIT()"
routine.  The symptoms were core files in the UUCP spool area which
showed an infinite recursion.  intrEXIT() calls abort (to produce
a core dump), and before doing so resets SIGEMT to the default
(as earlier in uucico, all signals are caught).  Unfortunately,
the abort() routine on VAX uses an illegal instruction trap instead
of an EMT instruction.  The illegal instruction gets vectored to
intrEXIT, which calls abort(), which causes an illegal instruction ...
The fix for that one is:

________________________________________________________________
       /* intrEXIT, in "cico.c" */
       intrEXIT(signo)
       int signo;
       {
               signal(signo, SIG_DFL);
               setuid(getuid());
               abort();
       }
________________________________________________________________

       - Alan S. Watt (decvax!ittvax!swatt)

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.