Debian bug report logs - #1078
Nasty bug in killall5
Package: sysvinit; Reported by: Swen Thuemmler <swen@uni-paderborn.de>; 116 days old.
Message received at debian-bugs:
From uni-paderborn.de!swen Fri Jul 7 02:57:06 1995
Return-Path: <swen@uni-paderborn.de>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0sUA9i-0005nTC; Fri, 7 Jul 95 02:57 PDT
Received: from uni-paderborn.de by pixar.com with SMTP id AA04619
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 7 Jul 1995 02:55:03 -0700
Received: from linux.uni-paderborn.de (linux.uni-paderborn.de [131.234.12.32]) by uni-paderborn.de (8.6.12/8.6.12) with ESMTP id LAA04074 for <debian-bugs@pixar.com>; Fri, 7 Jul 1995 11:55:33 +0200
Received: (swen@localhost) by linux.uni-paderborn.de (8.6.12/client-pb) id LAA00328; Fri, 7 Jul 1995 11:55:31 +0200
Date: Fri, 7 Jul 1995 11:55:30 +0200 (MET DST)
From: Swen Thuemmler <swen@uni-paderborn.de>
To: debian-bugs@pixar.com
Subject: Nasty bug in killall5
Message-Id: <Pine.LNX.3.91.950707114453.312A-100000@linux.uni-paderborn.de>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Package: sysvinit
Version: 2.56-5
There is a bug in killall5, which sometimes prevents rebooting. The bug is
particularly nasty since it leads to a segfault, when all processes are
stopped, so there is no chance to start them again. The patch below fixes
the segfault (a typical of-by-one error), but IMHO additionally there
should be a signal handler which sends a SIGCONT to all the processes in
case of a failure.
It may be that the bug only manifests itself on ELF systems with libc-5.2.1
and above - perhaps malloc has changed to return smaller chunks of memory, I
got the bug with a 16 character string which looks alot like a "natural"
chunk size. Btw, the segfault occurs in strcpy, the last line in the patch
below.
Greetings, Swen
--- killall5.c.orig Fri Jul 7 11:38:09 1995
+++ killall5.c Fri Jul 7 10:59:26 1995
@@ -191,11 +191,10 @@
if ((fp = fopen(path, "r")) != NULL) {
f = 0;
while(f < 127 && (c = fgetc(fp)) != EOF && c) buf[f++] = c;
- buf[f] = 0;
+ buf[f++] = 0;
fclose(fp);
/* Store the name into malloced memory. */
- if (f == 0) f++;
p->fullname = (char *)xmalloc(f);
strcpy(p->fullname, buf);
Acknowledgement sent to Swen Thuemmler <swen@uni-paderborn.de>:
New bug report received and forwarded.
Full text available.
Report forwarded to debian-devel@pixar.com:
Bug#1078; Package sysvinit.
Full text available.
Ian Jackson /
iwj10@thor.cam.ac.uk,
with the debian-bugs tracking mechanism