Debian bug report logs - #1078 Nasty bug in killall5 Package: sysvinit ; Reported by: Swen Thuemmler ; 116 days old . ----------------------------------------------------------------------- Message received at debian-bugs: From uni-paderborn.de!swen Fri Jul 7 02:57:06 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0sUA9i-0005nTC; Fri, 7 Jul 95 02:57 PDT Received: from uni-paderborn.de by pixar.com with SMTP id AA04619 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 7 Jul 1995 02:55:03 -0700 Received: from linux.uni-paderborn.de (linux.uni-paderborn.de [131.234.12.32]) by uni-paderborn.de (8.6.12/8.6.12) with ESMTP id LAA04074 for ; Fri, 7 Jul 1995 11:55:33 +0200 Received: (swen@localhost) by linux.uni-paderborn.de (8.6.12/client-pb) id LAA00328; Fri, 7 Jul 1995 11:55:31 +0200 Date: Fri, 7 Jul 1995 11:55:30 +0200 (MET DST) From: Swen Thuemmler To: debian-bugs@pixar.com Subject: Nasty bug in killall5 Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Package: sysvinit Version: 2.56-5 There is a bug in killall5, which sometimes prevents rebooting. The bug is particularly nasty since it leads to a segfault, when all processes are stopped, so there is no chance to start them again. The patch below fixes the segfault (a typical of-by-one error), but IMHO additionally there should be a signal handler which sends a SIGCONT to all the processes in case of a failure. It may be that the bug only manifests itself on ELF systems with libc-5.2.1 and above - perhaps malloc has changed to return smaller chunks of memory, I got the bug with a 16 character string which looks alot like a "natural" chunk size. Btw, the segfault occurs in strcpy, the last line in the patch below. Greetings, Swen --- killall5.c.orig Fri Jul 7 11:38:09 1995 +++ killall5.c Fri Jul 7 10:59:26 1995 @@ -191,11 +191,10 @@ if ((fp = fopen(path, "r")) != NULL) { f = 0; while(f < 127 && (c = fgetc(fp)) != EOF && c) buf[f++] = c; - buf[f] = 0; + buf[f++] = 0; fclose(fp); /* Store the name into malloced memory. */ - if (f == 0) f++; p->fullname = (char *)xmalloc(f); strcpy(p->fullname, buf); ----------------------------------------------------------------------- Acknowledgement sent to Swen Thuemmler : New bug report received and forwarded. Full text available. ----------------------------------------------------------------------- Report forwarded to debian-devel@pixar.com : Bug#1078 ; Package sysvinit . Full text available. ----------------------------------------------------------------------- Ian Jackson / iwj10@thor.cam.ac.uk , with the debian-bugs tracking mechanism This page last modified 07:43:01 GMT Wed 01 Nov