TP_NUM_C_BUFS too small

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Nov 3 13:02:00 GMT 2015 

On Nov  3 00:07, Helmut Karlowski wrote:
> Am 02.11.2015, 12:15 Uhr, schrieb Corinna Vinschen:
> 
> >>Glad it's fixed!  For the record, could you say what sort of bug would
> >>cause
> >>a fatal internal error like that?
> >>Just curious,
> >
> >Me too.  Sounds like some kind of recursion.
> 
> It all happened after I had replaced all strcpy/strcat by strlcpy like this:
> 
> strcpy(t,s) -> pos = strlcpy(t,s,size)
> strcat(t,s) -> pos += strlcpy(t+pos,s,size-pos)
> 
> At some point the pos-parameter was wrong and the resulting string became
> something undesired. And that string probably was passed to fopen, maybe pos
> became very large way beyond the boundaries of the string which is from the
> stack.
> 
> It's hard to reproduce what happened in a simple case, and I was in some
> hurry then, but I saved the strace-output:
> [...]
> fhandler_base::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x108000)
>    41 4266380 [main] ue 460 fhandler_base::open_fs: 1 =
> fhandler_disk_file::open(\??\C:\cygwin\usr\src\ue314\bin\u, 0x8000)
>    34 4266414 [main] ue 460 open: 3 = open(u, 0x8000)
>   186 4266600 [main] ue 460 _cygwin_istext_for_stdio: fd 3: opened as binary
>   232 4266832 [main] ue 460 close: close(3)
>    32 4266864 [main] ue 460 fhandler_base::close: closing
> '/usr/src/ue314/bin/u' handle 0x170
>    49 4266913 [main] ue 460 close: 0 = close(3)
>   460 4267373 [main] 20 460 open: open(u, 0x0)
                       ^^
                       !!

> This loops some 100 times, then:
> [...]
> 
> Note the process-name gets overwritten by a number of increasing length, the
> last being 254 bytes long before the process exits.

Yuk.

> Don't know if that's of any use. It crashed not only on cygwin.
> 
> BTW: Is there a documentation about the columns of the strace-output
> somewhere?

Uhm, I don't think so.  From left to right:

- usecs since last trace output

- usecs since process start

- [name of thread] (this only makes sense for the named threads,
  mainly the "main" thread, the "sig" thread, and a few short-lived
  helper threads in the DLL.  Pthreads don't have a name, they are called
  "unknown ($thread_id)"

- process name

- pid

- function/method name:

- last but not least the actual output string.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151103/c5aad2f8/attachment.sig>

More information about the Cygwin mailing list