Bug 32299

Summary:	nm coredumps on sendmail in -current
Product:	Base System	Reporter:	Robert Watson <rwatson>
Component:	bin	Assignee:	Peter Wemm <peter>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	5.0-CURRENT
Hardware:	Any
OS:	Any

Description Robert Watson freebsd_committer

2001-11-26 19:10:01 UTC

sproing:/tmp/tmp> nm `which sendmail`
Segmentation fault (core dumped)
sproing:/tmp/tmp> gdb `which nm` nm.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
Core was generated by `nm'.
Program terminated with signal 11, Segmentation fault.
#0  0x8057c9c in ?? ()
(gdb) where
#0  0x8057c9c in ?? ()
#1  0x8066e87 in ?? ()
#2  0x804d9b8 in ?? ()
#3  0x8049fb0 in ?? ()
#4  0x8049936 in ?? ()
#5  0x804973d in ?? ()
#6  0x80492cd in ?? ()

Unfortunately, no symbols in my nm, but I can reproduce it on several machines.

How-To-Repeat: 
nm `which sendmail`

Comment 1 Mark Peek 2001-11-26 22:39:57 UTC

This probably started occurring around the time of this commit to 
lib/libc/stdlib/malloc.c:

----------------------------
revision 1.60
date: 2001/11/02 11:32:28;  author: phk;  state: Exp;  lines: +14 -4
phkmalloc->evilchecks++;

If zero bytes are allocated, return pointer to the middle of page-zero
(which is protected) so that the program will crash if it dereferences
this illgotten pointer.

Inspired & Urged by:    Theo de Raadt <deraadt@cvs.openbsd.org>
----------------------------

Try this patch to fix nm:

Index: contrib/binutils/bfd/syms.c
===================================================================
RCS file: /cvs/freebsd/src/contrib/binutils/bfd/syms.c,v
retrieving revision 1.1.1.5
diff -u -u -r1.1.1.5 syms.c
--- contrib/binutils/bfd/syms.c	2001/06/26 16:56:40	1.1.1.5
+++ contrib/binutils/bfd/syms.c	2001/11/26 22:34:50
@@ -715,6 +715,8 @@
      storage = bfd_get_symtab_upper_bound (abfd);
    if (storage < 0)
      goto error_return;
+  if (storage == 0)
+    return 0;

    syms = (asymbol **) bfd_malloc ((size_t) storage);
    if (syms == NULL)

Comment 2 ru freebsd_committer

2001-12-20 09:17:36 UTC

Responsible Changed
From-To: freebsd-bugs->peter

So Peter knows "of the origins of this patch".

Comment 3 Maxim Konovalov freebsd_committer

2002-10-28 16:24:45 UTC

State Changed
From-To: open->closed

Fixed in rev. 1.1.1.6 and rev. 1.1.1.2.6.3 src/contrib/binutils/bfd/syms.c 
in -CURRENT and -STABLE.