[Aboriginal] Merry christmas, I have found two bugs

Bjørn Forsman bjorn.forsman at gmail.com
Wed Dec 26 15:44:19 PST 2012 

On 27 December 2012 00:02, Bjørn Forsman <bjorn.forsman at gmail.com> wrote:
> On 26 December 2012 23:23, Bjørn Forsman <bjorn.forsman at gmail.com> wrote:
> [...]
>> Now when I get toybox rebuilt with debug symbols I can figure out
>> (from the core file) where the bug is.
>
> I built toybox in a ./dev-environment.sh and caused a coredump with
> "./toybox_unstripped ls". Then I exited and mounted hda.sqf to
> mnt_rootfs/ and hdb.img to mnt_home/. This my backtrace:
>
> bfo at knopfler ~/aboriginal/build/system-image-armv5l $ sudo $(which
> arm-none-linux-gnueabi-gdb) mnt_home/toybox-0.4.2/toybox_unstripped
> mnt_home/toybox-0.4.2/core
> GNU gdb (Sourcery CodeBench Lite 2012.03-57) 7.2.50.20100908-cvs
> Copyright (C) 2010 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "--host=i686-pc-linux-gnu
> --target=arm-none-linux-gnueabi".
> For bug reporting instructions, please see:
> <https://support.codesourcery.com/GNUToolchain/>...
> Reading symbols from
> /home/bfo/aboriginal/build/system-image-armv5l/mnt_home/toybox-0.4.2/toybox_unstripped...done.
>
> warning: core file may not match specified executable file.
> [New LWP 1886]
>
> warning: Could not load shared library symbols for 6 libraries, e.g.
> /lib/libutil.so.0.
> Use the "info sharedlibrary" command to see the complete listing.
> Do you need "set solib-search-path" or "set sysroot"?
>
> warning: Unable to find dynamic linker.
> GDB will be unable to debug shared library initializers
> and track explicitly loaded dynamic code.
> Core was generated by `./toybox_unstripped ls'.
> Program terminated with signal 8, Arithmetic exception.
> #0  0xb6edbd34 in ?? ()
> (gdb) set sysroot mnt_rootfs/
> Reading symbols from mnt_rootfs/lib/libutil.so.0...(no debugging
> symbols found)...done.
> Loaded symbols for mnt_rootfs/lib/libutil.so.0
> Reading symbols from mnt_rootfs/lib/libcrypt.so.0...(no debugging
> symbols found)...done.
> Loaded symbols for mnt_rootfs/lib/libcrypt.so.0
> Reading symbols from mnt_rootfs/lib/libm.so.0...(no debugging symbols
> found)...done.
> Loaded symbols for mnt_rootfs/lib/libm.so.0
> Reading symbols from mnt_rootfs/lib/libgcc_s.so.1...(no debugging
> symbols found)...done.
> Loaded symbols for mnt_rootfs/lib/libgcc_s.so.1
> Reading symbols from mnt_rootfs/lib/libc.so.0...(no debugging symbols
> found)...done.
> Loaded symbols for mnt_rootfs/lib/libc.so.0
> Reading symbols from mnt_rootfs/lib/ld-uClibc.so.0...(no debugging
> symbols found)...done.
> Loaded symbols for mnt_rootfs/lib/ld-uClibc.so.0
> (gdb) bt
> #0  0xb6edbd34 in raise () from mnt_rootfs/lib/libc.so.0
> #1  0x00028d84 in __div0 () at
> /home/bfo/aboriginal/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm:1000
> #2  0x000280c8 in __udivsi3 () at
> /home/bfo/aboriginal/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm:754
> #3  0x0001a1d0 in next_column (ul=0, dtlen=16, columns=0,
> xpos=0xbee639d0) at toys/posix/ls.c:186
> #4  0x0001a8b8 in listfiles (dirfd=3, indir=0x6b5580) at toys/posix/ls.c:308
> #5  0x0001a420 in listfiles (dirfd=-100, indir=0x6b54f8) at toys/posix/ls.c:228
> #6  0x0001b3a0 in ls_main () at toys/posix/ls.c:455
> #7  0x0000b224 in toy_exec (argv=0xbee63e48) at main.c:104
> #8  0x0000b2b0 in toybox_main () at main.c:119
> #9  0x0000b224 in toy_exec (argv=0xbee63e44) at main.c:104
> #10 0x0000b2b0 in toybox_main () at main.c:119
> #11 0x0000b4a4 in main (argc=2, argv=0xbee63e44) at main.c:161
> (gdb)
>
> Let me know if you see something in there. I'll probably take a deeper
> look at this tomorrow.

...I couldn't wait.

(gdb) up
#3  0x0001a1d0 in next_column (ul=0, dtlen=16, columns=0,
xpos=0xbee639d0) at toys/posix/ls.c:186
186	  height = (dtlen+columns-1)/columns;

So this is where the SIGFPE/division-by-zero error comes from: columns=0.

And columns=0 comes from listfiles():

(gdb) up
#4  0x0001a8b8 in listfiles (dirfd=3, indir=0x6b5580) at toys/posix/ls.c:308
308	    unsigned long next = next_column(ul, dtlen, columns, &curcol);

And columns gets its zero value from this line, inside listfiles():

    if (columns > TT.screen_width/2) columns = TT.screen_width/2;

On my system (and yours too, apparently), TT.screen_width is zero! (Why?)

I'm not sure what is the proper fix for this, as I'm not familiar with
this code. Should next_column() simply ensure that columns>=1 or
something? Or shouldn't that zero be passed on in the first place? In
general, I don't like the idea of functions blowing up because they
receive something "unexpected".

Well, now I really must go to bed. More hacking tomorrow.

Best regards,
Bjørn Forsman

 1356565459.0

More information about the Aboriginal mailing list