Bug 6428

Summary: util-linux libmount segfaults with patch from buildroot
Product: buildroot Reporter: Daniel Mentz <daniel>
Component: OtherAssignee: Gustavo Zacarias <gustavo>
Status: RESOLVED FIXED    
Severity: major CC: buildroot
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:
Attachments: Patch

Description Daniel Mentz 2013-08-11 20:38:23 UTC 
Created attachment 5012 [details]
Patch

The patch file package/util-linux/util-linux-001-sscanf-no-ms-as.patch introduces a bug in libmount that causes /bin/mount to segfault most of the time. As a result, the root filesystem does not get remounted read/write.
The reason it segfaults is that it passes a (char **) where sscanf expects a (char *).

You could also use a different patch from
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/util-linux/files/util-linux-2.21.1-no-printf-alloc.patch?revision=1.2
If you do so, be careful! It's against 2.21.1. 2.22 introduced the function mnt_parse_swaps_line() which also makes use of the %a modifier. You'd need to enhance the patch to fix mnt_parse_swaps_line() as well.
Comment 1 Gustavo Zacarias 2013-10-31 10:23:24 UTC 
This was solved by Ryan Barnett's bump to version 2.23 in commit 66c0d5d05c1a81a5b4b3d4d780af4229c9c79662
Thanks for the headsup anyway!
Comment 2 Daniel Mentz 2013-11-22 06:47:01 UTC 
There's still a bug in util-linux-001-sscanf-no-ms-as.patch. He got the last "#ifdef" wrong. It should be "#ifdef HAVE_SCANF_MS_MODIFIER" instead of "#ifndef HAVE_SCANF_MS_MODIFIER".

It crashes in mnt_parse_swaps_line() in tab_parse.c because it passes a pointer to src instead of src itself.

Activate a swap device with swapon and then run lsblk. It crashed for me like this:

Starting program: /bin/lsblk 

Program received signal SIGSEGV, Segmentation fault.
0xb6f47494 in strlen () from /lib/libc.so.0
(gdb) bt
#0  0xb6f47494 in strlen () from /lib/libc.so.0
#1  0xb6fa7b18 in unmangle_string (s=0x7665642f <Address 0x7665642f out of bounds>) at ./include/mangle.h:17
#2  0xb6fa879c in mnt_parse_swaps_line (s=0xbeffe4d0 "/dev/mmcblk0p3", ' ' <repeats 26 times>, "partition\t499996\t0\t-1", fs=0x21c80)
    at libmount/src/tab_parse.c:352
#3  mnt_table_parse_next (tb=tb@entry=0x21c00, f=f@entry=0x1c744 <ncolumns>, fs=fs@entry=0x21c80, 
    filename=0x646f6d2c <Address 0x646f6d2c out of bounds>, filename@entry=0xb6fbb2ab "/proc/swaps", nlines=0xbefff520, 
    nlines@entry=0xbefff518) at libmount/src/tab_parse.c:459
#4  0xb6fa8db4 in mnt_table_parse_stream (tb=tb@entry=0x21c00, f=0x1c744 <ncolumns>, f@entry=0x21c28, 
    filename=filename@entry=0xb6fbb2ab "/proc/swaps") at libmount/src/tab_parse.c:581
#5  0xb6fa922c in mnt_table_parse_file (tb=0x21c00, filename=0xb6fbb2ab "/proc/swaps") at libmount/src/tab_parse.c:636
#6  0x0000b5cc in is_active_swap (filename=0x1f410 "/dev/mmcblk0p1") at misc-utils/lsblk.c:350
#7  get_device_mountpoint (cxt=0xbefff6e0) at misc-utils/lsblk.c:382
#8  set_tt_data (ln=0x20508, id=<optimized out>, col=6, cxt=0xbefff6e0) at misc-utils/lsblk.c:739
#9  print_device (cxt=cxt@entry=0xbefff6e0, tt_parent=<optimized out>) at misc-utils/lsblk.c:963
#10 0x0000c420 in process_blkdev (cxt=0xbefff6e0, parent=0xbefff7f8, do_partitions=<optimized out>, part_name=0x0)
    at misc-utils/lsblk.c:1190
#11 0x0000c3e4 in list_partitions (part_name=0x0, parent_cxt=0x0, wholedisk_cxt=0xbefff7f8) at misc-utils/lsblk.c:1103
#12 process_blkdev (cxt=cxt@entry=0xbefff7f8, parent=0x0, do_partitions=do_partitions@entry=1, part_name=0x0) at misc-utils/lsblk.c:1188
#13 0x0000c74c in iterate_block_devices () at misc-utils/lsblk.c:1215
#14 0x0000a924 in main (argc=1, argv=0x0) at misc-utils/lsblk.c:1599
(gdb)
Comment 3 Gustavo Zacarias 2013-11-28 13:56:14 UTC 
Thanks for the report, it's a pleasure to get this level of detail.
Just sent a patch for inclusion, hopefully Peter will pick it up for the upcoming 2013.11 release.
Comment 4 Gustavo Zacarias 2013-11-28 16:52:21 UTC 
Solved in commit 62d15df19a0d181a266a88b46525d0d4959c8739 for the upcoming 2013.11 release.