Segfault in libthr.so on 9.0-BETA2 (with stunnel FWIW)

Jilles Tjoelker jilles at stack.nl
Sun Sep 18 11:56:52 UTC 2011


On Wed, Sep 14, 2011 at 11:04:56PM +0300, Kostik Belousov wrote:
> tzload() allocates ~80KB for the local variables. The backtrace you provided
> shows the nested call to tzload(), so there is total 160KB of the stack
> space consumed.

> By default, stack for the amd64 thread is 4MB, that should be plenty. This
> is not the case for ezm3. Possibly, stunnel also reduces the size of the
> thread stack.

> Please, try the patch below. I did not tested it, only compiled. I see
> that now tzload allocates only ~300 bytes on the stack.

80KB seems quite a lot indeed, good to bring it down.

> diff --git a/contrib/tzcode/stdtime/localtime.c b/contrib/tzcode/stdtime/localtime.c
> index 80b70ac..55d55e0 100644
> --- a/contrib/tzcode/stdtime/localtime.c
> +++ b/contrib/tzcode/stdtime/localtime.c
[snip]
> @@ -406,16 +409,24 @@ register const int	doextend;
>  		** to hold the longest file name string that the implementation
>  		** guarantees can be opened."
>  		*/
> -		char		fullname[FILENAME_MAX + 1];
> +		char		*fullname;
> +
> +		fullname = malloc(FILENAME_MAX + 1);
> +		if (fullname == NULL)
> +			goto out;
>  
>  		if (name[0] == ':')
>  			++name;
>  		doaccess = name[0] == '/';
>  		if (!doaccess) {
> -			if ((p = TZDIR) == NULL)
> +			if ((p = TZDIR) == NULL) {
> +				free(fullname);
>  				return -1;
> -			if ((strlen(p) + 1 + strlen(name) + 1) >= sizeof fullname)
> +			}
> +			if ((strlen(p) + 1 + strlen(name) + 1) >= sizeof fullname) {

This sizeof is now the sizeof of a pointer. The comparison should be
against FILENAME_MAX + 1 instead.

Alternatively, the name could be created using asprintf().

-- 
Jilles Tjoelker


More information about the freebsd-current mailing list