RE: segv at strcmp

RE: segv at strcmp

[umut aymakoglu]

Hi -
  The gcc version is gcc-3.2-29 and the flags we pass
to gcc are : -O -ansi -fwritable-strings -fsigned-char
-D_GNU_SOURCE -D_REENTRANT

thanks,
Umut
--- "Luck, Tony" <tony.luck@intel.com> wrote:
> > We have hit a problem with strcmp() on UnitedLinux
> 1.0
> > with kernel: 2.4.19 and glibc: 2.2.5.
> > I am wondering if anybody has seen something like
> it
> > or knows if already there is a patch. I do not
> have a
> > small repro but i will try to explain:
> > 
> > The segv happens at memcmp() at a line like:
> > 'strcmp(x, "this is 24 chars long")' where x is a
> char
> > pointer with a length of 7 and the constant has a
> > length of 24. x is located at the first 8 bytes of
> the
> > last 16 bytes at the end of a non-contiguous
> shared
> > memory segment. memcmp() segvs when it tries to
> load 8
> > bytes from the "r19" register which initially has
> the
> > address of x and points to the end of the segment
> when
> > the segv happens.
> 
> Sounds like your compiler converted the strcmp(str,
> const_str)
> into memcmp(str, const_str, strlen(const_str)) ...
> and then
> the memcmp fell off the end of the page.
> 
> What version of gcc are you using, and what
> arguments are you
> passing to gcc?
> 
> -Tony


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

RE: segv at strcmp

[Luck, Tony]

> Hi -
>   The gcc version is gcc-3.2-29 and the flags we pass
> to gcc are : -O -ansi -fwritable-strings -fsigned-char
> -D_GNU_SOURCE -D_REENTRANT

I have gcc 3.2.3 ... but it appears to not do anything
strange to my test program with those options.

main()
{
        char *x = "7chars!";

        strcmp(x, "This is 24 chars long!!!");
}

with those options.  Do you have any include files that
might be redefining strcmp as memcmp?

-Tony

RE: segv at strcmp

[umut aymakoglu]

Probably the location of "x" is not at the end of the
shared memory segment. In /usr/include/bits/string2.h
strcmp is defined as memcmp which must be getting
picked up.

thanks,
Umut
--- "Luck, Tony" <tony.luck@intel.com> wrote:
> > Hi -
> >   The gcc version is gcc-3.2-29 and the flags we
> pass
> > to gcc are : -O -ansi -fwritable-strings
> -fsigned-char
> > -D_GNU_SOURCE -D_REENTRANT
> 
> I have gcc 3.2.3 ... but it appears to not do
> anything
> strange to my test program with those options.
> 
> main()
> {
>         char *x = "7chars!";
> 
>         strcmp(x, "This is 24 chars long!!!");
> }
> 
> with those options.  Do you have any include files
> that
> might be redefining strcmp as memcmp?
> 
> -Tony


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

RE: segv at strcmp

[Luck, Tony]

The <bits/string2.h> on my machine (came from the
glibc-devel-2.3.2-63 package in RedHat EL3). Looks
like it will only convert a strcmp to a memcmp if
*both* the arguments are constant:

# define strcmp(s1, s2) \
  __extension__                                                               \
  ({ size_t __s1_len, __s2_len;                                               \
     (__builtin_constant_p (s1) && __builtin_constant_p (s2)                  \
      && (__s1_len = strlen (s1), __s2_len = strlen (s2),                     \
          (!__string2_1bptr_p (s1) || __s1_len >= 4)                          \
          && (!__string2_1bptr_p (s2) || __s2_len >= 4))                      \
      ? memcmp ((__const char *) (s1), (__const char *) (s2),                 \
                (__s1_len < __s2_len ? __s1_len : __s2_len) + 1)              \
      : (__builtin_constant_p (s1) && __string2_1bptr_p (s1)                  \
         && (__s1_len = strlen (s1), __s1_len < 4)                            \
         ? (__builtin_constant_p (s2) && __string2_1bptr_p (s2)               \
            ? __strcmp_cc (s1, s2, __s1_len)                                  \
            : __strcmp_cg (s1, s2, __s1_len))                                 \
         : (__builtin_constant_p (s2) && __string2_1bptr_p (s2)               \
            && (__s2_len = strlen (s2), __s2_len < 4)                         \
            ? (__builtin_constant_p (s1) && __string2_1bptr_p (s1)            \
               ? __strcmp_cc (s1, s2, __s2_len)                               \
               : __strcmp_gc (s1, s2, __s2_len))                              \
            : strcmp (s1, s2)))); })

(I say "looks like" because I'm getting dizzy trying to match
parentheses in that expression).  Clearly your test case managed
to convert to memcmp when the first argument was not a constant
string ... which caused you grief.

-Tony

RE: segv at strcmp

[David Mosberger]

>>>>> On Mon, 5 Jan 2004 11:19:36 -0800, "Luck, Tony" <tony.luck@intel.com> said:

  >> Hi - The gcc version is gcc-3.2-29 and the flags we pass to gcc
  >> are : -O -ansi -fwritable-strings -fsigned-char -D_GNU_SOURCE
  >> -D_REENTRANT

  Tony> I have gcc 3.2.3 ... but it appears to not do anything strange
  Tony> to my test program with those options.

  Tony> main() { char *x = "7chars!";

  Tony>         strcmp(x, "This is 24 chars long!!!"); }

  Tony> with those options.  Do you have any include files that might
  Tony> be redefining strcmp as memcmp?

In earlier versions of libc, there were some mem/str-related routines
which were too aggressive in prefetching.  Perhaps Jes remembers the
details, but I'd definitely recommend to make sure you're running the
latest libc for your distro.

	--david

RE: segv at strcmp

[umut aymakoglu]

Ok - I have a small repro that segvs.



#include <stdio.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <string.h>
#include <stdlib.h>


#define SHMBASE 0x200000000
#define AL (1024*1024)
#define MAXSEGMENTS  1


#ifndef SHM_R
#define SHM_R        0400
#endif
#ifndef SHM_W
#define SHM_W        0660
#endif

#define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT )
#define KEY2SUCKS    0x52435200

unsigned long     sizes[MAXSEGMENTS] ={720896};

main()
{

    int  shmid[MAXSEGMENTS];
    char *shmptr[MAXSEGMENTS];
    long addr,mykey,loop,addr_save,attempts=0;
    int i;
    char *name;


    addr = SHMBASE;
    mykey  = KEY2SUCKS;
    attempts = 0;

for( loop=0;loop<MAXSEGMENTS;loop++ )
{

shmid[loop]=shmget((key_t)mykey,sizes[loop],SHM_MODE);
 shmptr[loop]=(char
*)shmat(shmid[loop],(void*)addr,0);

 /* ALign the size on SHMLBA(16K) */
sizes[loop]=(sizes[loop] + SHMLBA - 1) & ~(SHMLBA -1);
addr=shmptr[attempts]+(unsigned long)sizes[loop];
addr_save = addr;
   printf("addr1 = %p\n",addr);

 /* aLign the Address on 1MB */
addr=(char *)(((unsigned long)addr + AL-1) & ~(AL-1));
   
   printf("addr2 = %p\n",addr);
   attempts++;
   mykey++;
}

 name = ((unsigned long)addr_save - 16);
 printf("%p\n",name);
 strcpy(name, "sqlexec");
 ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");


 for( loop=0;loop<attempts;loop++ )
       shmctl( shmid[loop],IPC_RMID,0 );

  printf( "\n\tRemoved All Segments ... \n\n");
  exit( 0 );
}

%gcc -O -o x x.c
%./x


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

RE: segv at strcmp

[Luck, Tony]

Didn't compile ... "ret" undefined ... so I fixed that, but
then it SEGV'd on the "strcpy" ... it didn't make it to the
strcmp().

-Tony

> -----Original Message-----
> From: umut aymakoglu [mailto:umutaymak@yahoo.com]
> Sent: Monday, January 05, 2004 4:04 PM
> To: Luck, Tony; linux-ia64@vger.kernel.org
> Cc: umuta@us.ibm.com
> Subject: RE: segv at strcmp
> 
> 
> Ok - I have a small repro that segvs.
> 
> 
> 
> #include <stdio.h>
> #include <sys/ipc.h>
> #include <sys/shm.h>
> #include <string.h>
> #include <stdlib.h>
> 
> 
> #define SHMBASE 0x200000000
> #define AL (1024*1024)
> #define MAXSEGMENTS  1
> 
> 
> #ifndef SHM_R
> #define SHM_R        0400
> #endif
> #ifndef SHM_W
> #define SHM_W        0660
> #endif
> 
> #define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT )
> #define KEY2SUCKS    0x52435200
> 
> unsigned long     sizes[MAXSEGMENTS] ={720896};
> 
> main()
> {
> 
>     int  shmid[MAXSEGMENTS];
>     char *shmptr[MAXSEGMENTS];
>     long addr,mykey,loop,addr_save,attempts=0;
>     int i;
>     char *name;
> 
> 
>     addr = SHMBASE;
>     mykey  = KEY2SUCKS;
>     attempts = 0;
> 
> for( loop=0;loop<MAXSEGMENTS;loop++ )
> {
> 
> shmid[loop]=shmget((key_t)mykey,sizes[loop],SHM_MODE);
>  shmptr[loop]=(char
> *)shmat(shmid[loop],(void*)addr,0);
> 
>  /* ALign the size on SHMLBA(16K) */
> sizes[loop]=(sizes[loop] + SHMLBA - 1) & ~(SHMLBA -1);
> addr=shmptr[attempts]+(unsigned long)sizes[loop];
> addr_save = addr;
>    printf("addr1 = %p\n",addr);
> 
>  /* aLign the Address on 1MB */
> addr=(char *)(((unsigned long)addr + AL-1) & ~(AL-1));
>    
>    printf("addr2 = %p\n",addr);
>    attempts++;
>    mykey++;
> }
> 
>  name = ((unsigned long)addr_save - 16);
>  printf("%p\n",name);
>  strcpy(name, "sqlexec");
>  ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");
> 
> 
>  for( loop=0;loop<attempts;loop++ )
>        shmctl( shmid[loop],IPC_RMID,0 );
> 
>   printf( "\n\tRemoved All Segments ... \n\n");
>   exit( 0 );
> }
> 
> %gcc -O -o x x.c
> %./x
> 
> 
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
> 

RE: segv at strcmp

[umut aymakoglu]

[-- Attachment #1: Type: text/plain, Size: 2632 bytes --]

probably either shmget or shmat failed. There should
not be any shmget or shmat error.

i attached a working one.

thanks,
Umut



--- "Luck, Tony" <tony.luck@intel.com> wrote:
> Didn't compile ... "ret" undefined ... so I fixed
> that, but
> then it SEGV'd on the "strcpy" ... it didn't make it
> to the
> strcmp().
> 
> -Tony
> 
> > -----Original Message-----
> > From: umut aymakoglu [mailto:umutaymak@yahoo.com]
> > Sent: Monday, January 05, 2004 4:04 PM
> > To: Luck, Tony; linux-ia64@vger.kernel.org
> > Cc: umuta@us.ibm.com
> > Subject: RE: segv at strcmp
> > 
> > 
> > Ok - I have a small repro that segvs.
> > 
> > 
> > 
> > #include <stdio.h>
> > #include <sys/ipc.h>
> > #include <sys/shm.h>
> > #include <string.h>
> > #include <stdlib.h>
> > 
> > 
> > #define SHMBASE 0x200000000
> > #define AL (1024*1024)
> > #define MAXSEGMENTS  1
> > 
> > 
> > #ifndef SHM_R
> > #define SHM_R        0400
> > #endif
> > #ifndef SHM_W
> > #define SHM_W        0660
> > #endif
> > 
> > #define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT )
> > #define KEY2SUCKS    0x52435200
> > 
> > unsigned long     sizes[MAXSEGMENTS] ={720896};
> > 
> > main()
> > {
> > 
> >     int  shmid[MAXSEGMENTS];
> >     char *shmptr[MAXSEGMENTS];
> >     long addr,mykey,loop,addr_save,attempts=0;
> >     int i;
> >     char *name;
> > 
> > 
> >     addr = SHMBASE;
> >     mykey  = KEY2SUCKS;
> >     attempts = 0;
> > 
> > for( loop=0;loop<MAXSEGMENTS;loop++ )
> > {
> > 
> >
>
shmid[loop]=shmget((key_t)mykey,sizes[loop],SHM_MODE);
> >  shmptr[loop]=(char
> > *)shmat(shmid[loop],(void*)addr,0);
> > 
> >  /* ALign the size on SHMLBA(16K) */
> > sizes[loop]=(sizes[loop] + SHMLBA - 1) & ~(SHMLBA
> -1);
> > addr=shmptr[attempts]+(unsigned long)sizes[loop];
> > addr_save = addr;
> >    printf("addr1 = %p\n",addr);
> > 
> >  /* aLign the Address on 1MB */
> > addr=(char *)(((unsigned long)addr + AL-1) &
> ~(AL-1));
> >    
> >    printf("addr2 = %p\n",addr);
> >    attempts++;
> >    mykey++;
> > }
> > 
> >  name = ((unsigned long)addr_save - 16);
> >  printf("%p\n",name);
> >  strcpy(name, "sqlexec");
> >  ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");
> > 
> > 
> >  for( loop=0;loop<attempts;loop++ )
> >        shmctl( shmid[loop],IPC_RMID,0 );
> > 
> >   printf( "\n\tRemoved All Segments ... \n\n");
> >   exit( 0 );
> > }
> > 
> > %gcc -O -o x x.c
> > %./x
> > 
> > 
> > __________________________________
> > Do you Yahoo!?
> > New Yahoo! Photos - easier uploading and sharing.
> > http://photos.yahoo.com/
> > 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

[-- Attachment #2: x.c --]
[-- Type: text/plain, Size: 1726 bytes --]

#include <stdio.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <string.h>
#include <stdlib.h>


#define SHMBASE 0x200000000
#define AL (1024*1024)
#define MAXSEGMENTS  1


#ifndef SHM_R
#define SHM_R        0400
#endif
#ifndef SHM_W
#define SHM_W        0660
#endif

#define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT )   /* Mode Read Write */
#define KEY2SUCKS    0x52435200                      /* Shared Mem Key */

unsigned long     sizes[MAXSEGMENTS] ={720896};


main()
{

    int  shmid[MAXSEGMENTS];
    char *shmptr[MAXSEGMENTS];
    long addr,mykey,loop,addr_save,attempts=0;
    int i,ret;
    char *name;


    addr = SHMBASE;
    mykey  = KEY2SUCKS;
    attempts = 0;

  for( loop=0;loop<MAXSEGMENTS;loop++ ) 
    {

     if ((shmid[loop]= shmget( (key_t)mykey,sizes[loop],SHM_MODE)) == -1)
     {
      printf("shmget error\n");
      goto bad;

     }

     if((shmptr[loop]=(char *)shmat(shmid[loop],(void*)addr,0 )) == (void*)-1)
      {
       printf("shmat error\n");
       goto bad;
       }
  

 /* ALign the size on SHMLBA(16K) */
   sizes[loop] = (sizes[loop] + SHMLBA - 1) & ~(SHMLBA - 1);

  addr = shmptr[attempts] + (unsigned long)sizes[loop];
  addr_save = addr;
   printf("addr1 = %p\n",addr); 
  
 /* aLign the Address on 1MB */
   addr = (char *)(((unsigned long)addr + AL-1) & ~(AL-1));
   printf("addr2 = %p\n",addr); 
   
   attempts++;
   mykey++;

}  /* end for loop */


   name = ((unsigned long)addr_save - 16); 
   printf("%p\n",name);
   strcpy(name, "sqlexec");

   ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");
   
bad:  
   for( loop=0;loop<attempts;loop++ ) 
         shmctl( shmid[loop],IPC_RMID,0 );
   
    printf( "\n\tRemoved All Segments ... \n\n");
    exit( 0 );

}

RE: segv at strcmp

[Chen, Kenneth W]

The size rounding is wrong:

sizes[loop] = (sizes[loop] + SHMLBA - 1) & ~(SHMLBA - 1);

will make addr falls outside the shared memory segment, which is the
reason why segfault on strcpy.  Once that is fixed, it doesn't segfault
on strcmp either.

- Ken


-----Original Message-----
From: linux-ia64-owner@vger.kernel.org
[mailto:linux-ia64-owner@vger.kernel.org] On Behalf Of umut aymakoglu
Sent: Monday, January 05, 2004 5:38 PM
To: Luck, Tony; linux-ia64@vger.kernel.org
Cc: umuta@us.ibm.com
Subject: RE: segv at strcmp


probably either shmget or shmat failed. There should
not be any shmget or shmat error.

i attached a working one.

thanks,
Umut



--- "Luck, Tony" <tony.luck@intel.com> wrote:
> Didn't compile ... "ret" undefined ... so I fixed
> that, but
> then it SEGV'd on the "strcpy" ... it didn't make it
> to the
> strcmp().
> 
> -Tony
> 
> > -----Original Message-----
> > From: umut aymakoglu [mailto:umutaymak@yahoo.com]
> > Sent: Monday, January 05, 2004 4:04 PM
> > To: Luck, Tony; linux-ia64@vger.kernel.org
> > Cc: umuta@us.ibm.com
> > Subject: RE: segv at strcmp
> > 
> > 
> > Ok - I have a small repro that segvs.
> > 
> > 
> > 
> > #include <stdio.h>
> > #include <sys/ipc.h>
> > #include <sys/shm.h>
> > #include <string.h>
> > #include <stdlib.h>
> > 
> > 
> > #define SHMBASE 0x200000000
> > #define AL (1024*1024)
> > #define MAXSEGMENTS  1
> > 
> > 
> > #ifndef SHM_R
> > #define SHM_R        0400
> > #endif
> > #ifndef SHM_W
> > #define SHM_W        0660
> > #endif
> > 
> > #define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT )
> > #define KEY2SUCKS    0x52435200
> > 
> > unsigned long     sizes[MAXSEGMENTS] ={720896};
> > 
> > main()
> > {
> > 
> >     int  shmid[MAXSEGMENTS];
> >     char *shmptr[MAXSEGMENTS];
> >     long addr,mykey,loop,addr_save,attempts=0;
> >     int i;
> >     char *name;
> > 
> > 
> >     addr = SHMBASE;
> >     mykey  = KEY2SUCKS;
> >     attempts = 0;
> > 
> > for( loop=0;loop<MAXSEGMENTS;loop++ )
> > {
> > 
> >
>
shmid[loop]=shmget((key_t)mykey,sizes[loop],SHM_MODE);
> >  shmptr[loop]=(char
> > *)shmat(shmid[loop],(void*)addr,0);
> > 
> >  /* ALign the size on SHMLBA(16K) */
> > sizes[loop]=(sizes[loop] + SHMLBA - 1) & ~(SHMLBA
> -1);
> > addr=shmptr[attempts]+(unsigned long)sizes[loop];
> > addr_save = addr;
> >    printf("addr1 = %p\n",addr);
> > 
> >  /* aLign the Address on 1MB */
> > addr=(char *)(((unsigned long)addr + AL-1) &
> ~(AL-1));
> >    
> >    printf("addr2 = %p\n",addr);
> >    attempts++;
> >    mykey++;
> > }
> > 
> >  name = ((unsigned long)addr_save - 16);
> >  printf("%p\n",name);
> >  strcpy(name, "sqlexec");
> >  ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");
> > 
> > 
> >  for( loop=0;loop<attempts;loop++ )
> >        shmctl( shmid[loop],IPC_RMID,0 );
> > 
> >   printf( "\n\tRemoved All Segments ... \n\n");
> >   exit( 0 );
> > }
> > 
> > %gcc -O -o x x.c
> > %./x
> > 
> > 
> > __________________________________
> > Do you Yahoo!?
> > New Yahoo! Photos - easier uploading and sharing.
> > http://photos.yahoo.com/
> > 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

RE: segv at strcmp

[umut aymakoglu]

[-- Attachment #1: Type: text/plain, Size: 4058 bytes --]

The problem seems to be the gcc 3.2-29 we have on
United Linux 1.0. The binary built with this does not
also work on RedHat. The binary built with gcc
3.2.3-20 on Redhat works fine. 

The problem with the segv at strcpy() was due to the
unaligned size. I have attached the corrected program.

Does anybody know where i can find the latest fixpack
on United Linux 1.0?

thanks,
Umut 


--- "Chen, Kenneth W" <kenneth.w.chen@intel.com>
wrote:
> The size rounding is wrong:
> 
> sizes[loop] = (sizes[loop] + SHMLBA - 1) & ~(SHMLBA
> - 1);
> 
> will make addr falls outside the shared memory
> segment, which is the
> reason why segfault on strcpy.  Once that is fixed,
> it doesn't segfault
> on strcmp either.
> 
> - Ken
> 
> 
> -----Original Message-----
> From: linux-ia64-owner@vger.kernel.org
> [mailto:linux-ia64-owner@vger.kernel.org] On Behalf
> Of umut aymakoglu
> Sent: Monday, January 05, 2004 5:38 PM
> To: Luck, Tony; linux-ia64@vger.kernel.org
> Cc: umuta@us.ibm.com
> Subject: RE: segv at strcmp
> 
> 
> probably either shmget or shmat failed. There should
> not be any shmget or shmat error.
> 
> i attached a working one.
> 
> thanks,
> Umut
> 
> 
> 
> --- "Luck, Tony" <tony.luck@intel.com> wrote:
> > Didn't compile ... "ret" undefined ... so I fixed
> > that, but
> > then it SEGV'd on the "strcpy" ... it didn't make
> it
> > to the
> > strcmp().
> > 
> > -Tony
> > 
> > > -----Original Message-----
> > > From: umut aymakoglu
> [mailto:umutaymak@yahoo.com]
> > > Sent: Monday, January 05, 2004 4:04 PM
> > > To: Luck, Tony; linux-ia64@vger.kernel.org
> > > Cc: umuta@us.ibm.com
> > > Subject: RE: segv at strcmp
> > > 
> > > 
> > > Ok - I have a small repro that segvs.
> > > 
> > > 
> > > 
> > > #include <stdio.h>
> > > #include <sys/ipc.h>
> > > #include <sys/shm.h>
> > > #include <string.h>
> > > #include <stdlib.h>
> > > 
> > > 
> > > #define SHMBASE 0x200000000
> > > #define AL (1024*1024)
> > > #define MAXSEGMENTS  1
> > > 
> > > 
> > > #ifndef SHM_R
> > > #define SHM_R        0400
> > > #endif
> > > #ifndef SHM_W
> > > #define SHM_W        0660
> > > #endif
> > > 
> > > #define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT
> )
> > > #define KEY2SUCKS    0x52435200
> > > 
> > > unsigned long     sizes[MAXSEGMENTS] ={720896};
> > > 
> > > main()
> > > {
> > > 
> > >     int  shmid[MAXSEGMENTS];
> > >     char *shmptr[MAXSEGMENTS];
> > >     long addr,mykey,loop,addr_save,attempts=0;
> > >     int i;
> > >     char *name;
> > > 
> > > 
> > >     addr = SHMBASE;
> > >     mykey  = KEY2SUCKS;
> > >     attempts = 0;
> > > 
> > > for( loop=0;loop<MAXSEGMENTS;loop++ )
> > > {
> > > 
> > >
> >
>
shmid[loop]=shmget((key_t)mykey,sizes[loop],SHM_MODE);
> > >  shmptr[loop]=(char
> > > *)shmat(shmid[loop],(void*)addr,0);
> > > 
> > >  /* ALign the size on SHMLBA(16K) */
> > > sizes[loop]=(sizes[loop] + SHMLBA - 1) &
> ~(SHMLBA
> > -1);
> > > addr=shmptr[attempts]+(unsigned
> long)sizes[loop];
> > > addr_save = addr;
> > >    printf("addr1 = %p\n",addr);
> > > 
> > >  /* aLign the Address on 1MB */
> > > addr=(char *)(((unsigned long)addr + AL-1) &
> > ~(AL-1));
> > >    
> > >    printf("addr2 = %p\n",addr);
> > >    attempts++;
> > >    mykey++;
> > > }
> > > 
> > >  name = ((unsigned long)addr_save - 16);
> > >  printf("%p\n",name);
> > >  strcpy(name, "sqlexec");
> > >  ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");
> > > 
> > > 
> > >  for( loop=0;loop<attempts;loop++ )
> > >        shmctl( shmid[loop],IPC_RMID,0 );
> > > 
> > >   printf( "\n\tRemoved All Segments ... \n\n");
> > >   exit( 0 );
> > > }
> > > 
> > > %gcc -O -o x x.c
> > > %./x
> > > 
> > > 
> > > __________________________________
> > > Do you Yahoo!?
> > > New Yahoo! Photos - easier uploading and
> sharing.
> > > http://photos.yahoo.com/
> > > 
> 
> 
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus

[-- Attachment #2: x.c --]
[-- Type: text/plain, Size: 1749 bytes --]

#include <stdio.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <string.h>
#include <stdlib.h>


#define SHMBASE 0x200000000
#define AL (1024*1024)
#define MAXSEGMENTS  1


#ifndef SHM_R
#define SHM_R        0400
#endif
#ifndef SHM_W
#define SHM_W        0660
#endif

#define SHM_MODE     ( SHM_R | SHM_W | IPC_CREAT )   /* Mode Read Write */
#define KEY2SUCKS    0x52435200                      /* Shared Mem Key */

 unsigned long     sizes[MAXSEGMENTS] ={1024*1024};


main()
{

    int  shmid[MAXSEGMENTS];
    char *shmptr[MAXSEGMENTS];
    long addr,mykey,loop,addr_save,attempts=0;
    int i,ret;
    char *name;


    addr = SHMBASE;
    mykey  = KEY2SUCKS;
    attempts = 0;

  for( loop=0;loop<MAXSEGMENTS;loop++ ) 
    {
   printf("size before= %d\n",sizes[loop]);

     if ((shmid[loop]= shmget( (key_t)mykey,sizes[loop],SHM_MODE)) == -1)
     {
      printf("shmget error\n");
      goto bad;

     }

     if((shmptr[loop]=(char *)shmat(shmid[loop],(void*)addr,0 )) == (void*)-1)
      {
       printf("shmat error\n");
       goto bad;
       }
  

   sizes[loop] = (sizes[loop] + AL - 1) & ~(AL - 1);
   printf("size before= %d\n",sizes[loop]);

  addr = shmptr[attempts] + (unsigned long)sizes[loop];
   printf("addr1 = %p\n",addr); 
  
   attempts++;
   mykey++;

 /* aLign the Address on 1MB */
   addr = (char *)(((unsigned long)addr + AL-1) & ~(AL-1));
   printf("addr2 = %p\n",addr); 
   

}  /* end for loop */


   name = ((unsigned long)addr - 16); 
   printf("%p\n",name);
   strcpy(name, "sqlexec");

   ret = strcmp(name,"aaaaaaaaaaaaaaaaaaaaaaaa");
   
bad:  
   for( loop=0;loop<attempts;loop++ ) 
         shmctl( shmid[loop],IPC_RMID,0 );
   
    printf( "\n\tRemoved All Segments ... \n\n");
    exit( 0 );

}

Re: segv at strcmp

[Zhu, Yi]

On Thu, 25 Dec 2003, umut aymakoglu wrote:

> We have hit a problem with strcmp() on UnitedLinux 1.0
> with kernel: 2.4.19 and glibc: 2.2.5.
> I am wondering if anybody has seen something like it
> or knows if already there is a patch. I do not have a
> small repro but i will try to explain:
> 
> The segv happens at memcmp() at a line like:
> 'strcmp(x, "this is 24 chars long")' where x is a char
> pointer with a length of 7 and the constant has a
> length of 24. x is located at the first 8 bytes of the
> last 16 bytes at the end of a non-contiguous shared
> memory segment. memcmp() segvs when it tries to load 8
> bytes from the "r19" register which initially has the
> address of x and points to the end of the segment when
> the segv happens.

I met the similar scenario for strchr(), it was fixed after I explicitly
adding a #include <string.h>.

> any help would be appreciated,
> thanks,
> Umut
> 
> 
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
> -
> To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> FLAGS (\Seen \Recent))
> 

-- 
-----------------------------------------------------------------
Opinions expressed are those of the author and do not represent
Intel Corp.

Zhu Yi (Chuyee)
Intel China Software Lab (ICSL)
22nd Floor, ShanghaiMart Tower No. 2299 Yan'an Road(West)
Shanghai 200336, PRC
Tel: 8621-52574545-1261
Fax: 8621-62360011

GnuPG v1.0.6 (GNU/Linux)
http://cn.geocities.com/chewie_chuyee/gpg.txt or
$ gpg --keyserver wwwkeys.pgp.net --recv-keys 71C34820
1024D/71C34820 C939 2B0B FBCE 1D51 109A  55E5 8650 DB90 71C3 4820

RE: segv at strcmp

[Luck, Tony]

> We have hit a problem with strcmp() on UnitedLinux 1.0
> with kernel: 2.4.19 and glibc: 2.2.5.
> I am wondering if anybody has seen something like it
> or knows if already there is a patch. I do not have a
> small repro but i will try to explain:
> 
> The segv happens at memcmp() at a line like:
> 'strcmp(x, "this is 24 chars long")' where x is a char
> pointer with a length of 7 and the constant has a
> length of 24. x is located at the first 8 bytes of the
> last 16 bytes at the end of a non-contiguous shared
> memory segment. memcmp() segvs when it tries to load 8
> bytes from the "r19" register which initially has the
> address of x and points to the end of the segment when
> the segv happens.

Sounds like your compiler converted the strcmp(str, const_str)
into memcmp(str, const_str, strlen(const_str)) ... and then
the memcmp fell off the end of the page.

What version of gcc are you using, and what arguments are you
passing to gcc?

-Tony

Re: segv at strcmp

[Jeff Woods]

At 12/24/2003 03:13 PM -0800, umut aymakoglu wrote:
>The segv happens at memcmp() at a line like: 'strcmp(x, "this is 24 chars 
>long")' where x is a char pointer with a length of 7 and the constant has 
>a length of 24. x is located at the first 8 bytes of the last 16 bytes at 
>the end of a non-contiguous shared memory segment. memcmp() segvs when it 
>tries to load 8 bytes from the "r19" register which initially has the 
>address of x and points to the end of the segment when the segv happens.

So are you calling strcmp() or memcmp() ?  If you are calling strcmp(), it 
sounds like the "last 16 bytes" are not null-terminated to be a valid 
string and the strcmp() is running off the end of the memory segment which 
causes it to try address memory to which it doesn't have access.  If you're 
calling memcmp() with a length longer than 16 then it is also running off 
the end of the segment.

--
Jeff Woods <kazrak+kernel@cesmail.net> 

segv at strcmp

[umut aymakoglu]

Hi -

We have hit a problem with strcmp() on UnitedLinux 1.0
with kernel: 2.4.19 and glibc: 2.2.5.
I am wondering if anybody has seen something like it
or knows if already there is a patch. I do not have a
small repro but i will try to explain:

The segv happens at memcmp() at a line like:
'strcmp(x, "this is 24 chars long")' where x is a char
pointer with a length of 7 and the constant has a
length of 24. x is located at the first 8 bytes of the
last 16 bytes at the end of a non-contiguous shared
memory segment. memcmp() segvs when it tries to load 8
bytes from the "r19" register which initially has the
address of x and points to the end of the segment when
the segv happens.

any help would be appreciated,
thanks,
Umut 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/