在文件指針中尋址出界錯誤文件指針

Question

從popen（）返回的文件指針讀取流時，我們正在觀察SIGABORT。文件指針不是NULL。但是讀取文件指針會導致崩潰。

我的代碼 - ：

if ((fp = popen(cmd, "r")) == NULL) { 
     LOG_FWDL(FW_UNEXP, 
      "run_rsh_cmd(): Fail to run command %s (%s)\n", 
      cmd, strerror(errno)); 
     /* reset the uid */ 
     if (o_uid != 0) { 
      ret = setreuid(o_uid, o_euid); 
      VVERIFY1(ret == 0, errno); 
     } 
     return (-1); 
    } 

    fscanf(fp, "%s", out); // getting signal abort here 

回溯

"Program terminated with signal 6, Aborted. 
[New process 3593] 
[New process 3638] 
[New process 3594] 
[New process 3595] 
#0 0x0df1c0b4 in read() from ./lib/libc.so.6 
(gdb) bt 
#0 0x0df1c0b4 in read() from ./lib/libc.so.6 
#1 0x0dec400c in _IO_new_file_underflow (fp=0x1028dbe8) at fileops.c:603 
#2 0x0dec4eec in _IO_default_uflow (fp=<value optimized out>) at genops.c:440 
#3 0x0dec6e28 in *__GI___uflow (fp=0x1028dbe8) at genops.c:394 
#4 0x0dea3288 in _IO_vfscanf_internal (s=0x1028dbe8, format=<value optimized out>, argptr=0x3fa6bdf8, errp=0x0) at vfscanf.c:597 
#5 0x0dea73a0 in ___vfscanf (s=<value optimized out>, format=<value optimized out>, argptr=<value optimized out>) at vfscanf.c:2909 
#6 0x0dea7424 in __fscanf (stream=<value optimized out>, format=<value optimized out>) at fscanf.c:32 
#7 0x0e18e6dc in run_rsh_cmd (in=0xe199288 "/sbin/bootenv BadRootDev", out=0x3fa6d640 "") at upgrade_err.c:141 
#8 0x0e192348 in fup_retrieve (slot=2, vi=0x3fa6db88, de=<value optimized out>) at upgrade_ipc.c:75 
#9 0x100791bc in showFOSVersion (request=0x3fa74f28) at FileXfer.c:1059 
#10 0x10041da0 in Switch_doGet (request=0x3fa74f28) at Switch.c:1617 
#11 0x10023aa8 in dispatcher (request=0x3fa74f28) at dispatcher.c:1408 
#12 0x100198f4 in main (argc=<value optimized out>, argv=<value optimized out>) at weblinker.c:809 
(gdb) p *fp 
No symbol "fp" in current context. 
(gdb) f 7 
#7 0x0e18e6dc in run_rsh_cmd (in=0xe199288 "/sbin/bootenv BadRootDev", out=0x3fa6d640 "") at upgrade_err.c:141 
141   fscanf(fp, "%s", out); 
(gdb) p *fp 
$1 = {_flags = -72539000, _IO_read_ptr = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_read_end = 0x1ec84000 <Address 0x1ec84000 out of bounds>, 
    _IO_read_base = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_write_base = 0x1ec84000 <Address 0x1ec84000 out of bounds>, 
    _IO_write_ptr = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_write_end = 0x1ec84000 <Address 0x1ec84000 out of bounds>, 
    _IO_buf_base = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_buf_end = 0x1ec85000 <Address 0x1ec85000 out of bounds>, _IO_save_base = 0x0, 
    _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0xdfb5498, _fileno = 162, _flags2 = 0, _old_offset = 0, _cur_column = 0, 
    _vtable_offset = 0 '\0', _shortbuf = "", _lock = 0x1028dc90, _offset = -1, __pad1 = 0x0, __pad2 = 0x0, __pad3 = 0x0, __pad4 = 0x0, __pad5 = 0, _mode = -1, 
    _unused2 = '\0' <repeats 19 times>, "\001\000\000\000\000\000\000\000x\000\000\000\020\020&îX\000\000\000"}" 

Answer 1

我們SIGABORT觀察，而讀從文件指針流是從POPEN（）返回。

看起來你錯誤地解釋了你所看到的東西。

您已經截斷了您的GDB會話，但我們可以清楚地看到，正在調試的程序有沒有收到SIGABRT - 它只是堵塞在read系統調用。

一些其他程序（不是你正在調試的一個）已經中止，東西（可能不是你的程序）具有wait(2)編輯它，並打印Program terminated with signal 6, Aborted.消息。