Address out of bound error in File pointer

Question

We are observing SIGABORT while reading a stream from File pointer which is returned from popen(). File pointer wasn't NULL. But reading File pointer results in a crash.

My Code -:

    if ((fp = popen(cmd, "r")) == NULL) {
        LOG_FWDL(FW_UNEXP,
            "run_rsh_cmd(): Fail to run command %s (%s)\n",
            cmd, strerror(errno));
        /* reset the uid */
        if (o_uid != 0) {
            ret = setreuid(o_uid, o_euid);
            VVERIFY1(ret == 0, errno);
        }   
        return (-1);
    }   

    fscanf(fp, "%s", out); // getting signal abort here

backtrace

"Program terminated with signal 6, Aborted.
[New process 3593]
[New process 3638]
[New process 3594]
[New process 3595]
#0  0x0df1c0b4 in read () from ./lib/libc.so.6
(gdb) bt
#0  0x0df1c0b4 in read () from ./lib/libc.so.6
#1  0x0dec400c in _IO_new_file_underflow (fp=0x1028dbe8) at fileops.c:603
#2  0x0dec4eec in _IO_default_uflow (fp=<value optimized out>) at genops.c:440
#3  0x0dec6e28 in *__GI___uflow (fp=0x1028dbe8) at genops.c:394
#4  0x0dea3288 in _IO_vfscanf_internal (s=0x1028dbe8, format=<value optimized out>, argptr=0x3fa6bdf8, errp=0x0) at vfscanf.c:597
#5  0x0dea73a0 in ___vfscanf (s=<value optimized out>, format=<value optimized out>, argptr=<value optimized out>) at vfscanf.c:2909
#6  0x0dea7424 in __fscanf (stream=<value optimized out>, format=<value optimized out>) at fscanf.c:32
#7  0x0e18e6dc in run_rsh_cmd (in=0xe199288 "/sbin/bootenv BadRootDev", out=0x3fa6d640 "") at upgrade_err.c:141
#8  0x0e192348 in fup_retrieve (slot=2, vi=0x3fa6db88, de=<value optimized out>) at upgrade_ipc.c:75
#9  0x100791bc in showFOSVersion (request=0x3fa74f28) at FileXfer.c:1059
#10 0x10041da0 in Switch_doGet (request=0x3fa74f28) at Switch.c:1617
#11 0x10023aa8 in dispatcher (request=0x3fa74f28) at dispatcher.c:1408
#12 0x100198f4 in main (argc=<value optimized out>, argv=<value optimized out>) at weblinker.c:809
(gdb) p *fp
No symbol "fp" in current context.
(gdb) f 7 
#7  0x0e18e6dc in run_rsh_cmd (in=0xe199288 "/sbin/bootenv BadRootDev", out=0x3fa6d640 "") at upgrade_err.c:141
141         fscanf(fp, "%s", out);
(gdb) p *fp
$1 = {_flags = -72539000, _IO_read_ptr = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_read_end = 0x1ec84000 <Address 0x1ec84000 out of bounds>, 
  _IO_read_base = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_write_base = 0x1ec84000 <Address 0x1ec84000 out of bounds>, 
  _IO_write_ptr = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_write_end = 0x1ec84000 <Address 0x1ec84000 out of bounds>, 
  _IO_buf_base = 0x1ec84000 <Address 0x1ec84000 out of bounds>, _IO_buf_end = 0x1ec85000 <Address 0x1ec85000 out of bounds>, _IO_save_base = 0x0, 
  _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0xdfb5498, _fileno = 162, _flags2 = 0, _old_offset = 0, _cur_column = 0, 
  _vtable_offset = 0 '\0', _shortbuf = "", _lock = 0x1028dc90, _offset = -1, __pad1 = 0x0, __pad2 = 0x0, __pad3 = 0x0, __pad4 = 0x0, __pad5 = 0, _mode = -1, 
  _unused2 = '\0' <repeats 19 times>, "\001\000\000\000\000\000\000\000x\000\000\000\020\020&îX\000\000\000"}"

score 0 · Answer 1 · answered Oct 20 '16 at 03:41

We are observing SIGABORT while reading a stream from File pointer which is returned from popen().

It looks like you are mis-interpreting what you see.

You've truncated your GDB session, but we can clearly see that the program you are debugging has not received SIGABRT -- it's merely blocked in a read system call.

Some other program (not the one you are debugging) has aborted, and something (probably not your program) has wait(2)ed for it, and printed the Program terminated with signal 6, Aborted. message.

Address out of bound error in File pointer

1 Answers1