GNU bug report logs - #38348
[2.9.5] Stack overflow when stdout is closed

Previous Next

Package: guile;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 23 Nov 2019 16:47:04 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38348 in the body.
You can then email your comments to 38348 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to wingo <at> igalia.com, bug-guile <at> gnu.org:
bug#38348; Package guile. (Sat, 23 Nov 2019 16:47:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ludovic Courtès <ludo <at> gnu.org>:
New bug report received and forwarded. Copy sent to wingo <at> igalia.com, bug-guile <at> gnu.org. (Sat, 23 Nov 2019 16:47:10 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: bug-guile <at> gnu.org
Subject: [2.9.5] Stack overflow when stdout is closed
Date: Sat, 23 Nov 2019 17:46:30 +0100
Hello!

Guile 2.9.5 segfaults from a C stack overflow when you start it with a
closed stdout:

  /gnu/store/7vwf3nhiacxc2jgcg43w22px4ds3rb36-guile-next-2.9.5/bin/guile -c '(pk 1)' >&-

The backtrace looks like this:

--8<---------------cut here---------------start------------->8---
(gdb) bt -30
#312742 0x00007f2ea9b2961f in scm_error (key=wrong-type-arg, subr=subr <at> entry=0x0, message=message <at> entry=0x7f2ea9bcafb6 "Wrong type (expecting ~A): ~S", 
    args=("output port" #f), rest=rest <at> entry=(#f)) at error.c:62
#312743 0x00007f2ea9b299a4 in scm_wrong_type_arg_msg (subr=subr <at> entry=0x0, pos=pos <at> entry=0, bad_value=bad_value <at> entry=#f, 
    szMessage=szMessage <at> entry=0x7f2ea9bc98a5 "output port") at error.c:275
#312744 0x00007f2ea9b755bd in scm_puts (s=s <at> entry=0x7f2ea9bd92c0 "Pre-boot error; key: ", port=port <at> entry=#f) at ports.c:3625
#312745 0x00007f2ea9ba468c in scm_throw (key=key <at> entry=wrong-type-arg, args=(#f "Wrong type (expecting ~A): ~S" ("output port" #f) (#f))) at throw.c:247
#312746 0x00007f2ea9ba4809 in scm_ithrow (key=key <at> entry=wrong-type-arg, args=<optimized out>, no_return=no_return <at> entry=1) at throw.c:448
#312747 0x00007f2ea9b29585 in scm_error_scm (key=key <at> entry=wrong-type-arg, subr=<optimized out>, message=message <at> entry="Wrong type (expecting ~A): ~S", 
    args=args <at> entry=("output port" #f), data=data <at> entry=(#f)) at error.c:90
#312748 0x00007f2ea9b2961f in scm_error (key=wrong-type-arg, subr=subr <at> entry=0x0, message=message <at> entry=0x7f2ea9bcafb6 "Wrong type (expecting ~A): ~S", 
    args=("output port" #f), rest=rest <at> entry=(#f)) at error.c:62
#312749 0x00007f2ea9b299a4 in scm_wrong_type_arg_msg (subr=subr <at> entry=0x0, pos=pos <at> entry=0, bad_value=bad_value <at> entry=#f, 
    szMessage=szMessage <at> entry=0x7f2ea9bc98a5 "output port") at error.c:275
#312750 0x00007f2ea9b755bd in scm_puts (s=s <at> entry=0x7f2ea9bd92c0 "Pre-boot error; key: ", port=port <at> entry=#f) at ports.c:3625
#312751 0x00007f2ea9ba468c in scm_throw (key=key <at> entry=misc-error, args=("scm_fdes_to_port" "requested file mode not available on fdes" () #f)) at throw.c:247
#312752 0x00007f2ea9ba4809 in scm_ithrow (key=key <at> entry=misc-error, args=<optimized out>, no_return=no_return <at> entry=1) at throw.c:448
#312753 0x00007f2ea9b29585 in scm_error_scm (key=key <at> entry=misc-error, subr=<optimized out>, message=message <at> entry="requested file mode not available on fdes", 
    args=args <at> entry=(), data=data <at> entry=#f) at error.c:90
#312754 0x00007f2ea9b2961f in scm_error (key=misc-error, subr=subr <at> entry=0x7f2ea9bcd320 "scm_fdes_to_port", 
    message=message <at> entry=0x7f2ea9bcd380 "requested file mode not available on fdes", args=args <at> entry=(), rest=rest <at> entry=#f) at error.c:62
#312755 0x00007f2ea9b29a02 in scm_misc_error (subr=subr <at> entry=0x7f2ea9bcd320 "scm_fdes_to_port", 
    message=message <at> entry=0x7f2ea9bcd380 "requested file mode not available on fdes", args=args <at> entry=()) at error.c:295
#312756 0x00007f2ea9b39138 in scm_i_fdes_to_port (fdes=1, mode_bits=1024, name=name <at> entry=#f, options=options <at> entry=1) at fports.c:429
#312757 0x00007f2ea9b3958b in scm_fdes_to_port (fdes=<optimized out>, mode=<optimized out>, name=name <at> entry=#f) at fports.c:457
#312758 0x00007f2ea9b43bc1 in stream_body (data=<optimized out>) at init.c:170
#312759 0x00007f2ea9b2c87a in scm_c_with_exception_handler (type=type <at> entry=#t, handler=handler <at> entry=0x7f2ea9ba41f0 <catch_post_unwind_handler>, 
    handler_data=handler_data <at> entry=0x7ffe000e2810, thunk=thunk <at> entry=0x7f2ea9ba4330 <catch_body>, thunk_data=thunk_data <at> entry=0x7ffe000e2810) at exceptions.c:170
#312760 0x00007f2ea9ba452d in scm_c_catch (tag=tag <at> entry=#t, body=body <at> entry=0x7f2ea9b43bb0 <stream_body>, body_data=body_data <at> entry=0x7ffe000e2880, 
    handler=handler <at> entry=0x7f2ea9b43b10 <stream_handler>, handler_data=handler_data <at> entry=0x0, pre_unwind_handler=pre_unwind_handler <at> entry=0x0, 
    pre_unwind_handler_data=0x0) at throw.c:168
#312761 0x00007f2ea9ba454e in scm_internal_catch (tag=tag <at> entry=#t, body=body <at> entry=0x7f2ea9b43bb0 <stream_body>, body_data=body_data <at> entry=0x7ffe000e2880, 
    handler=handler <at> entry=0x7f2ea9b43b10 <stream_handler>, handler_data=handler_data <at> entry=0x0) at throw.c:177
#312762 0x00007f2ea9b43b8e in scm_standard_stream_to_port (fdes=fdes <at> entry=1, mode=0x7f2ea9bcbddd "w") at init.c:198
#312763 0x00007f2ea9b43f64 in scm_init_standard_ports () at init.c:225
#312764 scm_i_init_guile (base=<optimized out>) at init.c:502
#312765 0x00007f2ea9ba2f68 in scm_i_init_thread_for_guile (base=0x7ffe000e2918, dynamic_state=<error reading variable: ERROR: Cannot access memory at address 0x0>0x0)
    at threads.c:570
#312766 0x00007f2ea9ba2f99 in with_guile (base=0x7ffe000e2918, data=0x7ffe000e2940) at threads.c:638
#312767 0x00007f2ea9a88a68 in GC_call_with_stack_base () from /gnu/store/3xs3dnc28p9fi8in7hkfcdx20incrdvq-libgc-7.6.12/lib/libgc.so.1
#312768 0x00007f2ea9ba32e8 in scm_i_with_guile (dynamic_state=<optimized out>, data=data <at> entry=0x7ffe000e2940, func=func <at> entry=0x7f2ea9b43b20 <invoke_main_func>)
    at threads.c:688
#312769 scm_with_guile (func=func <at> entry=0x7f2ea9b43b20 <invoke_main_func>, data=data <at> entry=0x7ffe000e2970) at threads.c:694
#312770 0x00007f2ea9b43cd2 in scm_boot_guile (argc=argc <at> entry=17, argv=argv <at> entry=0x7ffe000e2ac8, main_func=main_func <at> entry=0x401240 <inner_main>, 
    closure=closure <at> entry=0x0) at init.c:321
#312771 0x0000000000401100 in main (argc=17, argv=0x7ffe000e2ac8) at guile.c:95
--8<---------------cut here---------------end--------------->8---

I noticed it because the silent rule in the Makefile of GnuTLS does this:

--8<---------------cut here---------------start------------->8---
%.go: %.scm modules/gnutls.scm
	$(AM_V_GUILEC)$(MKDIR_P) "`dirname "$@"`" ;			\
	$(AM_V_P) && out=1 || out=- ;					\
	unset GUILE_LOAD_COMPILED_PATH ; LC_ALL=C			\
	GUILE_AUTO_COMPILE=0 $(CROSS_COMPILING_VARIABLE)		\
	GNUTLS_GUILE_EXTENSION_DIR="$(abs_top_builddir)/guile/src"	\
	$(GUILD) compile --target="$(host)"				\
	  -L "$(top_builddir)/guile/modules"				\
	  -L "$(top_srcdir)/guile/modules"				\
	  -Wformat -Wunbound-variable -Warity-mismatch			\
	  -o "$@" "$<" >&$$out
--8<---------------cut here---------------end--------------->8---

I suspect the same trick can be found elsewhere.

Thanks,
Ludo’.




Reply sent to Andy Wingo <wingo <at> igalia.com>:
You have taken responsibility. (Mon, 25 Nov 2019 22:05:01 GMT) Full text and rfc822 format available.

Notification sent to Ludovic Courtès <ludo <at> gnu.org>:
bug acknowledged by developer. (Mon, 25 Nov 2019 22:05:01 GMT) Full text and rfc822 format available.

Message #10 received at 38348-done <at> debbugs.gnu.org (full text, mbox):

From: Andy Wingo <wingo <at> igalia.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 38348-don <at> debbugs.gnu.org
Subject: Re: bug#38348: [2.9.5] Stack overflow when stdout is closed
Date: Mon, 25 Nov 2019 09:47:44 +0100
Hey :)

On Sat 23 Nov 2019 17:46, Ludovic Courtès <ludo <at> gnu.org> writes:

> Hello!
>
> Guile 2.9.5 segfaults from a C stack overflow when you start it with a
> closed stdout:
>
>   /gnu/store/7vwf3nhiacxc2jgcg43w22px4ds3rb36-guile-next-2.9.5/bin/guile -c '(pk 1)' >&-

Fixed, thanks!

Cheers,

Andy




Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 12 Dec 2019 21:45:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guile <at> gnu.org:
bug#38348; Package guile. (Thu, 12 Dec 2019 21:48:02 GMT) Full text and rfc822 format available.

Message #15 received at 38348 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 38348 <at> debbugs.gnu.org
Cc: Andy Wingo <wingo <at> igalia.com>
Subject: Re: bug#38348: [2.9.5] Stack overflow when stdout is closed
Date: Thu, 12 Dec 2019 22:46:56 +0100
Hi,

Ludovic Courtès <ludo <at> gnu.org> skribis:

> Guile 2.9.5 segfaults from a C stack overflow when you start it with a
> closed stdout:
>
>   /gnu/store/7vwf3nhiacxc2jgcg43w22px4ds3rb36-guile-next-2.9.5/bin/guile -c '(pk 1)' >&-
>
> The backtrace looks like this:
>
> (gdb) bt -30
> #312742 0x00007f2ea9b2961f in scm_error (key=wrong-type-arg, subr=subr <at> entry=0x0, message=message <at> entry=0x7f2ea9bcafb6 "Wrong type (expecting ~A): ~S", 
>     args=("output port" #f), rest=rest <at> entry=(#f)) at error.c:62
> #312743 0x00007f2ea9b299a4 in scm_wrong_type_arg_msg (subr=subr <at> entry=0x0, pos=pos <at> entry=0, bad_value=bad_value <at> entry=#f, 
>     szMessage=szMessage <at> entry=0x7f2ea9bc98a5 "output port") at error.c:275
> #312744 0x00007f2ea9b755bd in scm_puts (s=s <at> entry=0x7f2ea9bd92c0 "Pre-boot error; key: ", port=port <at> entry=#f) at ports.c:3625

In 2.9.6 the stack overflow is fixed (yay!) but we still get the error
above:

--8<---------------cut here---------------start------------->8---
$ guile --version >&-
Error while printing pre-boot error: wrong-type-arg
Abortita(nekropsio elŝutita)
$ guile --version
guile (GNU Guile) 2.9.6
Copyright (C) 2019 Free Software Foundation, Inc.

License LGPLv3+: GNU LGPL 3 or later <http://gnu.org/licenses/lgpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
--8<---------------cut here---------------end--------------->8---

Ludo’.




Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Fri, 17 Jan 2020 13:53:02 GMT) Full text and rfc822 format available.

Notification sent to Ludovic Courtès <ludo <at> gnu.org>:
bug acknowledged by developer. (Fri, 17 Jan 2020 13:53:02 GMT) Full text and rfc822 format available.

Message #20 received at 38348-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 38348-done <at> debbugs.gnu.org
Cc: Andy Wingo <wingo <at> igalia.com>
Subject: Re: bug#38348: [2.9.5] Stack overflow when stdout is closed
Date: Fri, 17 Jan 2020 14:52:07 +0100
Ludovic Courtès <ludo <at> gnu.org> skribis:

> In 2.9.6 the stack overflow is fixed (yay!) but we still get the error
> above:
>
> $ guile --version >&-
> Error while printing pre-boot error: wrong-type-arg
> Abortita(nekropsio elŝutita)
> $ guile --version
> guile (GNU Guile) 2.9.6
> Copyright (C) 2019 Free Software Foundation, Inc.
>
> License LGPLv3+: GNU LGPL 3 or later <http://gnu.org/licenses/lgpl.html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.

This is definitely fixed in 3.0.0.  Thanks, Andy!

Ludo’.




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 15 Feb 2020 12:24:06 GMT) Full text and rfc822 format available.

This bug report was last modified 4 years and 43 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.