1. Alexander Galanin Avatar Alexander Galanin
  2. Pet projects
  3. fuse-zip
  4. Issues

Options parsing causes memory errors when using refuse library

Issue #26 wontfix
Former user created an issue

Originally reported on Google Code with ID 26

Reported by Thomas Klausner.

Hi!

After all the bug reports you've been sending us, I thought I'd give
fuse-zip a try and built it on NetBSD :)

I needed the attached patch to make it compile; the header doesn't
exist on NetBSD and removing it didn't stop the compilation.

However, when I try to mount a file system, I get:
# ./work.x86_64/fuse-zip-0.2.11/fuse-zip /tmp/test.zip /mnt
Memory fault (core dumped)
# gdb  ./work.x86_64/fuse-zip-0.2.11/fuse-zip fuse-zip.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/librefuse.so.1...done.
Loaded symbols for /usr/lib/librefuse.so.1
Reading symbols from /usr/pkg/lib/libzip.so.1...done.
Loaded symbols for /usr/pkg/lib/libzip.so.1
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libstdc++.so.7...done.
Loaded symbols for /usr/lib/libstdc++.so.7
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/lib/libpuffs.so.1...done.
Loaded symbols for /usr/lib/libpuffs.so.1
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `fuse-zip'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000402b8c in process_arg (data=0x40aa40,
    arg=0x7f7ffffff6b7 "/tmp/test.zip", key=-2, outargs=0x7f7fffffd380)
    at fuse-zip.cpp:572
572                 ++param->strArgCount;
(gdb) bt
#0  0x0000000000402b8c in process_arg (data=0x40aa40,
    arg=0x7f7ffffff6b7 "/tmp/test.zip", key=-2, outargs=0x7f7fffffd380)
    at fuse-zip.cpp:572
#1  0x00007f7ffd8034a2 in fuse_opt_parse (args=0x7f7fffffd380,
    data=<value optimized out>, opts=0x40aa40, proc=0x402b14 <process_arg>)
    at /archive/cvs/src/lib/librefuse/refuse_opt.c:298
#2  0x00000000004028f7 in main (argc=3, argv=0x7f7fffffd3e8)
    at fuse-zip.cpp:617
(gdb) fr 0
#0  0x0000000000402b8c in process_arg (data=0x40aa40,
    arg=0x7f7ffffff6b7 "/tmp/test.zip", key=-2, outargs=0x7f7fffffd380)
    at fuse-zip.cpp:572
572                 ++param->strArgCount;
(gdb) l
567                 param->version = true;
568                 return KEEP;
569             }
570
571             case FUSE_OPT_KEY_NONOPT: {
572                 ++param->strArgCount;
573                 switch (param->strArgCount) {
574                     case 1: {
575                         // zip file name
576                         param->fileName = arg;
(gdb) p param
$1 = (fusezip_param *) 0x40aa40
(gdb) p *param
$2 = {help = 22, version = 170, strArgCount = 0,
  fileName = 0xffffffff <Address 0xffffffff out of bounds>}

Any ideas?

Cheers,
 Thomas

[patch-aa  text/plain (243B)]
$NetBSD$

--- fuse-zip.cpp.orig   2010-01-26 12:00:17.000000000 +0000
+++ fuse-zip.cpp
@@ -34,7 +34,6 @@
 #include <unistd.h>
 #include <limits.h>
 #include <syslog.h>
-#include <sys/xattr.h>
 #include <sys/types.h>
 #include <sys/statvfs.h>

Reported by alexander.galanin on 2010-03-16 04:38:43

Comments (5)

  1. Former user Account Deleted

    ```

    After all the bug reports you've been sending us, I thought I'd give fuse-zip a try and built it on NetBSD :)

    I needed the attached patch to make it compile; the header doesn't exist on NetBSD and removing it didn't stop the compilation.

    This line has no effect on Linux too :) Thanks.

    However, when I try to mount a file system, I get:

    1. ./work.x86_64/fuse-zip-0.2.11/fuse-zip /tmp/test.zip /mnt Memory fault (core dumped)
    1. 0 0x0000000000402b8c in process_arg (data=0x40aa40, arg=0x7f7ffffff6b7 "/tmp/test.zip", key=-2, outargs=0x7f7fffffd380) at fuse-zip.cpp:572 572 ++param->strArgCount;

    Any ideas?

    According to comment in ReFUSE's refuse_opt.c, author does not know how to handle 'data' argument in fuse_opt_parse. So 'data' argument passed to fuse-zip's process_arg() unitialized.

    To fix this issue you can try to replace all occurencies of 'foo.data' in function fuse_opt_parse (refuse_opt.c) with 'data'. Patch:

    --- refuse_opt.c-old 2010-02-05 00:02:47.000000000 +0300 +++ refuse_opt.c 2010-02-05 00:36:27.000000000 +0300 @@ -283,7 +283,7 @@ return 0;

    if (args->argc == 1) - return proc(foo.data, *args->argv, FUSE_OPT_KEY_OPT, args); + return proc(data, *args->argv, FUSE_OPT_KEY_OPT, args);

    /* the real loop to process the arguments */ for (i = 1; i < args->argc; i++) { @@ -295,7 +295,7 @@ if (buf[0] != '-') {

    foo.key = FUSE_OPT_KEY_NONOPT; - rv = proc(foo.data, foo.option, foo.key, args); + rv = proc(data, foo.option, foo.key, args); if (rv != 0) break;

    @@ -345,12 +345,12 @@ /* process help/version argument */ if (foo.key != KEY_VERBOSE && foo.key != FUSE_OPT_KEY_KEEP) { - rv = proc(foo.data, foo.option, + rv = proc(data, foo.option, foo.key, args); break; } else { /* process verbose argument */ - rv = proc(foo.data, foo.option, + rv = proc(data, foo.option, foo.key, args); if (rv != 0) break;

    ```

    Reported by `alexander.galanin` on 2010-03-16 04:39:19

  2. Former user Account Deleted

    ``` From Thomas Klausner:

    According to comment in ReFUSE's refuse_opt.c, author does not know how to handle 'data' argument in fuse_opt_parse. So 'data' argument passed to fuse-zip's process_arg() unitialized.

    To fix this issue you can try to replace all occurencies of 'foo.data' in function fuse_opt_parse (refuse_opt.c) with 'data'. Patch:

    When using this patch, I get another core dump:

    Memory fault (core dumped)

    gdb says:

    1. 0 idalloc (ptr=0x7f7ffffff680) at /archive/cvs/src/lib/libc/stdlib/jemalloc.c:2512 2512 size = bin->reg_size; (gdb) bt
    2. 0 idalloc (ptr=0x7f7ffffff680) at /archive/cvs/src/lib/libc/stdlib/jemalloc.c:2512
    3. 1 0x00007f7ffc08bc73 in free (ptr=0x7f7ffffff680) at /archive/cvs/src/lib/libc/stdlib/jemalloc.c:3867
    4. 2 0x00007f7ffd80367d in fuse_opt_free_args (ap=0x7f7fffffd360) at /archive/cvs/src/lib/librefuse/refuse_opt.c:143
    5. 3 0x0000000000402665 in main () (gdb)

    Ideas?

    ```

    Reported by `alexander.galanin` on 2010-03-16 04:40:59

  3. Former user Account Deleted

    ``` Seems that option parsing algorithm in refuse are broken. I will try to make a patch. ```

    Reported by `alexander.galanin` on 2010-03-16 04:41:50

  4. Former user Account Deleted

    Reported by alexander.galanin on 2013-06-14 08:50:46 - Status changed: Accepted

  5. Alexander Galanin repo owner
    • changed status to wontfix
    • edited description

    Re-implementing FUSE cmdline parsing code for ReFUSE is too boring for me.

  6. Log in to comment
Assignee
Type
task
Priority
minor
Status
wontfix
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!