Project

General

Profile

Bug #2613

vty crashes on tab-completion

Added by dexter about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
libosmocore
Target version:
-
Start date:
11/02/2017
Due date:
% Done:

0%

Spec Reference:

Description

The problem is located in libosmocore, so it exists in all our products. It
looks like it is somehow liked to the tab-completion. The problem can be
triggered for example by logging into a vty and try to tab-complete some
items of the help menu, it seems to bail at the second level of tab completion.

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Welcome to the osmo-stp control interface

Copyright (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
Contributions by Holger Freyther, Neels Hofmeyr
License GPLv2+: GNU GPL Version 2 or later <http://gnu.org/licenses/gpl-2.0.html>
This is free software: you are free ot change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Free Software lives by contribution.  If you use this, please contribute!
osmo-stp> 
  show      Show running system information
  list      Print command list
  exit      Exit current mode and down to previous mode
  help      Description of the interactive help system
  enable    Turn on privileged mode command
  terminal  Set terminal line parameters
  who       Display who is on vty
  logging   Configure log message to this terminal
osmo-stp> h
osmo-stp> help 

Attached the logtext including backtrace.

osmo-stp.log osmo-stp.log 10.7 KB dexter, 11/02/2017 04:09 PM

History

#1 Updated by laforge about 2 years ago

  • Priority changed from Normal to Immediate

Please try to revert

commit e9e9e427b78271941a25a63567fc2ec2bb9e4433
Author: Pau Espin Pedrol <pespin@sysmocom.de>
Date:   Mon Oct 23 19:19:13 2017 +0200

It touches that very line.

#2 Updated by pespin about 2 years ago

It seems Neels already reverted the commit yesterday night:

Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Date:   Wed Nov 1 22:35:37 2017 +0000

    Revert "vty: Fix bad use of vector_slot()" 

    The patch seemed sensible, but introduces a segfault when hitting tab
    on the interactive VTY. Reproduction example:

      osmo-msc
      telnet 127.0.0.1 4254
      OsmoMSC> enable <TAB>

    So we need to understand what that line of code actually intends to do.
    Until then, revert this to avoid the segfault.

    The segfault happens at:

      Program received signal SIGSEGV, Segmentation fault.
      0x00007ffff7bc0894 in cmd_complete_command_real (vline=0x5555558d59e0, vty=0x5555558d57b0, status=0x7fffffffe024) at ../../../../src/libosmocore/src/vty/command.c:1953
      1953                if (*(char *)vector_slot(vline, index) == '\0')

    This reverts commit e9e9e427b78271941a25a63567fc2ec2bb9e4433.

    Change-Id: I3fe213bdfb96de9469aae64e67000dafee59302e

#3 Updated by pespin about 2 years ago

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff731c17a in cmd_complete_command_real (vline=vline@entry=0x55555597bc50, status=0x7fffffffde2c,
    vty=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/command.c:1953
1953                    if (*(char *)vector_slot(vline, index) == '\0')
(gdb) bt
#0  0x00007ffff731c17a in cmd_complete_command_real (vline=vline@entry=0x55555597bc50, status=0x7fffffffde2c,
    vty=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/command.c:1953
#1  0x00007ffff731d2b9 in cmd_complete_command (vline=vline@entry=0x55555597bc50, vty=vty@entry=0x555555962980,
    status=status@entry=0x7fffffffde2c) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/command.c:2039
#2  0x00007ffff731fb32 in vty_complete_command (vty=0x555555962980)
    at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/vty.c:1004
#3  vty_read (vty=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/vty.c:1428
#4  0x00007ffff7321789 in client_data (fd=0x55555597c908, what=1)
    at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/telnet_interface.c:132
#5  0x00007ffff6ee6731 in osmo_fd_disp_fds (_eset=0x7fffffffe1d0, _wset=0x7fffffffe150, _rset=0x7fffffffe0d0)
    at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/select.c:213
#6  osmo_select_main (polling=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/select.c:253
#7  0x00005555555655c7 in main (argc=<optimized out>, argv=0x7fffffffe3a8)
    at /home/pespin/dev/sysmocom/bin/../git/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:303
(gdb) print vline
$1 = (vector) 0x55555597bc50
(gdb) print *vline
$2 = {active = 2, alloced = 2, index = 0x55555597b9e0}
(gdb) print index
$3 = 1
(gdb) print (char*)vline->index[0]
$5 = 0x55555597c880 "help" 
(gdb) print (char*)vline->index[1]
$7 = 0x0

Which means vector_slot(vline, index) is NULL and not a empty string. Now the question is whether that's expected or if it should be an empty string.

#4 Updated by laforge about 2 years ago

We neeed to immediately tag + release a 0.10.2 for this fix,
there's no point in people having crashing VTYs. I'll take care of it.

#5 Updated by pespin about 2 years ago

I pushed a new patch to address the compilation warning properly: https://gerrit.osmocom.org/#/c/4672/

#6 Updated by dexter about 2 years ago

  • Status changed from New to Resolved

#7 Updated by laforge almost 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)