[Gambas-user] [Fwd: Gambas3 Pointers example] signal #6
Demosthenes Koptsis
demosthenesk at ...626...
Mon Jan 10 00:59:06 CET 2011
i attach the Projects in case you want to see them.
On Mon, 2011-01-10 at 01:54 +0200, Demosthenes Koptsis wrote:
> so i manage to make it work...
>
> i saw an example that said to use PATH_MAX+1
> https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/760-BSI.html
>
> so i did
>
> Example 1) ----------------------
> ' Gambas module file
> 'char *getcwd(char *buf, size_t size);
> Extern getcwd(buf As Pointer, size As Integer) As Pointer In "libc:6"
>
> Public Sub Main()
>
> Dim pFunc As Pointer
> Dim pBuf As Pointer
> Dim sWorkingDirectory As String
>
> 'getcwd
> pFunc = Alloc(4097)
> pBuf = Alloc(4097)
>
> pFunc = getcwd(pBuf, 4097)
>
> sWorkingDirectory = Str@(pFunc)
> Print sWorkingDirectory
> Free(pFunc)
> ' Free(pBuf)
> Print sWorkingDirectory
>
> End
> ----------------------
>
> a) note in 1st example that
> Print sWorkingDirectory
> Free(pFunc)
> Print sWorkingDirectory
>
> first print gives the correct output
> /home/user/Documents/Development/Gambas3/Pointers7
>
> and the second after Free(pFunc) gives this
> �s&^@^@^@^@^@^@^@^@^@ocuments/Development/Gambas3/Pointers7
>
> b) if i use Free(pBuf)
> i get signal #6
> and
> *** glibc detected *** Pointers7: double free or corruption (!prev):
> 0x087c94c0 ***
>
> Example 2 --------------------
> ' Gambas module file
> 'char *get_current_dir_name(void);
> Extern get_current_dir_name() As Pointer In "libc:6"
>
> Public Sub Main()
>
> Dim pFunc As Pointer
> Dim sWorkingDirectory As String
>
> 'get_current_dir_name
> pFunc = Alloc(4097)
>
> pFunc = get_current_dir_name()
>
> sWorkingDirectory = Str@(pFunc)
> Print sWorkingDirectory
> Free(pFunc)
>
> End
> -----------------------
> here i get correct results
> but if i use Free(pFunc) i get signal #11
>
>
>
> Example 3 ---------------------------
> ' Gambas module file
> ' Gambas module file
> 'char *getwd(char *buf);
> Extern getwd(buf As Pointer) As Pointer In "libc:6"
>
> Public Sub Main()
>
> Dim pBuf As Pointer
> Dim pFunc As Pointer
> Dim sWorkingDirectory As String
>
> 'getwd
> pBuf = Alloc(4097)
> pFunc = Alloc(4097)
>
> pFunc = getwd(pBuf)
>
> sWorkingDirectory = Str@(pFunc)
> ' Free(pBuf)
> Print sWorkingDirectory
> Free(pFunc)
> Print sWorkingDirectory
>
> End
> --------------------------
>
> here the same with example1.
> Free(pBuf)
> Free(pFunc)
> raises both signal #6
> and
> *** glibc detected *** Pointers5: double free or corruption (!prev):
> 0x09b0e4a8 ***
>
> also
> Print sWorkingDirectory
> Free(pFunc)
> Print sWorkingDirectory
>
> first Print is correct
> second after Free is not correct
>
> /home/user/Documents/Development/Gambas3/Pointers5
> �s&^@^@^@^@^@^@^@^@^@ocuments/Development/Gambas3/Pointers5
>
>
>
> On Mon, 2011-01-10 at 01:16 +0200, Demosthenes Koptsis wrote:
> > 1) Ok, i found why this function is dangerous.
> > https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/760-BSI.html
> > "Since the user cannot specify the length of the buffer passed to
> > getwd(), use of this function is discouraged. The length of a pathname
> > described in {PATH_MAX} is file system-dependent and may vary from one
> > mount point to another, or might even be unlimited. It is possible to
> > overflow this buffer in such a way as to cause applications to fail or
> > possible system security violations."
> >
> > But here i make a test no real life project.
> >
> > 2) So, i found in /usr/include/linux/limits.h
> > Line Number: 12
> > #define PATH_MAX 4096 /* # chars in a path name including nul */
> >
> > is this the value?
> >
> > i tried this value in my example with no success, i make somewhere else
> > the mistake.
> >
> > ---------------
> > ' Gambas module file
> > ' Gambas module file
> > 'char *getwd(char *buf);
> > Extern getwd(buf As Pointer) As Pointer In "libc:6"
> >
> > Public Sub Main()
> >
> > Dim pBuf As Pointer
> > Dim pFunc As Pointer
> > Dim sWorkingDirectory As String
> >
> > 'getwd
> > pBuf = Alloc(4096)
> > pFunc = Alloc(4096)
> >
> > pFunc = getwd(pBuf)
> >
> > sWorkingDirectory = Str@(pFunc)
> > Free(pFunc)
> > Free(pBuf)
> > Print sWorkingDirectory
> >
> > End
> > ---------------
> >
> > signal #6
> >
> > ----------------
> > *** glibc detected *** Pointers5: double free or corruption (!prev):
> > 0x0893f498 ***
> > ======= Backtrace: =========
> > /lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x17b591]
> > /lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0x17cde8]
> > /lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x17fecd]
> > Pointers5[0x805ed2e]
> > Pointers5[0x8076a6a]
> > Pointers5[0x8050a99]
> > Pointers5[0x80513d8]
> > Pointers5[0x80689cd]
> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x126bd6]
> > Pointers5[0x804b151]
> > ======= Memory map: ========
> > 00110000-00263000 r-xp 00000000 08:04
> > 2019753 /lib/tls/i686/cmov/libc-2.11.1.so
> > 00263000-00264000 ---p 00153000 08:04
> > 2019753 /lib/tls/i686/cmov/libc-2.11.1.so
> > 00264000-00266000 r--p 00153000 08:04
> > 2019753 /lib/tls/i686/cmov/libc-2.11.1.so
> > 00266000-00267000 rw-p 00155000 08:04
> > 2019753 /lib/tls/i686/cmov/libc-2.11.1.so
> > 00267000-0026a000 rw-p 00000000 00:00 0
> > 00428000-00438000 r-xp 00000000 08:04
> > 1906544 /usr/local/lib/gambas3/gb.eval.so.0.0.0
> > 00438000-00439000 r--p 0000f000 08:04
> > 1906544 /usr/local/lib/gambas3/gb.eval.so.0.0.0
> > 00439000-0043b000 rw-p 00010000 08:04
> > 1906544 /usr/local/lib/gambas3/gb.eval.so.0.0.0
> > 0043b000-0043c000 rw-p 00000000 00:00 0
> > 0046e000-0046f000 r-xp 00000000 00:00 0 [vdso]
> > 006c9000-006ce000 r-xp 00000000 08:04
> > 688690 /usr/lib/libffi.so.5.0.10
> > 006ce000-006cf000 ---p 00005000 08:04
> > 688690 /usr/lib/libffi.so.5.0.10
> > 006cf000-006d0000 r--p 00005000 08:04
> > 688690 /usr/lib/libffi.so.5.0.10
> > 006d0000-006d1000 rw-p 00006000 08:04
> > 688690 /usr/lib/libffi.so.5.0.10
> > 00739000-0075d000 r-xp 00000000 08:04
> > 2019761 /lib/tls/i686/cmov/libm-2.11.1.so
> > 0075d000-0075e000 r--p 00023000 08:04
> > 2019761 /lib/tls/i686/cmov/libm-2.11.1.so
> > 0075e000-0075f000 rw-p 00024000 08:04
> > 2019761 /lib/tls/i686/cmov/libm-2.11.1.so
> > 00aa5000-00ac2000 r-xp 00000000 08:04 1995027 /lib/libgcc_s.so.1
> > 00ac2000-00ac3000 r--p 0001c000 08:04 1995027 /lib/libgcc_s.so.1
> > 00ac3000-00ac4000 rw-p 0001d000 08:04 1995027 /lib/libgcc_s.so.1
> > 00bca000-00bcc000 r-xp 00000000 08:04
> > 2019759 /lib/tls/i686/cmov/libdl-2.11.1.so
> > 00bcc000-00bcd000 r--p 00001000 08:04
> > 2019759 /lib/tls/i686/cmov/libdl-2.11.1.so
> > 00bcd000-00bce000 rw-p 00002000 08:04
> > 2019759 /lib/tls/i686/cmov/libdl-2.11.1.so
> > 00c25000-00c3a000 r-xp 00000000 08:04
> > 2019772 /lib/tls/i686/cmov/libpthread-2.11.1.so
> > 00c3a000-00c3b000 r--p 00014000 08:04
> > 2019772 /lib/tls/i686/cmov/libpthread-2.11.1.so
> > 00c3b000-00c3c000 rw-p 00015000 08:04
> > 2019772 /lib/tls/i686/cmov/libpthread-2.11.1.so
> > 00c3c000-00c3e000 rw-p 00000000 00:00 0
> > 00dc3000-00dc7000 r-xp 00000000 08:04
> > 1906676 /usr/local/lib/gambas3/gb.debug.so.0.0.0
> > 00dc7000-00dc8000 r--p 00003000 08:04
> > 1906676 /usr/local/lib/gambas3/gb.debug.so.0.0.0
> > 00dc8000-00dc9000 rw-p 00004000 08:04
> > 1906676 /usr/local/lib/gambas3/gb.debug.so.0.0.0
> > 00eeb000-00f06000 r-xp 00000000 08:04 1996732 /lib/ld-2.11.1.so
> > 00f06000-00f07000 r--p 0001a000 08:04 1996732 /lib/ld-2.11.1.so
> > 00f07000-00f08000 rw-p 0001b000 08:04 1996732 /lib/ld-2.11.1.so
> > 08048000-0807e000 r-xp 00000000 08:04 1785292 /usr/local/bin/gbx3
> > 0807e000-0807f000 r--p 00035000 08:04 1785292 /usr/local/bin/gbx3
> > 0807f000-08084000 rw-p 00036000 08:04 1785292 /usr/local/bin/gbx3
> > 08084000-08086000 rw-p 00000000 00:00 0
> > 08932000-08953000 rw-p 00000000 00:00 0 [heap]
> > b7500000-b7521000 rw-p 00000000 00:00 0
> > b7521000-b7600000 ---p 00000000 00:00 0
> > b768a000-b76c9000 r--p 00000000 08:04
> > 737484 /usr/lib/locale/en_US.utf8/LC_CTYPE
> > b76c9000-b77e7000 r--p 00000000 08:04
> > 737483 /usr/lib/locale/en_US.utf8/LC_COLLATE
> > b77e7000-b77e9000 rw-p 00000000 00:00 0
> > b77f1000-b77f2000 r--p 00000000 08:04
> > 737500 /usr/lib/locale/en_US.utf8/LC_NUMERIC
> > b77f2000-b77f3000 r--p 00000000 08:04
> > 735917 /usr/lib/locale/en_US.utf8/LC_TIME
> > b77f3000-b77f4000 r--p 00000000 08:04
> > 735918 /usr/lib/locale/en_US.utf8/LC_MONETARY
> > b77f4000-b77f5000 r--p 00000000 08:04
> > 752258 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
> > b77f5000-b77f6000 r--p 00000000 08:04
> > 737523 /usr/lib/locale/en_US.utf8/LC_PAPER
> > b77f6000-b77f7000 r--p 00000000 08:04
> > 737455 /usr/lib/locale/en_US.utf8/LC_NAME
> > b77f7000-b77f8000 r--p 00000000 08:04
> > 735919 /usr/lib/locale/en_US.utf8/LC_ADDRESS
> > b77f8000-b77f9000 r--p 00000000 08:04
> > 735920 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
> > b77f9000-b77fa000 r--p 00000000 08:04
> > 737398 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
> > b77fa000-b7801000 r--s 00000000 08:04
> > 1619066 /usr/lib/gconv/gconv-modules.cache
> > b7801000-b7802000 r--p 00000000 08:04
> > 735921 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
> > b7802000-b7806000 rw-p 00000000 00:00 0
> > bfa53000-bfa68000 rw-p 00000000 00:00 0 [stack]
> >
> > ----------------
> >
> > i saw that the first line says
> > *** glibc detected *** Pointers5: double free or corruption (!prev)
> >
> > and i rem the one Free().
> >
> > now i get
> > --------------
> > gbx3: warning: 1 allocation(s) non freed.
> >
> > ��m^@^@^@^@^@^@^@^@^@ocuments/Development/Gambas3/Pointers5
> > --------------
> >
> > but no crash.
> >
> > i played with the values of Alloc and i found that in my case a 29 bytes
> > are ok but with one Free() or else i get signal #11.
> >
> > is there a bug with
> > Free(pBuf)
> > Free(pFunc)
> > ?
> >
> > 3) On the other hand, i have a general question.
> > How to deal with char *pointers when their length is not known?
> >
> > 4) For example i try to use
> > 'char *get_current_dir_name(void);
> > Extern get_current_dir_name() As Pointer In "libc:6"
> >
> > again with no success.
> >
> > in manuall says:
> > get_current_dir_name() will malloc(3) an array big enough to hold the
> > absolute pathname of the current working directory.
> >
> > in my example:
> >
> > ---------------------
> > ' Gambas module file
> > 'char *get_current_dir_name(void);
> > Extern get_current_dir_name() As Pointer In "libc:6"
> >
> > Public Sub Main()
> >
> > Dim pFunc As Pointer
> > Dim sWorkingDirectory As String
> >
> > 'get_current_dir_name
> > pFunc = Alloc(4096)
> >
> > pFunc = get_current_dir_name()
> >
> > sWorkingDirectory = Str@(pFunc)
> > ' Free(pFunc)
> > Print sWorkingDirectory
> >
> >
> > End
> > ---------------------
> >
> > if i use
> > Free(pFunc)
> >
> > i get signal #11
> >
> > gambas3-svn3418, ubuntu 10.04
> >
> >
> > On Sun, 2011-01-09 at 21:37 +0100, Benoît Minisini wrote:
> > > > so what can i do for
> > > >
> > > > char *getwd(char *buf);
> > > >
> > > > ?
> > > >
> > >
> > > You must know C programming first, and understand how getwd works. By typing
> > > 'man getwd', you will learn that you must not use that function, it is
> > > dangerous and so deprecated.
> > >
> > > Then you will read that buf must be a pointer to a memory allocation of
> > > PATH_MAX bytes. You must find the value of this constant inside the standard C
> > > header files.
> > >
> > > SizeOf(gb.String) is 4 (on 32 bits system). It is the number of bytes used by
> > > Gambas to store a pointer to a Gambas string. This is the reason why you get a
> > > crash.
> > >
> > > Regards,
> > >
> >
>
--
Regards,
Demosthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Pointers.tar.bz2
Type: application/x-bzip-compressed-tar
Size: 6894 bytes
Desc: not available
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20110110/f9250046/attachment.bin>
More information about the User
mailing list