Bug #2613
closed
vty crashes on tab-completion
Added by dexter over 6 years ago.
Updated about 6 years ago.
Description
The problem is located in libosmocore, so it exists in all our products. It
looks like it is somehow liked to the tab-completion. The problem can be
triggered for example by logging into a vty and try to tab-complete some
items of the help menu, it seems to bail at the second level of tab completion.
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Welcome to the osmo-stp control interface
Copyright (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
Contributions by Holger Freyther, Neels Hofmeyr
License GPLv2+: GNU GPL Version 2 or later <http://gnu.org/licenses/gpl-2.0.html>
This is free software: you are free ot change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Free Software lives by contribution. If you use this, please contribute!
osmo-stp>
show Show running system information
list Print command list
exit Exit current mode and down to previous mode
help Description of the interactive help system
enable Turn on privileged mode command
terminal Set terminal line parameters
who Display who is on vty
logging Configure log message to this terminal
osmo-stp> h
osmo-stp> help
Attached the logtext including backtrace.
Files
- Priority changed from Normal to Immediate
Please try to revert
commit e9e9e427b78271941a25a63567fc2ec2bb9e4433
Author: Pau Espin Pedrol <pespin@sysmocom.de>
Date: Mon Oct 23 19:19:13 2017 +0200
It touches that very line.
It seems Neels already reverted the commit yesterday night:
Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Date: Wed Nov 1 22:35:37 2017 +0000
Revert "vty: Fix bad use of vector_slot()"
The patch seemed sensible, but introduces a segfault when hitting tab
on the interactive VTY. Reproduction example:
osmo-msc
telnet 127.0.0.1 4254
OsmoMSC> enable <TAB>
So we need to understand what that line of code actually intends to do.
Until then, revert this to avoid the segfault.
The segfault happens at:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bc0894 in cmd_complete_command_real (vline=0x5555558d59e0, vty=0x5555558d57b0, status=0x7fffffffe024) at ../../../../src/libosmocore/src/vty/command.c:1953
1953 if (*(char *)vector_slot(vline, index) == '\0')
This reverts commit e9e9e427b78271941a25a63567fc2ec2bb9e4433.
Change-Id: I3fe213bdfb96de9469aae64e67000dafee59302e
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff731c17a in cmd_complete_command_real (vline=vline@entry=0x55555597bc50, status=0x7fffffffde2c,
vty=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/command.c:1953
1953 if (*(char *)vector_slot(vline, index) == '\0')
(gdb) bt
#0 0x00007ffff731c17a in cmd_complete_command_real (vline=vline@entry=0x55555597bc50, status=0x7fffffffde2c,
vty=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/command.c:1953
#1 0x00007ffff731d2b9 in cmd_complete_command (vline=vline@entry=0x55555597bc50, vty=vty@entry=0x555555962980,
status=status@entry=0x7fffffffde2c) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/command.c:2039
#2 0x00007ffff731fb32 in vty_complete_command (vty=0x555555962980)
at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/vty.c:1004
#3 vty_read (vty=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/vty.c:1428
#4 0x00007ffff7321789 in client_data (fd=0x55555597c908, what=1)
at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/vty/telnet_interface.c:132
#5 0x00007ffff6ee6731 in osmo_fd_disp_fds (_eset=0x7fffffffe1d0, _wset=0x7fffffffe150, _rset=0x7fffffffe0d0)
at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/select.c:213
#6 osmo_select_main (polling=<optimized out>) at /home/pespin/dev/sysmocom/bin/../git/libosmocore/src/select.c:253
#7 0x00005555555655c7 in main (argc=<optimized out>, argv=0x7fffffffe3a8)
at /home/pespin/dev/sysmocom/bin/../git/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:303
(gdb) print vline
$1 = (vector) 0x55555597bc50
(gdb) print *vline
$2 = {active = 2, alloced = 2, index = 0x55555597b9e0}
(gdb) print index
$3 = 1
(gdb) print (char*)vline->index[0]
$5 = 0x55555597c880 "help"
(gdb) print (char*)vline->index[1]
$7 = 0x0
Which means vector_slot(vline, index) is NULL and not a empty string. Now the question is whether that's expected or if it should be an empty string.
We neeed to immediately tag + release a 0.10.2 for this fix,
there's no point in people having crashing VTYs. I'll take care of it.
- Status changed from New to Resolved
- Status changed from Resolved to Closed
Also available in: Atom
PDF