Menu

#540 Segfault in afpd due to variadic macro syntax?

None
closed
nobody
None
1
2015-02-28
2013-12-08
Dimitar Dimitrov
No

Problem

I compiled Netatalk 3.1.0 from source on a Debian machine. I migrated my configs from 2.2.x following the migration guide. I use netatalk for Time Machine backups. When afpd tries to register the volume I've defined with Time Machine support, it was segfaulting (that is, immediatelly upon startup). Find the SBT below. It originates at line 153 of etc/afpd/afp_mdns.c and ends up in vprintf() in libc.

Solution

I dug for a while and suddenly found that the problem lies in the variadic macro TXTRecordKeyPrintf. If I change the syntax of its definiton from:

#define TXTRecordKeyPrintf(rec, k, var, args, ...) {

to:

#define TXTRecordKeyPrintf(rec, k, var, args...) {

The problem goes away. No more segfaults.

I traced this change back to 418235a8c1 but I don't see any reasoning to what exactly does this commit fix. My C is pretty rusty, but I consulted the GCC guides for macros with variable arguments and the way I understand it is that one either uses the , ... syntax along with __VA_ARGS__ or uses the old args... syntax and uses args below. I may be wrong.

Any clues to why this might be happening? I guess there's a reason for this "variadic macro syntax fix", but what exactly is it? How could we fix this for my environment?

Environment

Netatalk 3.1.0 and 3.0.6
gcc version 4.4.6 (Debian 4.4.6-7)
Linux version 2.6.26-1-686 (Debian 2.6.26-4) (waldi@debian.org) (gcc version 4.1.3 20080623 (prerelease) (Debian 4.1.2-23)) #1 SMP Thu Aug 28 12:00:54 UTC 2008

Compiled with:

./configure --enable-tcp-wrappers --enable-debian --without-ldap --with-acls --enable-zeroconf --with-init-style=debian

SBT:

(gdb) bt full
#0  0xb7eee424 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb792a941 in raise () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb792dd72 in abort () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb7e96e5e in fault_report (sig=11) at fault.c:139
    counter = 1
#4  0xb7e96e6f in sig_fault (sig=11) at fault.c:147
No locals.
#5  <signal handler called>
No symbol table info available.
#6  0xb793eaa6 in vfprintf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#7  0xb7962d77 in vasprintf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#8  0xb79472cb in asprintf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#9  0x08052fa4 in register_stuff (obj=0x80ab220) at afp_mdns.c:153
    key = 0x9356ab0 "dk0"
    str = 0xb7e60560 ")%"
    port = 1
    volume = (const struct vol *) 0x9343248
    dsi = (DSI *) 0x32
    name = "b??\a", '\0' <repeats 31 times>, "\004\004\000\0006?\004\b\003\003\000\000\000\000\000\000\000\000\000\000?6\006\000?\201\000"
    error = 0
    txt_adisk = {PrivateData = "\230i5\t???\230y5\t\214#??", ForceNaturalAlignment = 0x9356998 "0j5\t0j5\t\026"}
    txt_devinfo = {PrivateData = "\000\000\000\000\230\222п@'?𣥷", ForceNaturalAlignment = 0x0}
    tmpname = "Midori Backup\000?d\221п`\005?X\221пd??\000\000\000\000@J\211?\001\000\000\000\000\000\000\000\001\000\000\000X??", '\0' <repeats 32 times>, "?\221пX\221пd\221п\000\000\000\000X??", '\0' <repeats 12 times>, "?W?", '\0' <repeats 48 times>, "?p??\230?η\000\000\000\000????????W?\001\000\000\000?\221п\226??\020??@J\211?\001\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000?2?8*\a\000\000???p?????\000\000\000"
    i = 1
#10 0x08053718 in md_zeroconf_register (obj=0x80ab220) at afp_mdns.c:294
    error = 0
#11 0x0805431b in zeroconf_register (configs=0x80ab220) at afp_zeroconf.c:32
No locals.
#12 0x08050bee in configinit (obj=0x80ab220) at afp_config.c:213
    ret = 0
    dsi = (DSI *) 0x9344b58
    next = (DSI **) 0x9344b58
    p = 0x0
    q = 0x0
    savep = 0x0
    r = 0xbfd09308 "h\224п\2269\a\b ?\n\b<\223п"
    ifaddr = (struct ifaddrs *) 0x0
    ifa = (struct ifaddrs *) 0xb7af38b3
    family = 3
---Type <return> to continue, or q <return> to quit---

Excerpt from the logfile (log level "info"):

Dec 08 15:11:05.541149 netatalk[27504] {netatalk_conf.c:196} (W:AFPDaemon): volume "Midori Backup" does not support Extended Attributes or read-only volume
Dec 08 15:11:05.541389 netatalk[27504] {netatalk.c:359} (N:Default): Netatalk AFP server starting
Dec 08 15:11:05.549796 afpd[27505] {status.c:644} (I:AFPDaemon): signature is 1AD4E3CF5421D9DC96F712A468082195
Dec 08 15:11:05.552929 cnid_metad[27506] {netatalk_conf.c:196} (W:AFPDaemon): volume "Midori Backup" does not support Extended Attributes or read-only volume
Dec 08 15:11:05.553577 afpd[27505] {auth.c:110} (I:AFPDaemon): uam: "DHX2" available
Dec 08 15:11:05.553716 afpd[27505] {auth.c:110} (I:AFPDaemon): uam: "DHCAST128" available
Dec 08 15:11:05.553790 afpd[27505] {status.c:363} (I:AFPDaemon): servername: deedee
Dec 08 15:11:05.553896 afpd[27505] {afp_config.c:202} (N:AFPDaemon): Netatalk AFP/TCP listening on 24.6.45.120:548
Dec 08 15:11:05.554316 cnid_metad[27506] {cnid_metad.c:479} (N:AFPDaemon): CNID Server listening on localhost:4700
Dec 08 15:11:05.554565 afpd[27505] {netatalk_conf.c:196} (W:AFPDaemon): volume "Midori Backup" does not support Extended Attributes or read-only volume
Dec 08 15:11:05.555355 afpd[27505] {afp_mdns.c:152} (I:AFPDaemon): Registering volume 'Midori Backup' with UUID: '2E02EDD1-C7C8-A739-3C54-5F791EBE1835' for TimeMachine
Dec 08 15:11:05.555570 afpd[27505] {fault.c:123} (S:Default): ===============================================================
Dec 08 15:11:05.555738 afpd[27505] {fault.c:124} (S:Default): INTERNAL ERROR: Signal 11 in pid 27505 (3.1.0)
Dec 08 15:11:05.555948 afpd[27505] {fault.c:125} (S:Default): ===============================================================
Dec 08 15:11:05.556621 afpd[27505] {fault.c:96} (S:Default): PANIC: internal error
Dec 08 15:11:05.556814 afpd[27505] {fault.c:97} (S:Default): BACKTRACE: 13 stack frames:
Dec 08 15:11:05.557026 afpd[27505] {fault.c:103} (S:Default):  #0 /usr/local/lib/libatalk.so.12(netatalk_panic+0x2b) [0xb7f64bcd]
Dec 08 15:11:05.557199 afpd[27505] {fault.c:103} (S:Default):  #1 /usr/local/lib/libatalk.so.12(+0x39e12) [0xb7f64e12]
Dec 08 15:11:05.557368 afpd[27505] {fault.c:103} (S:Default):  #2 /usr/local/lib/libatalk.so.12(+0x39e6f) [0xb7f64e6f]
Dec 08 15:11:05.557537 afpd[27505] {fault.c:103} (S:Default):  #3 [0xb7fbc400]
Dec 08 15:11:05.557714 afpd[27505] {fault.c:103} (S:Default):  #4 /lib/i386-linux-gnu/i686/cmov/libc.so.6(vasprintf+0xb7) [0xb7a30d77]
Dec 08 15:11:05.557925 afpd[27505] {fault.c:103} (S:Default):  #5 /lib/i386-linux-gnu/i686/cmov/libc.so.6(asprintf+0x2b) [0xb7a152cb]
Dec 08 15:11:05.558103 afpd[27505] {fault.c:103} (S:Default):  #6 /usr/local/sbin/afpd() [0x8052fa4]
Dec 08 15:11:05.558293 afpd[27505] {fault.c:103} (S:Default):  #7 /usr/local/sbin/afpd(md_zeroconf_register+0x11) [0x8053718]
Dec 08 15:11:05.558463 afpd[27505] {fault.c:103} (S:Default):  #8 /usr/local/sbin/afpd(zeroconf_register+0x47) [0x805431b]
Dec 08 15:11:05.558629 afpd[27505] {fault.c:103} (S:Default):  #9 /usr/local/sbin/afpd(configinit+0x656) [0x8050bee]
Dec 08 15:11:05.558828 afpd[27505] {fault.c:103} (S:Default):  #10 /usr/local/sbin/afpd(main+0x87b) [0x8073996]
Dec 08 15:11:05.559004 afpd[27505] {fault.c:103} (S:Default):  #11 /lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb79e4e46]
Dec 08 15:11:05.559194 afpd[27505] {fault.c:103} (S:Default):  #12 /usr/local/sbin/afpd() [0x8050471]
Dec 08 15:11:05.563650 netatalk[27504] {netatalk.c:200} (I:Default): child[27505]: killed by signal 6
Dec 08 15:11:06.546157 netatalk[27504] {netatalk.c:227} (N:AFPDaemon): Restarting 'afpd' (restarts: 1)

Discussion

  • Ralph Böhme

    Ralph Böhme - 2014-01-09
    • status: open --> closed
    • Group: -->
     

Log in to post a comment.