#12 segfault with thinkfan.conf.simple

None
closed
None
5
2014-06-11
2014-04-26
Evgeni Golov
No

Hi,

I just tried to import 0.9.1 into Debian and found an interesting bug.

thinkfan.conf.simple has the following content:

(0, 0, 55)
(1, 48, 60)
(2, 50, 61)
(3, 52, 63)
(4, 56, 65)
(5, 59, 66)
(7, 63, 32767)

This lets thinkfan segfault, as parse_sensor does not assign any "get_temp" to the sensor and config->sensors[sensoridx].get_temp() will try to call a NULL pointer. Adding "tp_thermal /proc/acpi/ibm/thermal (0, 10, 15, 2, 10, 5, 0, 3, 0, 3)
" to the file fixes the issue, as it will now assign get_temp_ibm as get_temp.

As .simple is the config Debian ships per default (and worked in 0.8 just fine), I consider this bug pretty grave, as it hinders upgrades w/o user-interaction :(

Discussion

  • Victor Mataré
    Victor Mataré
    2014-04-27

    Thanks for reporting. Should be fixed by GIT commit 0f330eb in the current master. Could you please test with the latest code from GIT and report back, then I'll make a new release package >>
    git clone git://git.code.sf.net/p/thinkfan/code thinkfan-code

     
    Last edit: Victor Mataré 2014-04-27
  • Victor Mataré
    Victor Mataré
    2014-04-27

    • status: open --> accepted
    • assigned_to: Victor Mataré
    • Group: -->
     
  • Evgeni Golov
    Evgeni Golov
    2014-04-28

    Nope, this does not help. Getting a malloc assertion now:

    GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1)
    Copyright (C) 2013 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "x86_64-linux-gnu".
    For bug reporting instructions, please see:
    <http://www.gnu.org/software/gdb/bugs/>...
    Reading symbols from /home/evgeni/Debian/thinkfan/build/thinkfan...done.
    (gdb) run
    Starting program: /home/evgeni/Debian/thinkfan/build/./thinkfan -n
    warning: Could not load shared library symbols for linux-vdso.so.1.
    Do you need "set solib-search-path" or "set sysroot"?
    
    WARNING: Using default fan control in /proc/acpi/ibm/fan.
    
    WARNING: Using default temperature inputs in /proc/acpi/ibm/thermal.
    
    WARNING: You're using simple temperature limits without correction values, and your fan will only start at 55 °C. This can be dangerous for your hard drive.
    *** Error in `/home/evgeni/Debian/thinkfan/build/./thinkfan': malloc(): memory corruption: 0x000000000060a450 ***
    thinkfan: malloc.c:2368: sysmalloc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
    
    Program received signal SIGABRT, Aborted.
    0x00007ffff7a693a9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
    56  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
    (gdb) bt full
    #0  0x00007ffff7a693a9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
            resultvar = 0
            pid = 8436
            selftid = 8436
    #1  0x00007ffff7a6c4c8 in __GI_abort () at abort.c:89
            save_stage = 2
            act = {__sigaction_handler = {sa_handler = 0x7fffffffe280, sa_sigaction = 0x7fffffffe280}, sa_mask = {__val = {8, 0, 140733193388072, 140737488347920, 
                  140737488347808, 140737488348256, 140737351953719, 140737488349326, 140737349511145, 140737488347920, 8319678423755091553, 8372030501743978864, 1, 
                  140737349511145, 10000, 568}}, sa_flags = -136481248, sa_restorer = 0x7ffff7dd8060 <_IO_2_1_stderr_>}
            sigs = {__val = {32, 0 <repeats 15 times>}}
    #2  0x00007ffff7aabd0d in __malloc_assert (
        assertion=assertion@entry=0x7ffff7b9ac40 "(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offs"..., file=file@entry=0x7ffff7b966d1 "malloc.c", line=line@entry=2368, 
        function=function@entry=0x7ffff7b96a58 <__func__.11276> "sysmalloc") at malloc.c:290
    No locals.
    #3  0x00007ffff7aae889 in sysmalloc (av=0x7ffff7dd7620 <main_arena>, nb=576) at malloc.c:2365
            old_top = 0x60a440
            snd_brk = 0x0
            front_misalign = <optimized out>
            remainder = <optimized out>
            tried_mmap = <optimized out>
            old_size = 0
            size = <optimized out>
            old_end = 0x60a440 ""
            brk = 0x0
            correction = <optimized out>
            end_misalign = <optimized out>
            sum = <optimized out>
            aligned_brk = <optimized out>
            p = <optimized out>
            remainder_size = <optimized out>
            pagemask = 4095
    #4  _int_malloc (av=0x7ffff7dd7620 <main_arena>, bytes=568) at malloc.c:3743
            iters = <optimized out>
            nb = 576
            idx = <optimized out>
            bin = <optimized out>
            victim = <optimized out>
            size = <optimized out>
            victim_index = <optimized out>
            remainder = <optimized out>
            remainder_size = <optimized out>
            block = <optimized out>
            bit = <optimized out>
            map = <optimized out>
            fwd = <optimized out>
            bck = <optimized out>
            errstr = 0x0
            __func__ = "_int_malloc"
    #5  0x00007ffff7aafc80 in __GI___libc_malloc (bytes=568) at malloc.c:2858
            ar_ptr = 0x7ffff7dd7620 <main_arena>
            victim = 0x6
            __func__ = "__libc_malloc"
    #6  0x00007ffff7a9dd5d in __fopen_internal (filename=0x4080e8 "/proc/acpi/ibm/fan", mode=0x408130 "r+", is32=1) at iofopen.c:73
            new_f = <optimized out>
    #7  0x00000000004062c7 in init_fan_ibm () at /home/evgeni/Debian/thinkfan/system.c:149
            line = 0x0
            count = 0
            ibm_fan = 0x7fffffffe490
    #8  0x00000000004031b5 in run () at /home/evgeni/Debian/thinkfan/thinkfan.c:371
            ret = 0
            childpid = 0
            newconfig = 0x0
            pidfile = 0x0
    #9  0x0000000000403088 in main (argc=2, argv=0x7fffffffe658) at /home/evgeni/Debian/thinkfan/thinkfan.c:338
            opt = -1
            ret = 0
            invalid = 0x4070d9 ""
            handler = {__sigaction_handler = {sa_handler = 0x402a7e <sig_handler>, sa_sigaction = 0x402a7e <sig_handler>}, sa_mask = {__val = {0 <repeats 16 times>}}, 
              sa_flags = 0, sa_restorer = 0x0}
            optstring = 0x4070ed "c:s:b:p::hnqDz"
    
     
  • Victor Mataré
    Victor Mataré
    2014-04-28

    Haha, forgot that I'm not dealing with a cleanly structured memory management here ;-)
    In the long run, this thing should really be rewritten in proper, object oriented C++. Anyways, current HEAD should fix it for real, now.

     
  • Evgeni Golov
    Evgeni Golov
    2014-04-28

    yepp, works fine now. feel free to apply my patches I sent you and release :)

     
  • Evgeni Golov
    Evgeni Golov
    2014-04-29

    Thanks, just uploaded 0.9.2 to unstable. Where is the "close" button in this nice UI?

     
  • Victor Mataré
    Victor Mataré
    2014-06-11

    • status: accepted --> closed