* [BUG] readline history
@ 2014-08-28 7:50 Teresa Gamez
2014-08-28 8:35 ` Alexander Aring
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Teresa Gamez @ 2014-08-28 7:50 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox
Hello Sascha,
I noticed a bug on the latest master.
When no history is present and I hit the arrow up key, I get:
unable to handle NULL pointer dereference at address 0x00000001
pc : [<9fe243ba>] lr : [<9fe268cf>]
sp : 9ffff9d0 ip : 00000016 fp : 00000002
r10: 00000001 r9 : 9fe549dc r8 : 9fe65d08
r7 : 00000400 r6 : 00000001 r5 : 00000000 r4 : 9fe66258
r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 9fe66258
Flags: nZCv IRQs off FIQs on Mode SVC_32
[<9fe243ba>] (strcpy+0xa/0xe) from [<9fe268cf>] (readline+0x363/0x4e0)
[<9fe268cf>] (readline+0x363/0x4e0) from [<9fe05469>] (file_get
+0x49/0x110)
I could bisect it to this commit:
ada160a34a1ec8421d5bb7b9dd746294668a5130 is the first bad commit
commit ada160a34a1ec8421d5bb7b9dd746294668a5130
Author: Sascha Hauer <s.hauer@pengutronix.de>
Date: Tue Jul 29 11:54:26 2014 +0200
readline: reimplement history functions
...
Regards,
Teresa
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [BUG] readline history 2014-08-28 7:50 [BUG] readline history Teresa Gamez @ 2014-08-28 8:35 ` Alexander Aring 2014-08-28 9:25 ` Alexander Aring 2014-09-01 8:30 ` Sascha Hauer 2 siblings, 0 replies; 7+ messages in thread From: Alexander Aring @ 2014-08-28 8:35 UTC (permalink / raw) To: Teresa Gamez; +Cc: barebox On Thu, Aug 28, 2014 at 09:50:05AM +0200, Teresa Gamez wrote: > Hello Sascha, > > I noticed a bug on the latest master. > When no history is present and I hit the arrow up key, I get: > > unable to handle NULL pointer dereference at address 0x00000001 > pc : [<9fe243ba>] lr : [<9fe268cf>] > sp : 9ffff9d0 ip : 00000016 fp : 00000002 > r10: 00000001 r9 : 9fe549dc r8 : 9fe65d08 > r7 : 00000400 r6 : 00000001 r5 : 00000000 r4 : 9fe66258 > r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 9fe66258 > Flags: nZCv IRQs off FIQs on Mode SVC_32 > [<9fe243ba>] (strcpy+0xa/0xe) from [<9fe268cf>] (readline+0x363/0x4e0) > [<9fe268cf>] (readline+0x363/0x4e0) from [<9fe05469>] (file_get > +0x49/0x110) > > I could bisect it to this commit: > > > ada160a34a1ec8421d5bb7b9dd746294668a5130 is the first bad commit > commit ada160a34a1ec8421d5bb7b9dd746294668a5130 > Author: Sascha Hauer <s.hauer@pengutronix.de> > Date: Tue Jul 29 11:54:26 2014 +0200 > > readline: reimplement history functions > > ... #0 0x000000000040db2d in strcpy (dest=0x631a41 <console_buffer+1> "A", dest@entry=0x631a40 <console_buffer> "[A", src=0x2 <error: Cannot access memory at address 0x2>, src@entry=0x1 <error: Cannot access memory at address 0x1>) at lib/string.c:95 #1 0x0000000000413275 in readline (prompt=0x631080 <prompt> "\033[1;32mbarebox@\033[1;36mbarebox sandbox:/\033[0m ", buf=buf@entry=0x631a40 <console_buffer> "[A", len=len@entry=1024) at lib/readline.c:312 #2 0x00000000004064e5 in get_user_input (i=0x7fffffffe3d0) at common/hush.c:449 #3 file_get (i=0x7fffffffe3d0) at common/hush.c:499 #4 0x00000000004069b0 in parse_stream (dest=dest@entry=0x7fffffffe368, ctx=ctx@entry=0x7fffffffe3f0, input=input@entry=0x7fffffffe3d0, end_trigger=end_trigger@entry=10) at common/hush.c:1492 #5 0x0000000000406ed3 in parse_stream_outer (ctx=ctx@entry=0x7fffffffe3f0, inp=inp@entry=0x7fffffffe3d0, flag=flag@entry=2) at common/hush.c:1693 #6 0x0000000000407c4b in run_shell () at common/hush.c:1919 #7 0x0000000000402154 in start_barebox () at common/startup.c:113 #8 0x000000000041c9ad in main () my backtrace on sandbox system. Seems there is more broken than this one: Type: 1. foobar 2. <enter> 3. <key_up> 4. <key_down> 5. <backspace> #0 memmove (dest=0x631a45 <console_buffer+5>, src=0x631a46 <console_buffer+6>, count=4294818367, count@entry=4294967290) at lib/string.c:522 #1 0x00000000004130d0 in readline (prompt=0x631080 <prompt> "\033[1;32mbarebox@\033[1;36mbarebox sandbox:/\033[0m ", buf=buf@entry=0x631a40 <console_buffer> "", len=len@entry=1024) at lib/readline.c:279 #2 0x00000000004064e5 in get_user_input (i=0x7fffffffe3d0) at common/hush.c:449 #3 file_get (i=0x7fffffffe3d0) at common/hush.c:499 #4 0x00000000004069b0 in parse_stream (dest=dest@entry=0x7fffffffe368, ctx=ctx@entry=0x7fffffffe3f0, input=input@entry=0x7fffffffe3d0, end_trigger=end_trigger@entry=10) at common/hush.c:1492 #5 0x0000000000406ed3 in parse_stream_outer (ctx=ctx@entry=0x7fffffffe3f0, inp=inp@entry=0x7fffffffe3d0, flag=flag@entry=2) at common/hush.c:1693 #6 0x0000000000407c4b in run_shell () at common/hush.c:1919 #7 0x0000000000402154 in start_barebox () at common/startup.c:113 #8 0x000000000041c93b in main () It seems there is somewhere a dangling pointer and whith keydown I hit the same line like the first issue. - Alex _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] readline history 2014-08-28 7:50 [BUG] readline history Teresa Gamez 2014-08-28 8:35 ` Alexander Aring @ 2014-08-28 9:25 ` Alexander Aring 2014-08-28 10:08 ` Alexander Aring 2014-09-01 8:30 ` Sascha Hauer 2 siblings, 1 reply; 7+ messages in thread From: Alexander Aring @ 2014-08-28 9:25 UTC (permalink / raw) To: Teresa Gamez; +Cc: barebox Hi, the issues is that hist_prev or hist_next runs: "list_entry(history_current->next, struct history, list);" on an empty list with no entries and history->line is a dangling pointer. because the list head don't include a char *line and on an empty list the attributes are prev == next. I hacked a solution which check on an empty list at first and returning NULL. diff --git a/lib/readline.c b/lib/readline.c index b70bca8..0892cf5 100644 --- a/lib/readline.c +++ b/lib/readline.c @@ -67,6 +67,9 @@ static const char *hist_prev(void) { struct history *history; + if (list_empty(&history_list)) + return NULL; + if (history_current->prev == &history_list) { history = list_entry(history_current, struct history, list); getcmd_cbeep(); @@ -84,6 +87,9 @@ static const char *hist_next(void) { struct history *history; + if (list_empty(&history_list)) + return NULL; + if (history_current->next == &history_list) { history_current = &history_list; return ""; @@ -301,6 +307,9 @@ int readline(const char *prompt, char *buf, int len) else hline = hist_next(); + if (!hline) + break; + /* nuke the current line */ /* first, go home */ BEGINNING_OF_LINE(); Don't know if it should make a beep or not, just hacked not complete tested. Maybe there are similar issues in other functions. - Alex _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] readline history 2014-08-28 9:25 ` Alexander Aring @ 2014-08-28 10:08 ` Alexander Aring 0 siblings, 0 replies; 7+ messages in thread From: Alexander Aring @ 2014-08-28 10:08 UTC (permalink / raw) To: Teresa Gamez; +Cc: barebox Hi, another possible solution which less of runtime decisions. diff --git a/lib/readline.c b/lib/readline.c index b70bca8..f9cfa4b 100644 --- a/lib/readline.c +++ b/lib/readline.c @@ -28,7 +28,9 @@ struct history { struct list_head list; }; -static LIST_HEAD(history_list); +static struct history history_list = { + .list = LIST_HEAD_INIT(history_list.list), +}; static struct list_head *history_current; static int history_num_entries; @@ -38,8 +40,8 @@ static void cread_add_to_hist(char *line) struct history *history; char *newline; - if (!list_empty(&history_list)) { - history = list_last_entry(&history_list, struct history, list); + if (!list_empty(&history_list.list)) { + history = list_last_entry(&history_list.list, struct history, list); if (!strcmp(line, history->line)) return; @@ -53,21 +55,21 @@ static void cread_add_to_hist(char *line) history = xzalloc(sizeof(*history)); history_num_entries++; } else { - history = list_first_entry(&history_list, struct history, list); + history = list_first_entry(&history_list.list, struct history, list); free(history->line); list_del(&history->list); } history->line = newline; - list_add_tail(&history->list, &history_list); + list_add_tail(&history->list, &history_list.list); } static const char *hist_prev(void) { struct history *history; - if (history_current->prev == &history_list) { + if (history_current->prev == &history_list.list) { history = list_entry(history_current, struct history, list); getcmd_cbeep(); return history->line; @@ -84,12 +86,12 @@ static const char *hist_next(void) { struct history *history; - if (history_current->next == &history_list) { - history_current = &history_list; + if (history_current->next == &history_list.list) { + history_current = &history_list.list; return ""; } - if (history_current == &history_list) { + if (history_current == &history_list.list) { getcmd_cbeep(); return ""; } @@ -188,7 +190,7 @@ int readline(const char *prompt, char *buf, int len) complete_reset(); #endif - history_current = &history_list; + history_current = &history_list.list; puts (prompt); @@ -296,10 +298,13 @@ int readline(const char *prompt, char *buf, int len) { const char *hline; - if (ichar == BB_KEY_UP) + if (ichar == BB_KEY_UP) { hline = hist_prev(); - else + if (!hline) + break; + } else { hline = hist_next(); + } /* nuke the current line */ /* first, go home */ Don't know what I actually did there, just experiment that history_list isn't a struct list. It has now space for the "char *line" pointer and it's init with null. Also move the null check only for hlist_prev(); now list_entry on history_list works because it has a "char *line" which should always be NULL. - Alex _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] readline history 2014-08-28 7:50 [BUG] readline history Teresa Gamez 2014-08-28 8:35 ` Alexander Aring 2014-08-28 9:25 ` Alexander Aring @ 2014-09-01 8:30 ` Sascha Hauer 2014-09-01 8:44 ` Alexander Aring 2 siblings, 1 reply; 7+ messages in thread From: Sascha Hauer @ 2014-09-01 8:30 UTC (permalink / raw) To: Teresa Gamez; +Cc: barebox Hi Teresa, On Thu, Aug 28, 2014 at 09:50:05AM +0200, Teresa Gamez wrote: > Hello Sascha, > > I noticed a bug on the latest master. > When no history is present and I hit the arrow up key, I get: > > unable to handle NULL pointer dereference at address 0x00000001 > pc : [<9fe243ba>] lr : [<9fe268cf>] > sp : 9ffff9d0 ip : 00000016 fp : 00000002 > r10: 00000001 r9 : 9fe549dc r8 : 9fe65d08 > r7 : 00000400 r6 : 00000001 r5 : 00000000 r4 : 9fe66258 > r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 9fe66258 > Flags: nZCv IRQs off FIQs on Mode SVC_32 > [<9fe243ba>] (strcpy+0xa/0xe) from [<9fe268cf>] (readline+0x363/0x4e0) > [<9fe268cf>] (readline+0x363/0x4e0) from [<9fe05469>] (file_get > +0x49/0x110) > > I could bisect it to this commit: > > > ada160a34a1ec8421d5bb7b9dd746294668a5130 is the first bad commit > commit ada160a34a1ec8421d5bb7b9dd746294668a5130 > Author: Sascha Hauer <s.hauer@pengutronix.de> > Date: Tue Jul 29 11:54:26 2014 +0200 Damned. While working on that patch I had exactly this problem and thought I tested this case. Apparantly I didn't :( The following should fix this: Sascha From 7fd0d972f71610c25276ca387164b1fd71fb74be Mon Sep 17 00:00:00 2001 From: Sascha Hauer <s.hauer@pengutronix.de> Date: Mon, 1 Sep 2014 10:21:44 +0200 Subject: [PATCH] readline: Fix history prev when history is empty We cannot use list_entry() on an empty list. Without history we have to return an empty line. This fixes a crash when the cursor up button is pressed and no command has been entered previously. Broken since: commit ada160a34a1ec8421d5bb7b9dd746294668a5130 Author: Sascha Hauer <s.hauer@pengutronix.de> Date: Tue Jul 29 11:54:26 2014 +0200 readline: reimplement history functions Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reported-by: Teresa Gamez <t.gamez@phytec.de> --- lib/readline.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/readline.c b/lib/readline.c index b70bca8..e855abd 100644 --- a/lib/readline.c +++ b/lib/readline.c @@ -68,6 +68,9 @@ static const char *hist_prev(void) struct history *history; if (history_current->prev == &history_list) { + if (list_empty(&history_list)) + return ""; + history = list_entry(history_current, struct history, list); getcmd_cbeep(); return history->line; -- 2.1.0 -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] readline history 2014-09-01 8:30 ` Sascha Hauer @ 2014-09-01 8:44 ` Alexander Aring 2014-09-01 12:25 ` Sascha Hauer 0 siblings, 1 reply; 7+ messages in thread From: Alexander Aring @ 2014-09-01 8:44 UTC (permalink / raw) To: Sascha Hauer; +Cc: barebox Hi Sascha, On Mon, Sep 01, 2014 at 10:30:33AM +0200, Sascha Hauer wrote: > Hi Teresa, > > On Thu, Aug 28, 2014 at 09:50:05AM +0200, Teresa Gamez wrote: > > Hello Sascha, > > > > I noticed a bug on the latest master. > > When no history is present and I hit the arrow up key, I get: > > > > unable to handle NULL pointer dereference at address 0x00000001 > > pc : [<9fe243ba>] lr : [<9fe268cf>] > > sp : 9ffff9d0 ip : 00000016 fp : 00000002 > > r10: 00000001 r9 : 9fe549dc r8 : 9fe65d08 > > r7 : 00000400 r6 : 00000001 r5 : 00000000 r4 : 9fe66258 > > r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 9fe66258 > > Flags: nZCv IRQs off FIQs on Mode SVC_32 > > [<9fe243ba>] (strcpy+0xa/0xe) from [<9fe268cf>] (readline+0x363/0x4e0) > > [<9fe268cf>] (readline+0x363/0x4e0) from [<9fe05469>] (file_get > > +0x49/0x110) > > > > I could bisect it to this commit: > > > > > > ada160a34a1ec8421d5bb7b9dd746294668a5130 is the first bad commit > > commit ada160a34a1ec8421d5bb7b9dd746294668a5130 > > Author: Sascha Hauer <s.hauer@pengutronix.de> > > Date: Tue Jul 29 11:54:26 2014 +0200 > > Damned. While working on that patch I had exactly this problem and > thought I tested this case. Apparantly I didn't :( > > The following should fix this: > > Sascha > > From 7fd0d972f71610c25276ca387164b1fd71fb74be Mon Sep 17 00:00:00 2001 > From: Sascha Hauer <s.hauer@pengutronix.de> > Date: Mon, 1 Sep 2014 10:21:44 +0200 > Subject: [PATCH] readline: Fix history prev when history is empty > > We cannot use list_entry() on an empty list. Without history > we have to return an empty line. This fixes a crash when the > cursor up button is pressed and no command has been entered > previously. Broken since: > > commit ada160a34a1ec8421d5bb7b9dd746294668a5130 > Author: Sascha Hauer <s.hauer@pengutronix.de> > Date: Tue Jul 29 11:54:26 2014 +0200 > > readline: reimplement history functions > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> > Reported-by: Teresa Gamez <t.gamez@phytec.de> > --- > lib/readline.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/lib/readline.c b/lib/readline.c > index b70bca8..e855abd 100644 > --- a/lib/readline.c > +++ b/lib/readline.c > @@ -68,6 +68,9 @@ static const char *hist_prev(void) > struct history *history; > > if (history_current->prev == &history_list) { > + if (list_empty(&history_list)) > + return ""; > + what's about to ring the terminal bell when this happen? - Alex _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] readline history 2014-09-01 8:44 ` Alexander Aring @ 2014-09-01 12:25 ` Sascha Hauer 0 siblings, 0 replies; 7+ messages in thread From: Sascha Hauer @ 2014-09-01 12:25 UTC (permalink / raw) To: Alexander Aring; +Cc: barebox On Mon, Sep 01, 2014 at 10:44:57AM +0200, Alexander Aring wrote: > Hi Sascha, > > On Mon, Sep 01, 2014 at 10:30:33AM +0200, Sascha Hauer wrote: > > Hi Teresa, > > > > On Thu, Aug 28, 2014 at 09:50:05AM +0200, Teresa Gamez wrote: > > > Hello Sascha, > > > > > > I noticed a bug on the latest master. > > > When no history is present and I hit the arrow up key, I get: > > > > > > unable to handle NULL pointer dereference at address 0x00000001 > > > pc : [<9fe243ba>] lr : [<9fe268cf>] > > > sp : 9ffff9d0 ip : 00000016 fp : 00000002 > > > r10: 00000001 r9 : 9fe549dc r8 : 9fe65d08 > > > r7 : 00000400 r6 : 00000001 r5 : 00000000 r4 : 9fe66258 > > > r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 9fe66258 > > > Flags: nZCv IRQs off FIQs on Mode SVC_32 > > > [<9fe243ba>] (strcpy+0xa/0xe) from [<9fe268cf>] (readline+0x363/0x4e0) > > > [<9fe268cf>] (readline+0x363/0x4e0) from [<9fe05469>] (file_get > > > +0x49/0x110) > > > > > > I could bisect it to this commit: > > > > > > > > > ada160a34a1ec8421d5bb7b9dd746294668a5130 is the first bad commit > > > commit ada160a34a1ec8421d5bb7b9dd746294668a5130 > > > Author: Sascha Hauer <s.hauer@pengutronix.de> > > > Date: Tue Jul 29 11:54:26 2014 +0200 > > > > Damned. While working on that patch I had exactly this problem and > > thought I tested this case. Apparantly I didn't :( > > > > The following should fix this: > > > > Sascha > > > > From 7fd0d972f71610c25276ca387164b1fd71fb74be Mon Sep 17 00:00:00 2001 > > From: Sascha Hauer <s.hauer@pengutronix.de> > > Date: Mon, 1 Sep 2014 10:21:44 +0200 > > Subject: [PATCH] readline: Fix history prev when history is empty > > > > We cannot use list_entry() on an empty list. Without history > > we have to return an empty line. This fixes a crash when the > > cursor up button is pressed and no command has been entered > > previously. Broken since: > > > > commit ada160a34a1ec8421d5bb7b9dd746294668a5130 > > Author: Sascha Hauer <s.hauer@pengutronix.de> > > Date: Tue Jul 29 11:54:26 2014 +0200 > > > > readline: reimplement history functions > > > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> > > Reported-by: Teresa Gamez <t.gamez@phytec.de> > > --- > > lib/readline.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/lib/readline.c b/lib/readline.c > > index b70bca8..e855abd 100644 > > --- a/lib/readline.c > > +++ b/lib/readline.c > > @@ -68,6 +68,9 @@ static const char *hist_prev(void) > > struct history *history; > > > > if (history_current->prev == &history_list) { > > + if (list_empty(&history_list)) > > + return ""; > > + > > what's about to ring the terminal bell when this happen? I added a getcmd_cbeep() to add the beep. Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-09-01 12:25 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-08-28 7:50 [BUG] readline history Teresa Gamez 2014-08-28 8:35 ` Alexander Aring 2014-08-28 9:25 ` Alexander Aring 2014-08-28 10:08 ` Alexander Aring 2014-09-01 8:30 ` Sascha Hauer 2014-09-01 8:44 ` Alexander Aring 2014-09-01 12:25 ` Sascha Hauer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox