SEGV during crash dump from bad application start

Sam Bobroff sam@REDACTED
Wed Jul 28 06:11:51 CEST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

I've encountered what appears to be a bug in the following situation:

* an application is being started by a boot script.
* the application returns a bad result from application:start/2.

What follows is either a very, very big crash dump file (erl_dump.crash)
or beam.smp crashing with signal 11 (SEGV).

I discovered it on R14A but it also appears in R13B04. I've replicated it
on both Ubuntu Linux and Mac OSX (using Erlang built from source). My
erl reports:
Erlang R14A (erts-5.8) [source] [smp:2:2] [rq:2] [async-threads:0]
[hipe] [kernel-poll:false]

Here's a Makefile that will replicate the problem (on my system it
happens every time) (sorry if the line breaks get messed up):

- ---begin---
.PHONY: crash

crash: foo.beam foo.app
	erl -noshell -eval " \
		FileContents = {release, \
				{\"foo_rel\", \"A\"}, \
				{erts, erlang:system_info(version)}, \
				[{A, V} || {A, _, V} <- application:loaded_applications()] ++
[{foo, \"1\"}]},	\
		{ok, Fd} = file:open(\"foo.rel\", [write]), \
		ok = io:fwrite(Fd, \"~p.~n\", [FileContents]), \
		ok = file:close(Fd), \
		init:stop()."
	erl -noshell -eval "ok = systools:make_script(\"foo\",
[no_module_tests]), init:stop()."
	erl -noshell +B -boot ./foo

foo.erl:
	@echo "-module(foo)." > $@
	@echo "-export([start/2])." >> $@
	@echo "start(_, _) -> fubar." >> $@

foo.app:
	@echo '{application,foo, [{description,""}, {vsn,"1"}, {modules,[foo]},
{registered,[]}, {applications,[kernel,stdlib]}, {mod,{foo,[]}}]}.' >
foo.app

foo.beam: foo.erl
	erlc $<

- ---end---
(Just save it as Makefile and run make.)

I investigated the core file produced by Erlang and it seems to be
uninitialized data causing dump_attributes (in break.c) to overrun the
ptr argument.

I don't have a proposed fix but it might help to know that adding these
lines to beam_load.c:

stp->code[MI_ATTR_SIZE] = 0;
stp->code[MI_COMPILE_SIZE] = 0;

To read_code_header() near line 1380 and these similar lines:

code[MI_ATTR_SIZE] = 0;
code[MI_COMPILE_SIZE] = 0;

To erts_make_stub_module() near line 5200 prevent the crash.

Peace,
Sam.
- -- 
Sam Bobroff | sam@REDACTED | M5 Networks
Why does my email have those funny headers? Because I use PGP to sign
my email (and you should too!): that's how you know it's really from me.
See: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxPrgcACgkQm97/UHSa/AQMaACfRlIfLuS/88Ckl3dQyZE8aQcS
BKMAni39R8tjuvILw7XLbRIy3ZxPcSFL
=avwV
-----END PGP SIGNATURE-----

More information about the erlang-bugs mailing list