Short: Driver cored on to much input/output
From: Freaky <Freaky@UNItopia.rus.uni-stuttgart.de>
Subject: Driver hat gecored
Type: Bug
State: Acknowledged
Hi,

Der Driver (3.2.7-dev.81) ist bei uns gerade gecored.

Es gab ein Problem mit einem Telnet-Client der ein cut-and-paste endlos
wiederholt hat. Der User war gerade im X-Editor von Avatar@Avalon (ist ein
Fullscreen-Editor in LPC geschrieben)
Durch das Pasten ist wohl das Array uebergelaufen.
Hier ist der Backtrace. Wenn ich nochwas debuggen soll, sag bescheid.

(gdb) bt
#0  0x4009894c in ?? () from /lib/libc.so.6
#1  0x809a7d9 in set_noecho (i=0xd7a0ac8, noecho=0 '\000') at comm.c:2446
#2  0x808ce83 in error (fmt=0xbfffe960 "Illegal array size: %ld.\n")
    at simulate.c:3558
#3  0x808218d in inter_add_array (q=0x90317d0, vpp=0x80ec4b4)
    at interpret.c:12617
#4  0x806d1a5 in eval_instruction (first_instruction=0x8e392cf "\037",
    sp=0x80ec498) at interpret.c:5406
#5  0x807fbf5 in apply_low (fun=0x8c0fae2 "loop", ob=0x95e50c4, num_arg=1,
    b_ign_prot=0) at interpret.c:10589
#6  0x808000c in sapply_int (fun=0x8c0fae2 "loop", ob=0x95e50c4, num_arg=1,
    b_find_static=0) at interpret.c:10752
#7  0x8080080 in apply (fun=0x8c0fae2 "loop", ob=0x95e50c4, num_arg=1)
    at interpret.c:10771
#8  0x809a971 in call_function_interactive (i=0xd7a0ac8, str=0xbfffefe8 "\r")
    at comm.c:2537
#9  0x80917ad in backend () at backend.c:485
#10 0x8061f98 in main (argc=35, argv=0xbffffc24) at main.c:312

Ciao
		Freaky

--
Frank 'Freaky' Kirschner
UNItopia Admin                          http://UNItopia.uni-stuttgart.de/
Freaky@UNItopia.Uni-Stuttgart.DE      telnet://UNItopia.uni-stuttgart.de/


From Frank.Kirschner@RUS.Uni-Stuttgart.DE  Fri Apr 30 14:11:56 1999
X-UIDL: 0="e9~WQ!!cS1!!E63!!
Received: from artemis.rus.uni-stuttgart.de (artemis.rus.uni-stuttgart.de [129.69.1.28])
	by cs.csoft.net (8.9.3/8.9.3) with ESMTP id OAA15957
	for <lars@bearnip.com>; Fri, 30 Apr 1999 14:11:53 -0500
Received: from helpdesk.rus.uni-stuttgart.de (helpdesk.rus.uni-stuttgart.de [129.69.221.120])
	by artemis.rus.uni-stuttgart.de (8.8.8/8.8.8) with ESMTP id XAA03361
	for <lars@bearnip.com>; Fri, 30 Apr 1999 23:03:47 +0200 (MET DST)
	env-from (rusfrank@helpdesk.rus.uni-stuttgart.de)
Received: (from rusfrank@localhost)
	by helpdesk.rus.uni-stuttgart.de (8.8.8/8.8.8) id XAA24004
	for lars@bearnip.com; Fri, 30 Apr 1999 23:03:47 +0200 (MDT)
Date: Fri, 30 Apr 1999 23:03:47 +0200
From: Freaky <Freaky@UNItopia.rus.uni-stuttgart.de>
To: Lars Duening <lars@bearnip.com>
Subject: Re: Driver hat gecored
Message-ID: <19990430230346.A23891@helpdesk.rus.uni-stuttgart.de>
Reply-To: Freaky <Freaky@UNItopia.rus.uni-stuttgart.de>
References: <19990430193525.B17762@helpdesk.rus.uni-stuttgart.de> <000349be0ab353e7_mailit@mail.csoft.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.95.1i
In-Reply-To: <000349be0ab353e7_mailit@mail.csoft.net>; from Lars Duening on Fri, Apr 30, 1999 at 09:51:42PM +0100
Status: RO

Hi,

Lars Duening:
> >Der Driver (3.2.7-dev.81) ist bei uns gerade gecored.
>
> >Es gab ein Problem mit einem Telnet-Client der ein cut-and-paste endlos
> >wiederholt hat. Der User war gerade im X-Editor von Avatar@Avalon (ist ein
> >Fullscreen-Editor in LPC geschrieben)
> >Durch das Pasten ist wohl das Array uebergelaufen.
>
> Schlimmer: einer der internen IO-Puffer.
>
> >Hier ist der Backtrace. Wenn ich nochwas debuggen soll, sag bescheid.
>
> >(gdb) bt
> >#0  0x4009894c in ?? () from /lib/libc.so.6
> >#1  0x809a7d9 in set_noecho (i=0xd7a0ac8, noecho=0 '\000') at comm.c:2446
>
> 'i' ist ein 'struct interactive *', der genaue Inhalt von *i waere
> interessant. Dazu der Text ab i->text and i->message_buf. Und auf welches
> Objekt zeigt i->ob?
>
> >#2  0x808ce83 in error (fmt=0xbfffe960 "Illegal array size: %ld.\n")
> >    at simulate.c:3558
>
> Hmm, euer simulate.c scheint sich von meinem zu unterscheiden - wie sieht
> bei euch der Source um Zeile 3558 herum aus?

Ja.. ich habe das mit den restricted-commands eingebaut, damit ich
dumpallobj usw. steuern kann ueber die Mudlib.

Hier ist mal der Output vom GDB:
Mudadm ~ > gdb magyra/bin/driver-3.2.7.U02 ../backup/mudlib/core.driver.990430-15\:57
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...

warning: core file may not match specified executable file.
Core was generated by `bin/driver-3.2.7.U02 --define UNItopia --mudlib /UNItopia/mudadm/magyra/lib --m'.
Program terminated with signal 11, Segmentation fault.
find_solib: Can't read pathname for load map: Input/output error

#0  0x4009894c in ?? () from /lib/libc.so.6
(gdb) bt
#0  0x4009894c in ?? () from /lib/libc.so.6
#1  0x809a7d9 in set_noecho (i=0xd7a0ac8, noecho=0 '\000') at comm.c:2446
#2  0x808ce83 in error (fmt=0xbfffe960 "Illegal array size: %ld.\n")
    at simulate.c:3558
#3  0x808218d in inter_add_array (q=0x90317d0, vpp=0x80ec4b4)
    at interpret.c:12617
#4  0x806d1a5 in eval_instruction (first_instruction=0x8e392cf "\037",
    sp=0x80ec498) at interpret.c:5406
#5  0x807fbf5 in apply_low (fun=0x8c0fae2 "loop", ob=0x95e50c4, num_arg=1,
    b_ign_prot=0) at interpret.c:10589
#6  0x808000c in sapply_int (fun=0x8c0fae2 "loop", ob=0x95e50c4, num_arg=1,
    b_find_static=0) at interpret.c:10752
#7  0x8080080 in apply (fun=0x8c0fae2 "loop", ob=0x95e50c4, num_arg=1)
    at interpret.c:10771
#8  0x809a971 in call_function_interactive (i=0xd7a0ac8, str=0xbfffefe8 "\r")
    at comm.c:2537
#9  0x80917ad in backend () at backend.c:485
#10 0x8061f98 in main (argc=35, argv=0xbffffc24) at main.c:312
(gdb) frame 1
#1  0x809a7d9 in set_noecho (i=0xd7a0ac8, noecho=0 '\000') at comm.c:2446
2446                        move_memory(
(gdb) print i
$1 = (struct interactive *) 0xd7a0ac8
(gdb) print *i
$2 = {sent = {shadowing = 0x0, ed_buffer = 0x0, shadowed_by = 0x0,
    next = 0xa6713d8, dummy = 24832, type = 6 '\006'}, socket = 22,
  ob = 0xcb5c98c, input_to = 0x0, modify_command = 0xcb5c98c, prompt = {
    type = 8, x = {string_type = 5, exponent = 5, closure_type = 5,
      quotes = 5, num_arg = 5, generic = 5}, u = {
      string = 0xe4454c8 "Y\b~\f\b\004", number = 239359176, ob = 0xe4454c8,
      vec = 0xe4454c8, map = 0xe4454c8, lambda = 0xe4454c8,
      mantissa = 239359176, lvalue = 0xe4454c8, protected_lvalue = 0xe4454c8,
      protected_char_lvalue = 0xe4454c8, protected_range_lvalue = 0xe4454c8,
      error_handler = 0xe4454c8, const_list = 0xe4454c8}}, addr = {
    sin_family = 2, sin_port = 31240, sin_addr = {s_addr = 2212323266},
    sin_zero = "F\027\025\000\000\000\000"}, closing = 0 '\000',
  do_close = 0 '\000', noecho = 0 '\000', tn_state = 8 '\b',
  save_tn_state = 11 '\013', supress_go_ahead = 0 '\000', text_end = -986,
  command_start = 986, command_end = 0, tn_start = -3438, tn_end = -986,
  chars_ready = -985, snoop_on = 0x0, snoop_by = 0x0, default_err_message = {
    type = 0, x = {string_type = 0, exponent = 0, closure_type = 0,
      quotes = 0, num_arg = 0, generic = 0}, u = {
      string = 0xd6c68f0 "r\005:\t\001", number = 225208560, ob = 0xd6c68f0,
      vec = 0xd6c68f0, map = 0xd6c68f0, lambda = 0xd6c68f0,
      mantissa = 225208560, lvalue = 0xd6c68f0, protected_lvalue = 0xd6c68f0,
      protected_char_lvalue = 0xd6c68f0, protected_range_lvalue = 0xd6c68f0,
      error_handler = 0xd6c68f0, const_list = 0xd6c68f0}},
---Type <return> to continue, or q <return> to quit---
  last_time = 925480642, trace_level = 0, trace_prefix = 0x0,
  message_length = 0, next_player_for_flush = 0x0,
  previous_player_for_flush = 0x0, access_class = 3,
  charset = "", '' <repeats 30 times>, quote_iac = 32 ' ',
  catch_tell_activ = 0 '\000', gobble_char = 0 '\000', ts_data = 0 '\000',
  text = '\r' <repeats 1062 times>, "\000E\003", '-' <repeats 75 times>, "\r\nFile:   /w/avatar/xeditor/xeditor/xeditor.c (commands.inc)  Zeile: 335\r\nObjekt: /w/avatar/xeditor/obj/editor#221284\r\nFehler: Illegal array size: 3001.\r\n", '-' <repeats 78 times>, "\r\n\001\r\n\e[1;"...,
  message_buf = "kingerdorf/npc/hund.c       Spalte:   \000\000\030\000\000L\013,\000\000\000nuL\b~\f\b\024\000\000n\024`/map/m941_-936(Tief im dunklen Wald)|/obj/player#197358(zaharad)|\000\000\0009\000\000\200TF(\016n\000\000\000X\207Y\b~\f\b\032\005\000\0009\000\000\000\204;+\013\000\000\000\000\000\000\000\000\000ch. Du parierst den"...}
(gdb) print i->text
$3 = '\r' <repeats 1062 times>, "\000E\003", '-' <repeats 75 times>, "\r\nFile:   /w/avatar/xeditor/xeditor/xeditor.c (commands.inc)  Zeile: 335\r\nObjekt: /w/avatar/xeditor/obj/editor#221284\r\nFehler: Illegal array size: 3001.\r\n", '-' <repeats 78 times>, "\r\n\001\r\n\e[1;"...
(gdb) print i->message_buf
$4 = "kingerdorf/npc/hund.c       Spalte:   \000\000\030\000\000L\013,\000\000\000nuL\b~\f\b\024\000\000n\024`/map/m941_-936(Tief im dunklen Wald)|/obj/player#197358(zaharad)|\000\000\0009\000\000\200TF(\016n\000\000\000X\207Y\b~\f\b\032\005\000\0009\000\000\000\204;+\013\000\000\000\000\000\000\000\000\000ch. Du parierst den"...
(gdb) print i->ob
$5 = (struct object *) 0xcb5c98c
(gdb) print *i->ob
$6 = {flags = 3150, total_light = 0, time_reset = 925481730,
  time_of_ref = 925480642, ref = 9, prog = 0xafdb10c,
  name = 0xa814d94 "obj/wizard_shell#221281",
  load_name = 0x8ae02a6 "/obj/wizard_shell", next_all = 0xab2273c,
  prev_all = 0xb705280, next_hash = 0xc227d38, next_inv = 0x0,
  contains = 0x95e50c4, super = 0x0, sent = 0xd7a0ac8, user = 0xbafa640,
  eff_user = 0xbafa640, variables = 0xc441c64, ticks = 6506, gigaticks = 0}
(gdb) frame 2
#2  0x808ce83 in error (fmt=0xbfffe960 "Illegal array size: %ld.\n")
    at simulate.c:3558
3558                set_noecho(i, 0);
(gdb) list
3553        if (current_interactive) {
3554            struct interactive *i;
3555
3556            i = O_GET_INTERACTIVE(current_interactive);
3557            if (i && i->sent.type == SENT_INTERACTIVE && i->noecho & NOECHO_STALE) {
3558                set_noecho(i, 0);
3559            }
3560        }
3561        if (error_recovery_pointer->type != ERROR_RECOVERY_NONE)
3562            longjmp(error_recovery_pointer->con.text, 1);


Ich hoffe das hilft weiter.

Ciao
		Freaky

--
Frank 'Freaky' Kirschner
UNItopia Admin                          http://UNItopia.uni-stuttgart.de/
Freaky@UNItopia.Uni-Stuttgart.DE      telnet://UNItopia.uni-stuttgart.de/

----------------------------------------
Date: Mon, 12 Jul 1999 23:04:45 +0200
From: Thorsten Klose <Thorsten.Klose@gmx.de>
   - vor Jahren hatte ich mal einen zeichenorientierten Editor programmiert,
     der aehnlich wie joe unter Unix funktioniert. Er arbeitet mit
     input_to im Char- und NoEcho-Mode. In den letzten zwei Monaten
     ist es schon einmal in Avalon und zweimal in UNItopia vorgekommen,
     dass der Editor einen Crash verursacht hat. Natuerlich nicht
     reproduzierbar... :-/
     Die "Verursacher" (es waren verschiedene) arbeiteten mit einem
     exotischen Telnet-Client unter Wintendo. Falls Du naehere Infos
     darueber brauchst, kann ich nochmal in meinen Mails kramen...
     aber vielleicht kannst Du Dir auch schon denken, woran das liegen
     koennte.
