search

devttys0 / sasquatch

501 stars 155 forks source link

Segmentation fault #2

Open sviehb opened 9 years ago

sviehb commented 9 years ago

Fails with this firmware: http://downloads.linksys.com/downloads/firmware/1224681522523/FW_E900_v1.0.06.002_US_20150108.bin

When using -p 1 (single-threaded) this issue does not occur.

gdb --args ~/tmp/sasquatch/sasquatch -trace 14FE20.squashfs
...
squashfs: Attempting to decompress: [0x68 0x3B 0xDE 0xDE 0xA6 0x0F 0x23 0xDA]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 4, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 2, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 3, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: lzma-adaptive decompressor failed! [-1 -3]
Trying to decompress with lzma-alt...
squashfs: retval = -3, outsize = 131072/65536

squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 4, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: lzma-adaptive decompressor failed! [-1 -3]
Trying to decompress with lzma-alt...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3f71700 (LWP 7417)]
0x0000000000405b2e in LzmaDecoderCodeReal (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff3f60df0, anOutSize=0x7ffff3f60df8) at LZMADecoder.c:207
207               BYTE aMatchByte = OutWindowGetOneByte(0 - aRepDistances[0] - 1);

(gdb) i r
rax            0x8000f3f60e9f   140741581344415
rbx            0x10000  65536
rcx            0x0      0
rdx            0x7ffff3f60ea0   140737286377120
rsi            0x647f2c 6586156
rdi            0x7ffff4761d0d   140737294769421
rbp            0x7ffff4761d70   0x7ffff4761d70
rsp            0x7ffff4761ce0   0x7ffff4761ce0
r8             0xf2     242
r9             0x5      5
r10            0x4022   16418
r11            0x201    513
r12            0x5dab   23979
r13            0x7ffff4761ea0   140737294769824
r14            0x7ffff4771eac   140737294835372
r15            0x10000  65536
rip            0x405b2e 0x405b2e <LzmaDecoderCodeReal+325>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) bt
#0  0x0000000000405b2e in LzmaDecoderCodeReal (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff4761df0, anOutSize=0x7ffff4761df8) at LZMADecoder.c:207
#1  0x0000000000406006 in LzmaDecoderCode (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff4761df0, anOutSize=0x7ffff4761df8) at LZMADecoder.c:354
#2  0x00000000004041a4 in decompress_lzma_alt (in_data=0x83b160 "]", in_size=23979, out_data=0x7ffff4761ea0 "\177EL@ \362\065\065\065\065\065\065\065",
    out_size=65536, offset=0) at 7zlzma.c:35
#3  0x0000000000410eb7 in lzma_alt_uncompress (dest=0x7ffff4761ea0, src=0x83b160, size=23979, outsize=65536, error=0x7ffff4771eac) at lzma_wrapper.c:139
#4  0x000000000040fb1e in compressor_uncompress (comp=0x647700 <gzip_comp_ops>, dest=dest@entry=0x7ffff4761ea0, src=0x83b160, size=23979, block_size=65536,
    error=error@entry=0x7ffff4771eac) at compressor.c:170
#5  0x00000000004065ae in inflator (arg=<optimized out>) at unsquashfs.c:2195
#6  0x00007ffff7bc4182 in start_thread (arg=0x7ffff4772700) at pthread_create.c:312
#7  0x00007ffff6a7547d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
devttys0 commented 9 years ago

This also causes more subtle issues, such as corrupted or missing files.

Checked in a temporary fix which sets the default number of processors to 1, until a proper fix is made.