Actions
Bug #10692
closed
df dumps core
Start date:
2019-04-04
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:
Description
In an smbfs mount with a misbehaving SMB server, df dumps core like this:
$ dbx ./df
(dbx) catch 8
(dbx) run /g
Running: df /g
(process id 15229)
signal FPE (integer divide by zero) in number_to_string at line 1164 in file "df.c"
1164 number / (unsigned long long)(unit_to / unit_from));
(dbx) where
=>[1] number_to_string(buf = 0x8046e0c ",n^D^H\xf0,\xfc\xfeH^E\xf7\xfep^A", number = 0, unit_from = 0, unit_to = 512), line 1164 in "df.c"
[2] default_output(dfrp = 0x806b240, fsp = 0x8046e44), line 1629 in "df.c"
[3] do_df(argc = 1, argv = 0x8046f58), line 2032 in "df.c"
[4] main(argc = 2, argv = 0x8046f54), line 301 in "df.c"
(dbx).
(dbx) up
Current function is default_output
1629 files_str);
(dbx) print *fsp
*fsp = {
f_bsize = 0
f_frsize = 0
f_blocks = 0
f_bfree = 0
f_bavail = 0
f_files = 0
f_ffree = 0
f_favail = 0
f_fsid = 152043522U
f_basetype = "smbfs"
f_flag = 2U
f_namemax = 255U
f_fstr = ""
f_filler = (...)
}
(dbx)
The SIGFPE core dump happens because f_frsize is zero.
That should not happen (see separate bug TBD about that).
Nonetheless, let's defend against that in df.
Updated by
Actions